On Thu, Nov 07, 2002 at 12:23:31PM -0800, Todd A. Jacobs wrote: > On Thu, 7 Nov 2002, Ed Wilts wrote: > > > NFS absolutely trusts the client not to lie to it. There is *no* > > authentication done whatsoever. If the client tells the server that > > it's uid/gid is 0/0, the server trusts it. For this reason, you should > > This is what root_squash (on by default) and all_squash are for. You're > right to say that it can't authenticate the UID/GID, but that doesn't mean > people can run rampant on NFS if it's been properly configured.
I used 0/0 as an example. If you choose to map source uid/gid of 500/500 to local uid/gid 600/600, then you still trust the remote system's view of who 500/500 is. root_squash does not help you here. -- Ed Wilts, Mounds View, MN, USA mailto:ewilts@;ewilts.org Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
