From owner-freebsd-ports Thu Oct 18 5:23:31 2001 Delivered-To: freebsd-ports@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id B610B37B401 for ; Thu, 18 Oct 2001 05:23:29 -0700 (PDT) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 15uCDL-0007ZD-00; Thu, 18 Oct 2001 14:23:55 +0200 From: Sheldon Hearn To: "Andrey A. Chernov" Cc: Yarema , ports@FreeBSD.org Subject: Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned In-reply-to: Your message of "Thu, 18 Oct 2001 16:16:09 +0400." <20011018161609.A63967@nagual.pp.ru> Date: Thu, 18 Oct 2001 14:23:55 +0200 Message-ID: <29090.1003407835@axl.seasidesoftware.co.za> Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 18 Oct 2001 16:16:09 +0400, "Andrey A. Chernov" wrote: > Any priviledges, read/write/etc. Nobody is internal NFS user means 'root'. WHAT?! To NFS, nobody _may_ mean "the user to which root should be mapped". The system should _never_ be structured such that having nobody privelege is equivalent to having root privelege. Specifically, one usually maps a foreign host's root to the local nobody. This means "foreign host's root has world-only permissions". This is sounding worse and worse to me. Could you maybe provide an example that demonstrates the danger you're trying to protect against? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message