Date: Mon, 8 May 2017 16:42:03 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: more default uid/gid for NFS in mountd Message-ID: <20170508134203.GA3165@zxy.spb.ru> In-Reply-To: <YTXPR01MB01895E8D60DD369C1762785DDDEE0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM> References: <YTXPR01MB01895E8D60DD369C1762785DDDEE0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 08, 2017 at 11:45:46AM +0000, Rick Macklem wrote: > Hi, > > Five years ago (yea, it slipped through a crack;-), Slawa reported that files > created by root would end up owned by uid 2**32-2 (-2 as uint32_t). > This happens if there is no "-maproot=<user>" in the /etc/exports line. > > The cause is obvious. The value is set to -2 by default. > > The question is... Should this be changed to 65534 (ie "nobody")? > - It would seem more consistent to make it the uid of nobody, but I can also see > the argument that since it has been like this *forever*, that changing it would be > a POLA violation. > What do others think? IMHO uid 2**32-2 is POLA violation. Nobody expect this uid. Too much number. This is like bug. > It is also the case that mountd.c doesn't look "nobody" up in the password database > to set the default. It would be nice to do this, but it could result in the mountd daemon > getting "stuck" during a boot waiting for an unresponsive LDAP service or similar. > Does doing this sound like a good idea? This is (stuck at boot) already do for case of using NIS and nfsuserd. I am regular see this for case of DNS failed at boot. You offer don't impair current behaviour. Thanks! > Thanks for any comments, rick > ps: Here's the original email thread, in case you are interested: > https://lists.freebsd.org/pipermail/freebsd-stable/2012-March/066868.html >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170508134203.GA3165>