Date: Fri, 15 Apr 2016 18:23:07 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Raimundo Santos <raitech@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Why anyone can read and write to a nobody NFS mounted volume? Message-ID: <960500313.65065742.1460758987017.JavaMail.zimbra@uoguelph.ca> In-Reply-To: <CAGQ6iC9eOUke4nL7Tktcq0=gj6VOXULEq_ruSys859od%2Bd1tTw@mail.gmail.com> References: <CAGQ6iC9eOUke4nL7Tktcq0=gj6VOXULEq_ruSys859od%2Bd1tTw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, I suppose it is up to the server implementor. (In your case Seagate...)
Normally NFS servers map root->nobody by default, under the assumption that
"nobody" is not a real user and is checked via world permissions.
--> I'd say a typical server would allow anyone (including "nobody" access)
if the file's mode includes world "rw".
But none of this is defined in any of the NFS RFCs as far as I recall (the
RFCs basically define what goes on the wire), so I think it is up to the
server implementor.
--> If the file doesn't have world permissions, then I would consider this
atypical and you might want to check with the server implementor in case
this is configurable?
Now, if you are using NFSv4 and uid<->user mapping isn't set up correctly,
any uid/gid that can't be mapped to another name will go on the wire to the
server as "nobody" (and "nogroup" if I recall it correctly). So, you might
want to "nfsstat -m" on the client to see if you are using NFSv3 or NFSv4
and try NFSv3 if it isn't already what you are using.
rick
----- Original Message -----
> Hello all!
>
> i have a strange situation: everyone and not just root can read and write
> to a NFS mount point whose owner is nobody:nobody.
>
> Is this an expected behaviour?
>
> FreeBSD 10.2 RELEASE as NFS client.
> Seagate NAS400 as NFS server.
>
> Thank you all,
> Raimundo Santos
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?960500313.65065742.1460758987017.JavaMail.zimbra>