From owner-freebsd-net@freebsd.org Fri Apr 15 22:24:17 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE463AEDE1E for ; Fri, 15 Apr 2016 22:24:17 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id AA458194A for ; Fri, 15 Apr 2016 22:24:17 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) IronPort-PHdr: 9a23:3ZshwhchPsA9LYKEawaUuEprlGMj4u6mDksu8pMizoh2WeGdxc6/Yh7h7PlgxGXEQZ/co6odzbGG4+a9BidasMzJmUtBWaIPfidNsd8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3BPAZ4bt74BpTVx5zukbviq9uOPE4S1WD1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu2pN5g/GIZRDTE7NWwyrPbiswXEVkPb/HIdTmgdkjJHBgHE6FfxWZKn4QXgse8o4iiRPoXTRLs3XTmnp/NxTRbjiyMKMhYk927Kh8hojORQqUTy9FRE34fIbdTNZ7JFdaTHcIZCSA== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2CvBABsaBFX/61jaINdhAt9BrwTFwuFIkoCgXcRAQEBAQEBAQFkJ4ItghUBAQQBAQEgBCcgCwwEAgEIDgwCDRkCAicBCSYCBAgHBAEcBIgIDrA0kX8BAQEBAQEEAQEBAQEBFgR8hSWBfYJOhCABAQWDGIJWBYd2hVyKOoV4hSyEUYd3hTOPJwI2LIIEGoFmIDAHiBA2fgEBAQ X-IronPort-AV: E=Sophos;i="5.24,489,1454994000"; d="scan'208";a="276417093" Received: from nipigon.cs.uoguelph.ca (HELO zcs1.mail.uoguelph.ca) ([131.104.99.173]) by esa-jnhn.mail.uoguelph.ca with ESMTP; 15 Apr 2016 18:23:07 -0400 Received: from localhost (localhost [127.0.0.1]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id B5AE515F587; Fri, 15 Apr 2016 18:23:07 -0400 (EDT) Received: from zcs1.mail.uoguelph.ca ([127.0.0.1]) by localhost (zcs1.mail.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Ulu6kDgYlEUm; Fri, 15 Apr 2016 18:23:07 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id 37C2715F589; Fri, 15 Apr 2016 18:23:07 -0400 (EDT) X-Virus-Scanned: amavisd-new at zcs1.mail.uoguelph.ca Received: from zcs1.mail.uoguelph.ca ([127.0.0.1]) by localhost (zcs1.mail.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6YDr_NDYdRyb; Fri, 15 Apr 2016 18:23:07 -0400 (EDT) Received: from zcs1.mail.uoguelph.ca (zcs1.mail.uoguelph.ca [172.17.95.18]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id 1F99715F587; Fri, 15 Apr 2016 18:23:07 -0400 (EDT) Date: Fri, 15 Apr 2016 18:23:07 -0400 (EDT) From: Rick Macklem To: Raimundo Santos Cc: freebsd-net@freebsd.org Message-ID: <960500313.65065742.1460758987017.JavaMail.zimbra@uoguelph.ca> In-Reply-To: References: Subject: Re: Why anyone can read and write to a nobody NFS mounted volume? MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.95.11] X-Mailer: Zimbra 8.0.9_GA_6191 (ZimbraWebClient - FF18 (Linux)/8.0.9_GA_6191) Thread-Topic: Why anyone can read and write to a nobody NFS mounted volume? Thread-Index: DiF5ModEZ4EIhwqpf095H8jrTipSlA== X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 22:24:18 -0000 Well, I suppose it is up to the server implementor. (In your case Seagate...) Normally NFS servers map root->nobody by default, under the assumption that "nobody" is not a real user and is checked via world permissions. --> I'd say a typical server would allow anyone (including "nobody" access) if the file's mode includes world "rw". But none of this is defined in any of the NFS RFCs as far as I recall (the RFCs basically define what goes on the wire), so I think it is up to the server implementor. --> If the file doesn't have world permissions, then I would consider this atypical and you might want to check with the server implementor in case this is configurable? Now, if you are using NFSv4 and uid<->user mapping isn't set up correctly, any uid/gid that can't be mapped to another name will go on the wire to the server as "nobody" (and "nogroup" if I recall it correctly). So, you might want to "nfsstat -m" on the client to see if you are using NFSv3 or NFSv4 and try NFSv3 if it isn't already what you are using. rick ----- Original Message ----- > Hello all! > > i have a strange situation: everyone and not just root can read and write > to a NFS mount point whose owner is nobody:nobody. > > Is this an expected behaviour? > > FreeBSD 10.2 RELEASE as NFS client. > Seagate NAS400 as NFS server. > > Thank you all, > Raimundo Santos > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >