Date: Fri, 15 Apr 2016 20:20:57 -0300 From: Raimundo Santos <raitech@gmail.com> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Why anyone can read and write to a nobody NFS mounted volume? Message-ID: <CAGQ6iC8NFKGAuw0Hv%2BU9_qt01cFB2-8QPp5wb1PrRWzvf9qJMQ@mail.gmail.com> In-Reply-To: <960500313.65065742.1460758987017.JavaMail.zimbra@uoguelph.ca> References: <CAGQ6iC9eOUke4nL7Tktcq0=gj6VOXULEq_ruSys859od%2Bd1tTw@mail.gmail.com> <960500313.65065742.1460758987017.JavaMail.zimbra@uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for your time, Rick! I will take a look on the permissions of the dirs I am mounting from the server, but you clarified a big thing for me: it is up to the server machine to decide about permissions. Am I right? Thank you, Raimundo Santos On 15 April 2016 at 19:23, Rick Macklem <rmacklem@uoguelph.ca> wrote: > Well, I suppose it is up to the server implementor. (In your case > Seagate...) > Normally NFS servers map root->nobody by default, under the assumption that > "nobody" is not a real user and is checked via world permissions. > --> I'd say a typical server would allow anyone (including "nobody" access) > if the file's mode includes world "rw". > > But none of this is defined in any of the NFS RFCs as far as I recall (the > RFCs basically define what goes on the wire), so I think it is up to the > server implementor. > --> If the file doesn't have world permissions, then I would consider this > atypical and you might want to check with the server implementor in > case > this is configurable? > > Now, if you are using NFSv4 and uid<->user mapping isn't set up correctly, > any uid/gid that can't be mapped to another name will go on the wire to the > server as "nobody" (and "nogroup" if I recall it correctly). So, you might > want to "nfsstat -m" on the client to see if you are using NFSv3 or NFSv4 > and try NFSv3 if it isn't already what you are using. > > rick > > ----- Original Message ----- > > Hello all! > > > > i have a strange situation: everyone and not just root can read and write > > to a NFS mount point whose owner is nobody:nobody. > > > > Is this an expected behaviour? > > > > FreeBSD 10.2 RELEASE as NFS client. > > Seagate NAS400 as NFS server. > > > > Thank you all, > > Raimundo Santos > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGQ6iC8NFKGAuw0Hv%2BU9_qt01cFB2-8QPp5wb1PrRWzvf9qJMQ>