From owner-freebsd-questions Tue Feb 18 00:06:34 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA04494 for questions-outgoing; Tue, 18 Feb 1997 00:06:34 -0800 (PST) Received: from david.siemens.de (david.siemens.de [146.254.1.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA04482 for ; Tue, 18 Feb 1997 00:06:26 -0800 (PST) Received: from salomon.mchp.siemens.de (salomon.mchp.siemens.de [139.23.33.13]) by david.siemens.de (8.8.5/8.8.0) with ESMTP id JAA04164 for ; Tue, 18 Feb 1997 09:01:50 +0100 (MET) Received: from curry.mchp.siemens.de (1@curry.mchp.siemens.de [146.180.31.23]) by salomon.mchp.siemens.de (8.8.4/8.8.4) with ESMTP id JAA23925 for ; Tue, 18 Feb 1997 09:06:12 +0100 (MET) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.8.5/8.8.5) id JAA23815 for ; Tue, 18 Feb 1997 09:06:11 +0100 (MET) From: Andre Albsmeier Message-Id: <199702180806.JAA27072@server.us.tld> Subject: How to prevent NFS writes by unknown users To: freebsd-questions@freebsd.org Date: Tue, 18 Feb 1997 09:06:00 +0100 (MET) X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, how can I prevent an NFS exported filesystem to be written by users that are not known by the server? My problem is: I export a filesystem /people to some PCs running PCNFS on our network. Users there typically have homedirectories which contain a directoy pub that is 1777 so that others can write there. However, if you don't pass a username to PCNFS you are logged in as nobody (uid -2) and can still write to the pub directories. As a result there are files created that have a very high uids: -rw-rw-r-- 1 4294967294 andre 1115 Feb 17 10:04 test This confuses quotacheck which runs endlessly (see also my PR 2325). A solution could be to prevent that uids that are unknown by the server are not allowed to write to the fs. Or, to prevent special uids to write the fs. I have checked the exports manpage but have no idea how this could be done.. Any help is greatly appreciated... Thanks -Andre