From owner-freebsd-questions Mon Sep 27 6:34:47 1999 Delivered-To: freebsd-questions@freebsd.org Received: from bastuba.partitur.se (bastuba.partitur.se [193.219.246.194]) by hub.freebsd.org (Postfix) with ESMTP id 0684D1546B for ; Mon, 27 Sep 1999 06:34:34 -0700 (PDT) (envelope-from girgen@partitur.se) Received: from elbas.partitur.se (elbas.partitur.se [193.219.246.222]) by bastuba.partitur.se (8.8.8/8.8.8) with ESMTP id PAA10761 for ; Mon, 27 Sep 1999 15:34:33 +0200 (CEST) (envelope-from girgen@partitur.se) Received: from partitur.se (localhost [127.0.0.1]) by elbas.partitur.se (8.9.3/8.9.3) with ESMTP id PAA46454 for ; Mon, 27 Sep 1999 15:34:32 +0200 (CEST) (envelope-from girgen@partitur.se) Message-ID: <37EF7268.E4C5DDFB@partitur.se> Date: Mon, 27 Sep 1999 15:34:32 +0200 From: Palle Girgensohn Organization: Partitur X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: sv, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: nfs-sharing suid binaries & disallow root write perm Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! I'd to do just this: hinder a workstation root user from accidentally write to a nfs server volume. Normal users shall be allowed write access according to the file permissions. This can partly be done with -maproot=nobody, but then suid binaries will also run as nobody, giving all sorts of problems. mouting readonly is not an alternative, since normal suers shall have write access... I seem to remeber switches like -[no]suid in the exports fiole, but I can't find in the man page. Any ideas? /Palle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message