Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Nov 1996 18:03:12 -0500 (EST)
From:      Khaleel Al-Jadaan <jadaan@eecs.umich.edu>
To:        Alain FAUCONNET <af@biomath.jussieu.fr>
Cc:        questions@freebsd.org
Subject:   Re: NFS Client problems
Message-ID:  <Pine.GSO.3.95.961126175756.12614B-100000@soso.eecs.umich.edu>
In-Reply-To: <199611262113.AA00455@iaka.biomath.jussieu.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 


 Alain, you are correct, mount(8) is reserved for root, I thought it was
the default that the any user can mount a file system. I am kind of toying
with freebsd to evaluate it and pick between it and Linux to install on
34 other machines, so far, freebsd is ahead. I guess limiting mounting
power to root keeps things under control and avoids opening that major
security window you mentioned.

 KJ


                               \|||/
                               /- -\ 
                              ( @ @ ) 
     ______________________oOOo--U--oOOo_______________________
                        Khaleel K. Al-Jadaan               
     Department of Electrical Engineering and Computer Science       
                       University of Michigan           
             http://www-personal.engin.umich.edu/~jadaan
                         Tel:(313) 480-4476
     ______________________________Oooo________________________
                             oooO  (   )
                            (   )   ) /
                             \ (   (_/
                              \_)                            


On Tue, 26 Nov 1996, Alain FAUCONNET wrote:

> Khaleel Al-Jadaan wrote / a ecrit:
> > 
> >  Well Alain,
> > 
> >    Both clients and server run FreeBSD version 2.1.5, I am using DNS.
> >   But not NIS. My exports file looks like this:
> >   
> >   /usr/home -ro -mapall:172.16.1.2:172.16.1.3  #IP of the two clients
> > 
> >   My network consists of three machines, one server and two clients.
> > 
> >   The root on the client machines can perform the mount without any
> >  problems, but other users are denied with massage (Client credentials
> >  too weak). Hope thats enough information and a crystal ball is not
> >  needed. 
> 
> Well honestly I've always considered that  mount(8)  was  reserved  to
> root. The man page doesn't state state it is, but that seems  more  or
> less implicit. I may br wrong.
> 
> On the other hand the man page for mountd(8) states that for  non-root
> mount  requests  to  be  accepted,  it  has  to be started with the -n
> option.
> 
> On  my  version  of FreeBSD (2.1-stable), the -mapall options seems to
> have  different  semantics,  like  -mapall=user:group.  I'm not sure what you
> expect  that /etc/exports file to do with -mapall=ip-address. Anyway I
> can  see  that  allowing a non-root user to remote mount a fs exported
> without the mapall option opens a major security  window !!
> 
> _Alain_
> -- 
> Alain FAUCONNET    Ingenieur systeme - System Manager     AP-HP/SIM
> Public Health                91 bld de l'Hopital 75013 PARIS FRANCE
> Medical Computing Research Labs         Mail: af@biomath.jussieu.fr
> Tel: (+33) 1-40-77-96-19                   Fax: (+33) 1-45-86-80-68
>     I've RTFMed. It says: "Refer to your system administrator"
>             But... I *am* the system administrator :-]
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95.961126175756.12614B-100000>