Date: Wed, 4 Feb 1998 18:47:24 +0000 From: nik@iii.co.uk To: "A. Rich" <arr@oceanwave.com> Cc: Keith Jones <keith@blueberry.co.uk>, questions@FreeBSD.ORG Subject: Re: mountd -n is not allowing non-root mounts Message-ID: <19980204184724.16018@iii.co.uk> In-Reply-To: <199802041616.LAA03368@shell2.shore.net>; from A. Rich on Wed, Feb 04, 1998 at 11:16:32AM -0500 References: <199802041529.KAA22061@shell2.shore.net> <19980204161208.15968@blueberry.co.uk> <199802041616.LAA03368@shell2.shore.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 04, 1998 at 11:16:32AM -0500, A. Rich wrote: > keith> I don't think you're supposed to be able to mount drives unless you're > keith> root. If you really need to, I guess you could write a suid wrapper > keith> for it. > > That's what the -n flag is for......mountd(8): > > -n The -n option allows non-root mount requests to be served. This > should only be specified if there are clients such as PC's, that > require it. It will automatically clear the vfs.nfs.nfs_privport > sysctl flag, which controls if the kernel will accept nfs re- > quests form reserved ports only. > > This specific case is a cluster of NCDs that need to mount their config > directories. It works under other operating systems (BSD and SysV), just not > this version of FreeBSD that I've tried. > > Based on the man page, I would say this is a bug. Ah, I think I understand your confusion. This is for NFS mounts, right? As a security measure, an NFS server will normally only allow mount requests that come from reserved port on the client. A reserve port is one with a port number < 1024. Some PCNFS implementations send their (legitimate) requests from a port that's > 1023, which is the wrong thing to do. The -n flag is a work around for the NFS *server* to let it allow these requests. It is not a mechanism to allow non-root users to mount local devices onto the filesystem. I've either just explained stuff you already know (in which case, sorry) or cleared up a point of confusion. Hope it's the latter. N -- --+==[ Nik Clayton is Just Another Perl Hacker at Interactive Investor ]==+-- . . . and relax
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980204184724.16018>