On Tue, 2006-09-12 at 06:15, Mark Haney wrote: > > > Yeah, it's a strange situation. I have an NFS server that has exported > /home/users. One of the machines (client A) that mounts that NFS share > is being handed to another group who needs root access. Because of the > fact that we have other user accounts in /home/users I cannot let > someone else have root access on Client A. What I want is to be able to > keep that NFS mount on Client A, but not let root on Client A access > that NFS mount. Does that clear it up a bit? That's not strange at all. It is the usual situation where someone on another machine that has NFS access can become root whether by a normal login or booting from a knoppix-type CD. > I got another reply mentioning no_root_squash, but I just got in and I'm > not yet ready to look into that option, at least not until my fisrt cup > of coffee. What happens is that the root user on the client is mapped to the nobody user on the server. Depending on the file/directory permissions this may mean that access will be denied. That would be the case on home directories set rx only by owner. However, the permissions are established by uid number and you have to remember that the user with root permission on his local machine can create a user with any uid he wants and su to that user. At that point he will be able to access any file on the NFS server with the permissions of this other user. -- Les Mikesell lesmikesell@xxxxxxxxx
