Tim wrote:
On Mon, 2007-11-19 at 15:12 +0100, roland wrote:
I used in /etc/exports the option no_root_squash and this does it.
It's not usually a good idea to do that. Someone being root on one
machine is a risk for that machine. But if they're also treated as root
across a network, that's even more so.
I can't imagine why root ownership of files ought to be involved in
the /home space, unless you've got someone running as root when they
really shouldn't do, and they're saving files in their homespace.
If this was a followup on the "backup vmware" post, I think the point
was to be able to back up all files through a read-only mount. But it
probably is a good thing to understand that nfs is not very secure -
even if you don't allow root access, it is trivial for someone who can
be root on the client machine (or reboot it with a live CD...) to
impersonate anyone else.
--
Les Mikesell
lesmikesell@xxxxxxxxx
