On Wed, Dec 06, 2017 at 09:04:39PM +0000, Simon Hobson wrote: > Yevgeny Kosarzhevsky <phao...@gmail.com> wrote: > > > Ok but this is not about NFS but about any FS that can be accessed over > > network. > > It may help to point out something that I didn't spot when I first came > across NFS. > > With SMB, AFS, FSoverSSH, etc, etc, etc the client authenticates to the > server as a specific user - and then the files accessible by that user are > available to the client (depending on setup, they may be accessible onto to > the one user, or to many users). > So if you have a multi-user client host, each user would need their own > mountpoint to a shared server - with access controls applied on the server > side. > > NFS is completely different. > The client mounts a share, and IIRC there is no authentication possible at > all - at least in earlier versions, not sure if it got added in later > versions. Once the client has mounted the share, it takes responsibility for > controlling access to the files. > So when user id 1234 tries to access a file, the client host applies the > permissions as though it was a local disk and allows or denies the access > accordingly. It should be fairly obvious that if you can't trust the client > host (ie be sure that user ID 1234 is really John Smith from Accounting) then > you have no security.
What I missed when I used NFS ws an ability to remap user ID's between client and server. You got it for root, and root only -- as if access to root permissions is the only restriction that is relevant for security. Everyone that needed root access on any of the family's machines had it anyway. We needed to protect against accidents rather than attacks. -- hendrik _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
