Subject: Re: security/6594: the default "nobody" credentials (32767:9999) do not match mountd's default (-2:-2)
To: NetBSD GNATS submissions and followups <firstname.lastname@example.org>
From: David Laight <email@example.com>
Date: 09/08/2002 09:33:14
> > Yes - I was wondering whether that ought to be tightly enforced?
> > ie even if a file has uid -2 it still can't be accessed?
> Ah, _NO_! :-)
> > The permissions for created files become problematical...
> Indeed! Perhaps you should look at some clusters of diskless clients in
> real production use. The client superusers must quite often be able to
> create files, and subsequently access the files they create, even on
> partitions where they do not have superuser access (and indeed in some
> cases they may not ever have any superuser access to any files on any
It is a long time since I've had access to such a cluster (sun3s)
and I didn't set it up. However under those circumstances the admin
would almost certainly explicitely map remote root access to a
specific local user.
David Laight: firstname.lastname@example.org