Subject: Re: security/6594: the default "nobody" credentials (32767:9999) do not match mountd's default (-2:-2)
To: NetBSD GNATS submissions and followups <>
From: David Laight <>
List: netbsd-bugs
Date: 09/08/2002 09:33:14
> > Yes - I was wondering whether that ought to be tightly enforced?
> > ie even if a file has uid -2 it still can't be accessed?
> Ah, _NO_!  :-)
> > The permissions for created files become problematical...
> Indeed!  Perhaps you should look at some clusters of diskless clients in
> real production use.  The client superusers must quite often be able to
> create files, and subsequently access the files they create, even on
> partitions where they do not have superuser access (and indeed in some
> cases they may not ever have any superuser access to any files on any
> filesystems).

It is a long time since I've had access to such a cluster (sun3s)
and I didn't set it up.  However under those circumstances the admin
would almost certainly explicitely map remote root access to a
specific local user.


David Laight: