--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Jan 08, 2001 at 11:42:55PM +0100, Marcel Meyer wrote:

> possibly a newbie question. :-) We export many files (homes, configs etc)
> with NFS from our server. But there are some computers outside of our
> internal network where "other persons *g*" are root and they import those
> files with the same rights too.

Uhm, unless you specifically export root as root, (with the -maproot option,
see "man exports") it is exported as nobody:nogroup (-2:-2, numerically).

> Problem: With root-rights it is possible to write a script or copy a
> standard binary to a home-dir and set the +s bit (with root as owner).
> Now, these scripts can be executed on our "normal" clients from a standard
> user. That's not what we want :-).

Well, on the untrusted client machines don't export your root as client root
on any of the exported filesystems.

	-is

--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQEVAgUBOlrhfzCn4om+4LhpAQE1qQf9F8IC+T3McyFv480ImSW6n2LcjCy+CCd9
i9HEUK0Qtbx5ysZ+M7JBLWXzW4cnJpdKzXn+UZ7J2ICFUxNWDmiVrtJUZSj3dp0U
9ECHADttna82pFE4AU4wbfuE8o/mDn91E7Pv4S6B+EO3fJMGGFyChdTYBqKfXx34
rgSn1ZdOeKvM2RsTmCcuCrJn3/NY6PNrgJwUtX9Lk7QjQEld4SZ8cI/2LWUDqY1T
pyh1keqRhX5vKwVY8kHY626iYktS6AvUs3Tf8SG2rv4zio+a5LBtxmAx6qJuwln+
rRsvIu+AAAfSFbVTQW2wuSYOmthwLIU09IF8hJrVJ/wcXU9N5Ssh2A==
=jNvg
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--