From owner-freebsd-hackers Thu Feb 20 01:41:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA01998 for hackers-outgoing; Thu, 20 Feb 1997 01:41:38 -0800 (PST) Received: from david.siemens.de (david.siemens.de [146.254.1.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA01982 for ; Thu, 20 Feb 1997 01:41:33 -0800 (PST) Received: from salomon.mchp.siemens.de (salomon.mchp.siemens.de [139.23.33.13]) by david.siemens.de (8.8.5/8.8.0) with ESMTP id CAA10402 for ; Thu, 20 Feb 1997 02:57:57 +0100 (MET) Received: from curry.mchp.siemens.de (1@curry.mchp.siemens.de [146.180.31.23]) by salomon.mchp.siemens.de (8.8.4/8.8.4) with ESMTP id KAA15943 for ; Thu, 20 Feb 1997 10:41:24 +0100 (MET) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.8.5/8.8.5) id KAA01013 for ; Thu, 20 Feb 1997 10:41:22 +0100 (MET) From: Andre Albsmeier Message-Id: <199702200941.KAA07749@server.us.tld> Subject: How to prevent unknown users from writing my NFS fs? To: hackers@freebsd.org Date: Thu, 20 Feb 1997 10:41:17 +0100 (MET) X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, I had posted this to -questions a while ago, but there was nobody who could help me. So I try it here again as I think this also might be an interestiong -hackers issue. How can I prevent an NFS exported filesystem to be written by users that are not known by the server? My problem is: I export a filesystem /people to some PCs running PCNFS on our network. Users there typically have homedirectories which contain a directoy pub that is 1777 so that others can write there. However, if you don't pass a username to PCNFS you are logged in as nobody (uid -2) and can still write to the pub directories. As a result there are files created that have a very high uids: -rw-rw-r-- 1 4294967294 andre 1115 Feb 17 10:04 test This confuses quotacheck which runs endlessly (see also PR 2325). A solution could be to prevent that uids that are unknown by the server are not allowed to write to the fs. Or, to prevent special uids to write the fs. I have checked the exports manpage but have no idea how this could be done.. Any help is greatly appreciated... Thanks -Andre