Date: Thu, 18 Oct 2001 14:23:55 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Yarema <yds@dppl.com>, ports@FreeBSD.org Subject: Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned Message-ID: <29090.1003407835@axl.seasidesoftware.co.za> In-Reply-To: Your message of "Thu, 18 Oct 2001 16:16:09 %2B0400." <20011018161609.A63967@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Oct 2001 16:16:09 +0400, "Andrey A. Chernov" wrote: > Any priviledges, read/write/etc. Nobody is internal NFS user means 'root'. WHAT?! To NFS, nobody _may_ mean "the user to which root should be mapped". The system should _never_ be structured such that having nobody privelege is equivalent to having root privelege. Specifically, one usually maps a foreign host's root to the local nobody. This means "foreign host's root has world-only permissions". This is sounding worse and worse to me. Could you maybe provide an example that demonstrates the danger you're trying to protect against? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29090.1003407835>