Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Nov 1996 22:13:27 +0100 (GMT+0100)
From:      af@biomath.jussieu.fr (Alain FAUCONNET)
To:        jadaan@eecs.umich.edu (Khaleel Al-Jadaan)
Cc:        questions@FreeBSD.org
Subject:   Re: NFS Client problems
Message-ID:  <199611262113.AA00455@iaka.biomath.jussieu.fr>
In-Reply-To: <Pine.GSO.3.95.961126152536.10019C-100000@soso.eecs.umich.edu> from Khaleel Al-Jadaan at "Nov 26, 96 03:33:11 pm"

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Khaleel Al-Jadaan wrote / a ecrit:
> 
>  Well Alain,
> 
>    Both clients and server run FreeBSD version 2.1.5, I am using DNS.
>   But not NIS. My exports file looks like this:
>   
>   /usr/home -ro -mapall:172.16.1.2:172.16.1.3  #IP of the two clients
> 
>   My network consists of three machines, one server and two clients.
> 
>   The root on the client machines can perform the mount without any
>  problems, but other users are denied with massage (Client credentials
>  too weak). Hope thats enough information and a crystal ball is not
>  needed. 

Well honestly I've always considered that  mount(8)  was  reserved  to
root. The man page doesn't state state it is, but that seems  more  or
less implicit. I may br wrong.

On the other hand the man page for mountd(8) states that for  non-root
mount  requests  to  be  accepted,  it  has  to be started with the -n
option.

On  my  version  of FreeBSD (2.1-stable), the -mapall options seems to
have  different  semantics,  like  -mapall=user:group.  I'm not sure what you
expect  that /etc/exports file to do with -mapall=ip-address. Anyway I
can  see  that  allowing a non-root user to remote mount a fs exported
without the mapall option opens a major security  window !!

_Alain_
-- 
Alain FAUCONNET    Ingenieur systeme - System Manager     AP-HP/SIM
Public Health                91 bld de l'Hopital 75013 PARIS FRANCE
Medical Computing Research Labs         Mail: af@biomath.jussieu.fr
Tel: (+33) 1-40-77-96-19                   Fax: (+33) 1-45-86-80-68
    I've RTFMed. It says: "Refer to your system administrator"
            But... I *am* the system administrator :-]



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199611262113.AA00455>