From owner-freebsd-security  Fri Sep  1 04:50:49 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id EAA29192
          for security-outgoing; Fri, 1 Sep 1995 04:50:49 -0700
Received: from hermes.sees.bangor.ac.uk (hermes.sees.bangor.ac.uk [147.143.102.8])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with SMTP id EAA29186
          for <freebsd-security@freebsd.org>; Fri, 1 Sep 1995 04:50:45 -0700
From: Mr D Whitehead (Ext 2703) <davew@sees.bangor.ac.uk>
Message-Id: <10216.9509011148@hermes.sees.bangor.ac.uk>
Received: from adam.sees (adam.sees.bangor.ac.uk) by hermes.sees.bangor.ac.uk; Fri, 1 Sep 95 12:48:42 BST
Subject: Security of non root nfs mounts
To: freebsd-security@freebsd.org
Date: Fri, 1 Sep 1995 12:48:40 +0100 (BST)
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1508      
Sender: security-owner@freebsd.org
Precedence: bulk

Hi,

	FreeBSD-2.0.5R does not seem to be able to export a filesystem
when the mount request was made by Sun's PCNFS using its default user
of 'nobody' (uid:2 gid:2) , this was not the case for (some) earlier
versions (2.0R & 2.0-950112-SNAP).  Is this an intentional change made
for security reasons, and if not is there a way round this?

	This situation came to my attention when upgrading the servers 
for our teaching lab. where we have PC's running both Dos and FreeBSD.
When the PC's are booted as Dos machines all readonly filesystems and
printers are mounted during the execution of autoexec.bat providing a
basic range of facilities.  Later when the user has logged in more
filesystems and facilities are provided.  Needless to say its done this
way so that the login command (and a few other important bits) can be
maintained as on the network where system wide changes can be easily
made and controlled. 

-- 
		Dave Whitehead (Computer Support Staff)
-------------------------------------------------------------------------------
EMAIL:-					|	TELEPHONE (work):-
(work) davew@sees.bangor.ac.uk 		|	+44 1248 382703 (Direct line)
(home) 100023.1076@compuserve.com	|	+44 1248 351151 ext 2703
-------------------------------------------------------------------------------
SNAIL MAIL:-
Dave Whitehead
School of Electronic Engineering & Computer Systems,
University College of North Wales,
Dean Street,
Bangor  LL57 1UT
------------------------------------------------------------------------------