Mental Exercise: Linux in business

Kevin P. Fleming kpfleming at linuxfromscratch.org
Sat Aug 7 07:24:04 PDT 2004


Stuart Sears wrote:

> why should you do this if it is not necessary? any extra mounted NFS directory 
> leaves the possibility of a compromise, mount what you need and no more.
> why? the NFS server does not keep track of remote UID and GID mappings, and 
> will export an FS using numerical ownership only. if you have a local user 
> with the same UID/GID as one of your remote users, 'he' will be able to enter 
> that user's directory and will have full access to their files...

This is the reason that I mentioned NIS in my reply. It's not safe to 
set up an arrangement like this unless you can guarantee that the 
systems all share a common user/group database of some kind.



More information about the lfs-chat mailing list