Mental Exercise: Linux in business
Kevin P. Fleming
kpfleming at linuxfromscratch.org
Sat Aug 7 07:24:04 PDT 2004
Stuart Sears wrote:
> why should you do this if it is not necessary? any extra mounted NFS directory
> leaves the possibility of a compromise, mount what you need and no more.
> why? the NFS server does not keep track of remote UID and GID mappings, and
> will export an FS using numerical ownership only. if you have a local user
> with the same UID/GID as one of your remote users, 'he' will be able to enter
> that user's directory and will have full access to their files...
This is the reason that I mentioned NIS in my reply. It's not safe to
set up an arrangement like this unless you can guarantee that the
systems all share a common user/group database of some kind.
More information about the lfs-chat