[Dclug] [Novalug] rsync and permissions
Przemek Klosowski
przemek at jazz.ncnr.nist.gov
Mon Jun 1 09:07:09 EDT 2009
Root Permission Squashing is great for hostile environments, but I
have always decided that I was in a safe environment where I could
trust root across the network.
Sorry to belabor the obvious but extending the root privilege in NFS
is not just a friendly environment---it's equivalent to not having any
access controls at all, because any node that claims root privileges
by saying 'trust me, I have UID 0' (e.g. a hypothetical embedded
networked weather station running its software as root, or you booting
a live Ubuntu CD, or a Windows NFS client that simply declares UID 0
because it feels like it) gets root privs on your server. It may be
appropriate, but it's extremely permissive.
More information about the Dclug
mailing list