Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.cis.okstate.edu!news.ksu.ksu.edu!news.physics.uiowa.edu!math.ohio-state.edu!howland.reston.ans.net!gatech!newsfeed.internetmci.com!in1.uu.net!in-news.erinet.com!inquo!sdaw04.seinf.abb.se!erinews.ericsson.se!eua.ericsson.se!usenet
From: seb@erix.ericsson.se (Sebastian Strollo)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc
Subject: NFS woes
Date: 12 Jan 1996 16:12:25 +0100
Organization: Ericsson Utvecklings AB, Stockholm, Sweden
Lines: 41
Sender: seb@scotch.eua.ericsson.se
Message-ID: <qyivihla5i.fsf@scotch.eua.ericsson.se>
NNTP-Posting-Host: scotch.eua.ericsson.se
X-Newsreader: Gnus v5.1
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:11967 comp.unix.bsd.netbsd.misc:1802
[This problem probably exists on more OS:s than {Free,Net}BSD, but that
is what I am using.]
At our site we have our home directory mounted over nfs with the
-maproot=nobody (a not to unusual way of having it(?)). But it seems
that if a file that e.g. has permisions 0600 and owned by a user is in
the cache root can read it? Below is an example (with my home
directory NFS mounted).
% cat > ~/foo
bar
% chmod 0600 foo
% su
Password:
# cat foo
cat: foo: Permission denied
# z
Suspended
% cat foo
bar
% fg
su
# cat foo
bar
I actually noticed this when running X with MIT-MAGIC-COOKIE-1 for
access control. xterm was then unable to start (it runs setuid, and
therefore is not allowed to read my ~/.Xauthority). But curiously
sometimes it did work! So what I really wanted to solve was how to run
xterm and still have my home dirs mounted with -maproot=nobody. I am
sure this is a common problem(?), anyone care to share their solution?
/Sebastian
PS.
[FreeBSD] oh yes, unrelated to the above but related to NFS, an idea
for /etc/sysconfig: add a nfs_secure (or something) variable so that
one can add the -P flag without modifying /etc/rc. (Seeing that this
is already an install-time option, it would seem consistent to have it
in the sysconfig)