Home > General > NFS and root

NFS and root

August 11th, 2011 Leave a comment Go to comments

Under the NFS, root is treated differently from the normal users. Few Unix NFS servers treat root in a same way that they treat the normal users: client’s root user gets same access, which server’s root user will have. Few of them translate client’s root user to the UID called as “nobody”, which is not used as the regular user; and thus, the user may have just permissions granted to world.

The “nobody” UID is either highest possible UID or UID, which translates to -one (that may be written as the -1, or highest possible UID). For the additional risk, “nobody” is at times -2 in place of -1, for a few unknown reason, the System V release four defines highest possible UID at 60,000. On a few Unix machines, one or more of the numbers (-1, -2, 60000, and 65536) are been listed in a password file as the “nobody”.

Most of the Unix NFS servers enable you to select whether you want to allow the root access and translate that to “nobody” through the option in /etc/exports file. The non-Unix servers generally treat root like it were other user, however because that the user is not likely to have the special privileges on server, it is not the problem.

 

To translate root to the “nobody” is very minor safety improvement. Anyone who can root on a client can pretend to be user whatsoever on a client, and will thus see & do anything user will do. Translation hides just those files on server restricted to have an access by the root itself. You would probably like to use the translation wherever you may for minimal protection that it gives you, however you must not at all feel it makes that safe to export the file systems to hostile clients.

Good protection for server is accessible by exporting file system read only. In case, file system is been exported read only (then no host is permitted to write) you are certain data will not get modified through NFS. In case, you allow any host for writing it, then you are vulnerable to the forgery.

The well-behaved clients will not save the file handles and may contact mountd for the new file handle every time that they mount the file system. This means that the well behaved client, which already has the file system mounted will continue to use that in case, you change the access permissions, however it gives you a few measure of the control.

Categories: General Tags:
  1. No comments yet.
  1. No trackbacks yet.