Why anyone can read and write to a nobody NFS mounted volume?
Rick Macklem
rmacklem at uoguelph.ca
Fri Apr 15 22:24:18 UTC 2016
Well, I suppose it is up to the server implementor. (In your case Seagate...)
Normally NFS servers map root->nobody by default, under the assumption that
"nobody" is not a real user and is checked via world permissions.
--> I'd say a typical server would allow anyone (including "nobody" access)
if the file's mode includes world "rw".
But none of this is defined in any of the NFS RFCs as far as I recall (the
RFCs basically define what goes on the wire), so I think it is up to the
server implementor.
--> If the file doesn't have world permissions, then I would consider this
atypical and you might want to check with the server implementor in case
this is configurable?
Now, if you are using NFSv4 and uid<->user mapping isn't set up correctly,
any uid/gid that can't be mapped to another name will go on the wire to the
server as "nobody" (and "nogroup" if I recall it correctly). So, you might
want to "nfsstat -m" on the client to see if you are using NFSv3 or NFSv4
and try NFSv3 if it isn't already what you are using.
rick
----- Original Message -----
> Hello all!
>
> i have a strange situation: everyone and not just root can read and write
> to a NFS mount point whose owner is nobody:nobody.
>
> Is this an expected behaviour?
>
> FreeBSD 10.2 RELEASE as NFS client.
> Seagate NAS400 as NFS server.
>
> Thank you all,
> Raimundo Santos
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list