zlacker
[parent]
[thread]
2 comments
1. incomp+(OP)
[view]
[source]
2022-06-21 00:18:14
I remember an issue that it's security model involved trusting the client. If you exported a file system to a PC, somebody could reboot the PC with Linux to get root and ignore the user permissions.
replies(2):
>>bubble+84
>>chasil+Dl
◧
2. bubble+84
[view]
[source]
2022-06-21 00:47:46
>>incomp+(OP)
I believe this can be fixed with kerberos, but in practice very few people probably deploy it that way.
◧
3. chasil+Dl
[view]
[source]
2022-06-21 03:11:01
>>incomp+(OP)
They can get every user except root (assuming that root squash is in place).
NFSv3 and below trusts any uid/gids presented by the client unless they are squashed.
[go to top]