zlacker

[parent] [thread] 2 comments
1. geertj+(OP)[view] [source] 2022-06-21 14:11:27
> Under NFSv2 and NFSv3, the numeric user and group id is used to determine permission, and these must be aligned between the client and server.

Technically the server doesn't need to have a UID/GID database that's aligned with the client, what's required is that all clients of the same server are aligned. The server will take the numerical UID/GIDs from the RPC sent by the client and perform Posix style permission checks using the owner UID, owner GID, and mode bits stored in the inode of the file or directory. The server doesn't need to known what user the UID corresponds to.

replies(1): >>smarks+bs
2. smarks+bs[view] [source] 2022-06-21 16:34:31
>>geertj+(OP)
Right. At least at Sun through the 1990s, when everybody had their own workstations, many network nodes had local filesystems, so they were both NFS clients and NFS servers. For this to work well it pretty much required that UIDs/GIDs were globally consistent.

This was maintained using YP/NIS. But Sun was too big for a single YP/NIS domain, so there was a hack where each YP/NIS master was populated via some kind of uber-master database. At least at one point, this consisted of plain text files on a filesystem that was NFS-mounted by every YP/NIS master....

This was all terribly insecure. Since everybody had root on their own workstations, you could `su root` and then `su somebody` to get processes running with their UID, and then you could read and write all their files over NFS. But remember, this was back in the day when we sent passwords around in the clear, we used insecure tools like telnet and ftp and BSD tools like rsh/rcp/rlogin. So NFS was "no more insecure" than anything else running on the network. But that was ok, because everything was behind a firewall. (Some sarcasm in those last bits, in case it wasn't obvious.)

replies(1): >>KateLa+4u1
◧◩
3. KateLa+4u1[view] [source] [discussion] 2022-06-21 22:34:08
>>smarks+bs
Sun did have a firewall by the early 90's. It had application-level proxies, and you'd have to configure applications to bounce through it if you wanted to get to the Internet. In many ways, this was more secure than today's default for firewalls where you can make any outbound connection you want but only the inbound connections are filtered.

Note that I'm not arguing that Sun was a leader in security, but they did make some efforts that other companies didn't.

[go to top]