Am I missing something here? Granted the /vol/vol0 filesystem would be viewable by everyone, but only root on the adminhost would have root permissions on the filer. Root on all other systems would become "nobody" on the filer, and if there are configurations files that can be modified by non-root users, ........
Personally, I have root/access pairs for the roots of all the volumes on my filers.
Kendall Libby wrote:
Ok, so I don't have the docs handy.. but if you have an "-access" options, it just seems kinda intuitive to me that you might actually *USE IT*. But maybe it's just me.
------- Start of forwarded message (RFC 934 encapsulation) ------- From: pashdown@XMISSION.COM (Pete Ashdown) Subject: Network Appliance NFS filer root hole Date: 28 Apr 1999 15:58:45 -0400 Organization: Bugtraq List Message-ID: 199904281658.KAA14944@slack.xmission.com Reply-To: Pete Ashdown pashdown@XMISSION.COM
For Network Appliance NFS filer release: NetApp Release 5.2.1: Thu Dec 31 12:56:45 PST 1998
Following "Example 1" on page 136 of the "System Administrator's Guide" for the Network Appliance results in a gaping hole. In this example, they explain that "the following line exports the root directory of the default filter volume to the administration host with root privileges."
/vol/vol0 -root=adminhostThis is all fine and good, but it also exports to the WORLD with root privileges. You have to specify either "-access", or "-rw", or "-ro" in addition to "-root" for this not to happen. When I mentioned this to my NetApp SE, I was met with quizzical looks, but no code-update or patch. Thusly, I sent it to bugtraq. ------- End -------
-- Matthew Lee Stier * Fujitsu Network Communications Unix Systems Administrator | Two Blue Hill Plaza Ph: 914-731-2097 Fx: 914-731-2011 | Sixth Floor Matthew.Stier@fnc.fujitsu.com * Pearl River, NY 10965