System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

What are the ways an unmapped user can get into the NFS file share?

 
DharmaRao G
Advisor

What are the ways an unmapped user can get into the NFS file share?

What are the ways an unmapped user can get into the NFS file share from UNIX or from Windows?
2 REPLIES
sujit kumar singh
Honored Contributor

Re: What are the ways an unmapped user can get into the NFS file share?

Hi

at the time of exporting from server you can try the exportfs option -anon=-2, but make sure that simultaneously you "are not exporting" that using -root access.

If the client UID is unknmown to the server, the user shall get an ID of "nobody" UNIX user that has as the docs suggest a very linited rights.

setting anon=65534 disables unkwon UID access for NFS.

regards
sujit
Hemmetter
Esteemed Contributor

Re: What are the ways an unmapped user can get into the NFS file share?

Hi,


NFS handles user-IDs numerically, the server checks permissions UNIX-like against the permissions of the underlaying filesystem.


from exports(4)

anon=uid If a request comes from an unknown user, use uid as the
effective user ID. Note: Root users (uid 0) are always
considered ``unknown'' by the NFS server unless they
are included in the root option below.

The default value for this option is -2. Setting anon
to -1 disables anonymous access.




You can map all unknown users to a special UID.






rgds
HGH