HPE Community
Operating System - HP-UX
1835247 Members
2135 Online
110078 Solutions
New Discussion

NFS mount without -root option

 
Gillian Craigie_1
Occasional Advisor

‎04-11-2005 09:23 PM

‎04-11-2005 09:23 PM

NFS mount without -root option

Hi,

We have been audited recently and they have highlighted a security problem which we must resolve. We have a number of filesystems exported to between our test and live unix machines. 1 is running HP-UX 11.0 and the other is running HP-UX 11.11. We have been told we must not use the -root option on any of these exports, but when this is removed we get a large number of errors in the syslog, when I do a `bdf` or try to `cd` into the directory as root:

NFS access failed for server spms-l20: RPC: Authentication error
NFS fsstat failed for server spms-l20: RPC: Authentication error

When I try to do an `ll` on an exported directory I get the error:

NFS access failed for server spms-l20: RPC: Authentication error
/disk3/opt unreadable

Can anyone tell me why these errors are appearing, and how to prevent them?

After removing the -root option from /etc/exports I ran exportfs -a. Should I have remounted the filesystems after that? What command should be used?

Any help greatly appreciated.
0 Kudos
Reply
2 REPLIES 2
Artyom Voronchihin
Respected Contributor

‎04-11-2005 10:04 PM

‎04-11-2005 10:04 PM

Re: NFS mount without -root option

Hello!
For security purposes by default when you try mount NSF volume from root account, you get permission of user nobody for this volume. Nobody doesn't have valid UID and GID. Perhaps thats the reason. To avoid it -root option was created. But it highly recommended not to use it.
As far as exports -a command transfers the export entries to /etc/xtab file, that further is used by mountd each time a mount request is received, filesystem should be remounted if its access rights have been changed.
"Intel inside" is not a label, it's a warning.
0 Kudos
Reply
Gillian Craigie_1
Occasional Advisor

‎04-12-2005 12:27 AM

‎04-12-2005 12:27 AM

Re: NFS mount without -root option

Thanks for your response.

I have tried to mount filesystems using my own user id but I get the message "must be root to use mount". I have also tried mounting the filesystems again, after removing the -root option from /etc/exports but have had no luck with that either, I'm still getting these messages time and time again in the syslog, and am unable to access these directories as root.

It does sound like I am unable to access these directoroes as root because it is given "nobody" priviledges, but is there any way to stop these errors occurring and to allow access?

Thanks.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.