HPE Community
Operating System - HP-UX
1833792 Members
2090 Online
110063 Solutions
New Discussion

Re: using anon in /etc/exports

 
Marc Ahrendt
Super Advisor

‎10-03-2006 12:36 PM

‎10-03-2006 12:36 PM

using anon in /etc/exports

according to "man exports" using anon will take an unkown user and map it to the UID specified by anon. i am not seeing this happen ...any idea why?

cat /etc/exports
/usr/data -anon=202

when i touch a file from a NFS client as a user unknown to the server, the file is not owned by 202 but the UID of the client user!?!
hola
0 Kudos
Reply
5 REPLIES 5
Peter Godron
Honored Contributor

‎10-03-2006 07:29 PM

‎10-03-2006 07:29 PM

Re: using anon in /etc/exports

Marc,
please see:
http://www.unix.org.ua/orelly/networking/puis/ch20_02.htm

Last three paragraphs above 20.2.1.2, which start with "Sun's documentation of anon states"

The /etc/passwd file is NOT read
0 Kudos
Reply
Marc Ahrendt
Super Advisor

‎10-04-2006 04:08 AM

‎10-04-2006 04:08 AM

Re: using anon in /etc/exports

peter, that link is bad

i also learned from HP that supposedly the anon option only applies to root users on UNIX NFS clients ...and has no impact for non-root users
hola
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎10-04-2006 05:41 AM

‎10-04-2006 05:41 AM

Re: using anon in /etc/exports

Hi Marc,

I suspect this is because your client is coming from a system (Linux in this case) that uses UIDs. The client system reports the effective local UID on access & just because that UID is not "valid" on the server the files will still be owned by the reported UID of the client system. Just because you typed anonymous as a username does not mean your effective UID will not be reported to the server.
The anon feature is designed for clients (like WinBlows) that do not use UIDs.

My $0.02,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎10-04-2006 08:52 AM

‎10-04-2006 08:52 AM

Re: using anon in /etc/exports

correct, it only applies to root, as root is always 0. If you could create files that would be owned by 202 from client a, there could be another client with a valid username with id 202, which may or may not be want you want from a security perspective.
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎10-04-2006 08:54 AM

‎10-04-2006 08:54 AM

Re: using anon in /etc/exports

correct, it only applies to root. For client side security, ensure the filesystem is only writable by users and groups as required.


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.