> I have a unix file server and wish to export some directories to a
> client, sharing the NIS domain qith thw server. It seems that a
> superuser on the client machine can su to an arbitrary NIS account,
> without providing password. So the root on the client has access to all
> the directories exported from the server to this client. Isn't this a
> security risk, if I have no control over the superuser on the
It sure is, but plain old NFS doesn't have a better authentication
mechanism than this.
Quote:> Is there a way around this?
It depends on how much access you need to give away. If Mallory has
root access on the client machine, she can masquerade as any
legitimate user. Thus, if all legitimate users must be able to log
into the client machine and read and modify their own files,
then---necessarily---Mallory can read and modify *every* legitimate
If Ann is the only one who needs to access her files on the client,
then you can obviously export just Ann's directory, and Mallory---even
if she gets root---will only be able to cause trouble for Ann.
Similarly, if a small subset of users will be using the client, you
can export just their filesystems and "sacrifice" them to Mallory
without exposing other users to much danger.
(Of course, you can also export the files read-only, and you can use
the NFS server's uid-squashing facilities to treat all requests as if
they came from some low-priviledge user, like "nobody", no matter who
they really came from.)
Plain old NFS servers work by authenticating clients based on their IP
addresses and trusting clients to authenticate users---in particular,
the NFS server simply trusts the userid field passed to it by the NFS
client in each request. There are certainly ways to improve this
(using Kerberos NFS or AFS to securely authenticate machines and/or
users to the file server), but no improvement will fix the fundamental
problem that someone with physical access to the client machine can
trick legitimate user Larry into authenticating himself to the NFS
server just before deleting all of Larry's files.