Dear all, I wrote about some security issues with NFS, about protecting against privileged UIDs and GIDs, like root_squash protects against root. Your advice was to use NFSv4 with kerberos authentication. I now succeeded in setting that up on a test system; though not as simple as should be, it seems to work as expected. The changes required for use are non-trivial, so I will not immediately be able to use it. Seems that the mountd option --manage-gids handles the secondary groups only. I still do not quite understand why mountd (with that or another option) cannot handle the primary GID also, setting it to the GID corresponding to the UID on the server; and maybe even "squash" any UIDs in a table similar to idmap, or simply squash UIDs less than UID_MIN (squash directly, without any kernel interaction). Could you please tell me whether those are conceptually possible? Thanks, Paul Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
