home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!elroy.jpl.nasa.gov!usc!rpi!psinntp!psinntp!eye!paul
- From: paul@eye.com (Paul B. Booth)
- Newsgroups: comp.sys.hp
- Subject: Re: Backup to DAT over net
- Message-ID: <1992Jul27.095125.2987@eye.com>
- Date: Mon, 27 Jul 92 13:51:25 GMT
- References: <1992Jul23.170942.11576@cs.nott.ac.uk>
- Organization: 3D/EYE, Inc. Ithaca, NY
- Lines: 78
-
- In article <1992Jul23.170942.11576@cs.nott.ac.uk> pczip@mips.Berkeley.EDU (Ivan Powis) writes:
- >We recently installed several hp9000/700's which are all networked together
- >along with a single DAT drive. One question we asked all suppliers, including
- >hp , was "can you run a backup over the net?". They all said yes. However,
- >having chosen hp, I now find its not so simple. Using fbackup and traversing
- >nfs mounts to get at files on the remote systems (ie not having the DAT drive)
- >isn't adequate, because the superuser protection applied by NFS stops me
- >accessing remote files that don't have general access permission. So using
- >NFS to get at the remote file sytems isn't the answer.
- >
- >How do you go about this? At the moment we're having to physically carry the DAT
- >drive around from machine to machine. This surely isn't the way it has to be done
- >is it?
- >
- >Ivan Powis
-
- At 9.0, rumor has it, hp-ux will update its NFS implementation to allow you
- to permit root access on an nfs-mounted filesystem. Until then, there is a
- quick hack that will let you do this now. Here's the deal. When the
- super user accesses an nfs-mounted filesystem, NFS maps the UID of root to
- "nobody", which is defined in the kernel of the remote machine. Generally,
- "nobody" is defined to be -2 or some such, so root can't access any non
- world-readable files on the remote server. But, if you redefine "nobody"
- to be 0 on the remote server, root gets full access there.
-
- The classic way to do this is to use adb to edit /hp-ux (or /dev/kmem
- directly) on the remote server. BE AWARE, though, that this procedure asks
- you to do "bad" things: 1) disable an important NFS security measure, and 2)
- edit a (running) kernel. Assuming that you are aware of the risks (and that
- you won't come looking for me if you cause yourself problems!), here's a
- little ditty I use to enable/disable nfs root access on a running machine
- (credit for this script should go to the anonymous netster who sent it to me
- some time ago):
-
- #! /bin/sh
- #
- # rootaccess - enable/disable root access for nfs clients
- #
- KERNEL="/hp-ux"
- MEMORY="/dev/kmem"
- NOBODY="nobody"
- #
- case "$1" in
- on|yes|enable|allow)
- ANONUID="0x00000000";;
- off|no|disable|deny)
- ANONUID="0xfffffffe";;
- *)
- echo "usage: rootaccess [on|off]" 1>&2;
- exit 1
- esac
- #
- (echo "$NOBODY/W $ANONUID"; echo '$q') | \
- adb -w $KERNEL $MEMORY
- #
- exit 0
-
- This script modifies /dev/kmem directly, so the change takes place immediately
- and will only last until the next reboot. If you modify /hp-ux instead, you
- need to reboot to effect the change, which lasts until you build a new
- kernel.
-
-
-
-
-
-
-
-
-
-
-
-
- --
- Paul B. Booth (paul@eye.com)
- -------------------------------------------------------------------------------
- 3D/EYE, Inc., 2359 N. Triphammer Rd., Ithaca, NY 14850 voice: (607)257-1381
- fax: (607)257-7335
-
