home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.protocols.tcp-ip.ibmpc:5030 comp.protocols.nfs:2211
- Path: sparky!uunet!dtix!darwin.sura.net!jvnc.net!netnews.upenn.edu!catone
- From: catone@dmark.wharton.upenn.edu (Tony Catone)
- Newsgroups: comp.protocols.tcp-ip.ibmpc,comp.protocols.nfs
- Subject: Re: How to mount PC file systems via tcp/ip?
- Message-ID: <CATONE.92Sep2181838@sovereign.dmark.wharton.upenn.edu>
- Date: 2 Sep 92 22:18:38 GMT
- References: <920825115700@cream.ftp.com> <1992Aug20.210004.15614@rhrk.uni-kl.de>
- <1992Aug27.020243.17128@rhrk.uni-kl.de>
- Sender: news@netnews.upenn.edu
- Followup-To: comp.protocols.tcp-ip.ibmpc
- Organization: University of Pennsylvania
- Lines: 59
- Nntp-Posting-Host: sovereign.wharton.upenn.edu
- In-reply-to: andrick@sun.rhrk.uni-kl.de's message of 27 Aug 92 02:02:43 GMT
-
- In article <1992Aug27.020243.17128@rhrk.uni-kl.de> andrick@sun.rhrk.uni-kl.de (Ulf Andrick [Biologie]) writes:
-
- In article <920825115700@cream.ftp.com>, jbvb@vax.ftp.com (James B.
- VanBokkelen) writes:
- > In article <1992Aug20.210004.15614@rhrk.uni-kl.de>
- andrick@rhrk.uni-kl.de (Ulf Andrick) writes:
- >
- > I read somewhere that one could use idmnt by FTP to mount directories
- > of another PC running SOSS (Stan's Own Server) and wanted to try it.
- >
- > But idmnt attempts to transmit user and password and seems to expect
- > some appropriate response, which SOSS apparently does not deliver.
- > ....
- >
- > In an effort not do do "the Emperor's New Clothes" with "NFS Security",
- > the IDMNT.EXE we distribute insists on authentication via a PCNFSD server,
- > and doesn't allow the user to specify the UID/GID as integers. Thus, it
- > can't talk to SOSS. However, you can get from our Tech Support people
- > a MNT.EXE which lets you specify UID/GID and mount SOSS (and other things
- > that don't have PCNFSDs available).
-
- Maybe things have changed, but with the Interdrive version 1.1 pl 2 I use,
- one can specify sec_arg=nobody to mount the directory with "anonymous" privs.
- Since SOSS has no concept of uids or gids, this lets you mount any exported
- SOSS directory. Has this very useful feature been removed in later versions
- of Interdrive?
-
- I thought that asking for a password was the proper thing to do for idmnt
- and attributed the problem mainly to SOSS.
-
- Why did you think that? NFS doesn't use passwords, just uids and
- gids. PCNFSD is a hack to try and give the verisimilitude of
- security.
-
- I hoped that it could be set up to accept a request for
- `authentication'.
-
- You have the source code: are you volunteering to do the work?
-
- I don't really like the idea that the server is accessible to everybody.
- But one security measure might be to give the directories to mount some
- incomprehensible names. By joining the hard drives to a virtual disc, it
- might even be possible to make the whole filesystem of the server
- accessible from such a directory, which would reside on the virtual disc.
- Is there any possibility to fool this, so that one can mount the directory
- without knowing its name?
-
- Now you are just being silly. The server is not accessible to
- everyone, just the machines you specify in export.us. And obfuscation
- through incomprehensible names won't work as showmount -e will tell
- you a machines mount points and to whom they are exported, although
- SOSS usually tells you the drives are exported to everyone even when
- they are not. This last "feature" actually gives you more security
- than a unix host, at least as far as IP spoofing goes. Use SOSS' -r
- switch if you want to export read only.
-
-
- - Tony
- catone@dmark.wharton.upenn.edu
-
