Re: / owned by bin causes sshd to complain bad ownership

看板FB_security作者時間13年前 (2012/06/24 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串15/17 (看更多)
Garance A Drosehn <gad@FreeBSD.org> writes: > At one time I read that having directories/files owned by root was a > security benefit when considering the -maproot=3D<x> for NFS exports. > All unix systems recognize UID=3D0 means root, and there is no other > UID which all unix systems agree on. Disclaimer: I rarely use NFS, > so I don't really pay attention to the details. I may have the wrong > idea for what the advantage is, but it was some kind of connection > with UID=3D0 and NFS exports or imports. -maproot=3Dfoo means that requests coming from root on the client are treated as if the came from the user "foo" instead. If binaries are owned by bin, root on the client can su to bin and modify them. If they are owned by root and the server maps root to an unprivileged user (e.g. "nobody"), root on the client can't touch them. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 des. 的文章
文章代碼(AID): #1FvWHWsA (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 15 之 17 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共17篇)
更多 des. 的文章
文章代碼(AID): #1FvWHWsA (FB_security)