From: Jesse Pollard <jesse@cats-chateau.net>
To: =?CP 1252?q?S=F8ren=20Hansen?= <sh@warma.dk>,
"Trond Myklebust" <trond.myklebust@fys.uio.no>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: UID/GID mapping system
Date: Thu, 11 Mar 2004 08:31:02 -0600 [thread overview]
Message-ID: <04031108310203.05054@tabby> (raw)
In-Reply-To: <1078993757.1576.41.camel@quaoar>
On Thursday 11 March 2004 02:29, Søren Hansen wrote:
> ons, 2004-03-10 kl. 23:45 skrev Trond Myklebust:
> > The NFSv4 client and server already do uid/gid mapping. That is
> > *mandatory* in the NFSv4 protocol, which dictates that you are only
> > allowed to send strings of the form user@domain on the wire.
>
> Clever!
>
> > If you really need uid/gid mapping for NFSv2/v3 too, why not just build
> > on the existing v4 upcall/downcall mechanisms?
>
> Because that would require changes to both ends of the wire. I want this
> to:
> 1. Work for ALL filesystems (NFS, smbfs, ext2(*) etc.)
> 2. Be transparent for the server.
It will be a major security vulnerability.
>
> *: For ext2, this could come in handy if you are moving disks between
> systems.
Mapping fails in this case due to UID loops (been there done that too - had to
spend a week changing uids because of it - most were quickly changed because
there was no conflict, but about 100 out of 1000 were in loops. Users had
multiple accounts on both machines, but different uids on each. You can end up
having to map the same uid to two different uids.
next prev parent reply other threads:[~2004-03-11 14:32 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-08 19:45 UID/GID mapping system Søren Hansen
2004-03-09 16:46 ` Jesse Pollard
2004-03-09 19:28 ` Søren Hansen
2004-03-10 15:28 ` Jesse Pollard
2004-03-10 17:58 ` Søren Hansen
2004-03-10 21:41 ` Jesse Pollard
2004-03-10 22:45 ` Trond Myklebust
2004-03-11 8:29 ` Søren Hansen
2004-03-11 14:31 ` Jesse Pollard [this message]
2004-03-11 14:45 ` Søren Hansen
2004-03-11 15:58 ` J. Bruce Fields
2004-03-11 19:41 ` Trond Myklebust
2004-03-12 8:41 ` Søren Hansen
2004-03-11 14:10 ` Jesse Pollard
2004-03-10 23:46 ` Andreas Dilger
2004-03-11 14:08 ` Jesse Pollard
2004-03-11 16:02 ` J. Bruce Fields
2004-03-12 13:58 ` Jesse Pollard
2004-03-12 20:08 ` J. Bruce Fields
2004-03-15 17:17 ` Jesse Pollard
2004-03-15 17:49 ` Andreas Dilger
[not found] ` <fa.ct61k6d.bm43gj@ifi.uio.no>
2004-03-11 19:40 ` Kevin Buhr
2004-03-11 23:10 ` Jamie Lokier
2004-03-12 14:49 ` Pavel Machek
2004-03-11 8:22 ` Søren Hansen
2004-03-11 14:18 ` Jesse Pollard
2004-03-11 14:39 ` Søren Hansen
2004-03-12 13:52 ` Jesse Pollard
2004-03-12 15:00 ` Søren Hansen
2004-03-15 17:05 ` Jesse Pollard
2004-03-16 8:08 ` Søren Hansen
2004-03-09 19:28 ` Søren Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=04031108310203.05054@tabby \
--to=jesse@cats-chateau.net \
--cc=linux-kernel@vger.kernel.org \
--cc=sh@warma.dk \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox