Why we should not use the no_root_squash Option
By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account.
In this way, all root-created files are owned by nfsnobody, which prevents uploading of programs with the setuid bit set.
no_root_squash - Allows root users on client computers to have root access on the server. Mount requests for root are not be mounted to the anonomous user. This option is needed for diskless clients.
root_squash - Requests from root clients are mapped to the nobody user and group ID so they will only have file privileges associated with other.
ro - read only access
rw - read write access
If no_root_squash is used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.
One Response to “Why we should not use the no_root_squash Option”
Leave a Reply
You must be logged in to post a comment.
2assessment…
…