Restricting root
Access to Shared Files
Usually, superuser is not allowed root
access to file systems
that are shared across the network. The NFS system prevents root
access to mounted file systems by changing the user of the requester to the user
nobody
with the user ID 60001
. The access
rights of user nobody
are the same as those access rights that
are given to the public. The user nobody
has the access rights of
a user without credentials. For example, if the public has only execute permission
for a file, then user nobody
can only execute that file.
An NFS server can grant root
access to a shared file system on a per-host basis. To grant these privileges, use the root=
hostname option to the share
command. You should use this option with care. For a discussion of security options with NFS, see Chapter 5, Commands for Managing Network File Systems in Managing Network File Systems in Oracle Solaris 11.4.