[Tfug] pcnfsd(8) privilege reduction
John Gruenenfelder
jetpackjohn at gmail.com
Tue Jan 8 21:28:49 MST 2013
On Tue, Jan 1, 2013 at 5:07 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
> Hi,
>
> [and HNY]
>
> I'm trying to get cross-platform NFS support running between
> my UN*X boxen and the WindBlows boxes, here (CIFS not an option).
>
> To do so, pcnfsd(8) needs to run on the UN*X server(s). *If*
> I don't export any printers, can I run it as an unprivileged
> user?
>
> Yeah, I should just dig through the sources but figured someone
> might already have an answer to this one (given the security
> issues involved).
>
> Thanks!
> --don
Hi Don,
I can't give you a specific answer since I just make use of the Debian
packaged kernel space NFS daemon.
That said, the standard NFS ports are in the 2000 range, I believe, so
they are unprivileged. However, NFS also relies on making heavy use
of the Sun RPC portmapper which operates on port 111.
In the past, Debian used to offer both the user space and kernel space
NFS daemons, but the former is no longer available, probably due to
lack of maintenance. Since it did exist at one point, I assume there
must be a way to configure the portmapper (on all ends) to use an
alternate unprivileged port.
--John Gruenenfelder Systems Manager, MKS Imaging Technology, LLC.
Try Weasel Reader for Palm OS -- http://weaselreader.org
"This is the most fun I've had without being drenched in the blood
of my enemies!"
--Sam of Sam & Max
More information about the tfug
mailing list