Mapall root safe?

[ReciprocalMoonlight]

I'm currently running some services that are plugging into NFS shares on TrueNAS Scale and those services require the ability to change file ownership on their files. The only way I've been able to find to support this is to map the NFS client user to root using mapall - this does work, but it's a bit brute force. What I'm looking to check is, assuming I've got other access controls in place (each NFS share is exposed on an isolated network), is using this approach safe? Does it pose any risk of the clients modifying any files or doing any other dodgy things outside of the scope of the share if something goes wrong? And if it's not safe, what would the correct way to do this be?

 

[anodos]

I'm currently running some services that are plugging into NFS shares on TrueNAS Scale and those services require the ability to change file ownership on their files.

If you are using NFSv4 ACL Type you can grant that particular UID "FULL_CONTROL" without mapall root.

 

[anodos]

By way of more complete answer:

those services require the ability to change file ownership on their files

it seems that whatever application that is was written with the assumption that it would be running as root or enhanced capabilities. You can in principle accomplish this though via native ZFS ACLs (acltype = NFSv4)

is using this approach safe?

In general the security afforded by sec=SYS on NFS where share is writable is a fig leaf at best. That said, mapping everyone as root is a bad design approach as it limits your ability to restrict what a misbehaving client / application can do (think more of programming errors / bugs).

doing any other dodgy things outside of the scope of the share if something goes wrong

NFS clients will not be able to escape the export path unless there is a severe security bug in the server.

 

[ReciprocalMoonlight]

By way of more complete answer:
it seems that whatever application that is was written with the assumption that it would be running as root or enhanced capabilities. You can in principle accomplish this though via native ZFS ACLs (acltype = NFSv4)

In general the security afforded by sec=SYS on NFS where share is writable is a fig leaf at best. That said, mapping everyone as root is a bad design approach as it limits your ability to restrict what a misbehaving client / application can do (think more of programming errors / bugs).

NFS clients will not be able to escape the export path unless there is a severe security bug in the server.

Thanks for that. Might have a play with the v4 ACLs if I get a chance but sounds like mapall root fits my security model (it's a single application server with its own share so rogue bugs would run a very similar risk of breaking things even if it was limited to a normal user with full control anyway).