Re: is NFS secure ?
- From: "Wayne Pinette" <Wpinette@xxxxxx>
- Date: Thu, 31 Aug 2006 09:36:56 -0700
Agreed in most points. Basically NFS's power and weakness is it trusts
the IP network it is on, and that is all. It works great for a secured
Data center network where all machines are hidden behind a firewall and
can somewhat trust each other and there is no public access. Not so
good at all for public mounting. It's too bad too, because if someone
ever came up with an NFS that required a simple certificate verification
handshake upon connection, (so the nfs daemons didnt trust the network,
they trusted the certficiate) then it would be much better and safer to
use in public area.
Just my 2 cents worth.
Wayner
P.S.
root_squash means that root on the local machien does NOT have root
access to the nfs drives. Unfortunately nothing stops you from faking
the userid of other users on your linux distribution on your laptop,
then filesharing into their files once your laptop is on the network.
Certainly a vague question. I think of it from the perspective of howvzlatkin@xxxxxxxxxx 08/31/06 9:26 am >>>
hard is it for me to see someone else's nfs data. The answer is: very
easy.
Take a common scenario where many users mount their home directory via
nfs, and you use root_squash. To gain access to a user's data all you
need is root on a machine that can mount any home directory. Then just
su - [username] and you'll have access. Some magic required, but that
is pretty insecure.
I've never tried nfs over ssh, but I know you can restrict the
different
nfs components to use a specific port instead of portmap. Therefore, it
should be possible to do nfs over ssh.
-Vlady
Miner, Jonathan W (CSC) (US SSA) wrote:
Hi -your system is secure or not depends on how you are using it, and what
Asking if something is "secure" is a pretty vague question... Whether
level of security you need. I can't speak for NFSv4 yet.
mount your filesystems, read-write or read-only, and whether the
See the manual page for /etc/exports to learn how to restrict who can
clients' root account has privs or not.
clients.
You could even use iptables (or another firewall) to restrict
over an VPN or SSH-tunnel.
NFS does not encrypt traffic, but it might be possible to run NFS
Dhotre
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx on behalf of Shekhar
Sent: Thu 08/31/2006 08:58 AM
To: General Red Hat Linux discussion list
Cc:
Subject: RE: is NFS secure ?
So, NFS versions before NFSv4 were not secure right ?
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anze Vidmar
Sent: Thursday, August 31, 2006 8:53 AM
To: General Red Hat Linux discussion list
Subject: Re: is NFS secure ?
On Thu, 2006-08-31 at 08:48 -0400, Shekhar Dhotre wrote:
OK , Is NFS secure ?NFSv4 is.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- Follow-Ups:
- RE: is NFS secure ?
- From: Shekhar Dhotre
- RE: is NFS secure ?
- Prev by Date: RE: is NFS secure ?
- Next by Date: RE: is NFS secure ?
- Previous by thread: Need Buildroot for linux-2.2.16 to add perl support
- Next by thread: RE: is NFS secure ?
- Index(es):
Relevant Pages
|
|
