HPE Community
Operating System - HP-UX
1753618 Members
5948 Online
108797 Solutions
New Discussion юеВ

Security mechanism of the NFS.

 
Eberno
Regular Advisor

тАО05-04-2006 05:40 AM

тАО05-04-2006 05:40 AM

Security mechanism of the NFS.

MY friends,

they are anybody that knows some mechanisms of security for the NFS.
What kind of mechanism I can use?
0 Kudos
Reply
8 REPLIES 8
Christian Tremblay
Trusted Contributor

тАО05-04-2006 05:49 AM

тАО05-04-2006 05:49 AM

Re: Security mechanism of the NFS.

Yes, it's called Samba ;-)
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-04-2006 05:54 AM

тАО05-04-2006 05:54 AM

Re: Security mechanism of the NFS.

Shalom Erberno,

There really is no security mechanism in NFS.

NFS should only be used where the network is completely secure and trusted, such as behind a firewall.

NFS transmits its data in clear text making it readable by any on the network.

Samba can be teamed with encryption and used in place of NFS in many situations.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО05-04-2006 05:56 AM

тАО05-04-2006 05:56 AM

Re: Security mechanism of the NFS.

You can control which machines can connect to mahcine via the /etc/exports file.

Other security is via your normal owner, group and world/other permissions on the files and directories.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-04-2006 06:19 AM

тАО05-04-2006 06:19 AM

Re: Security mechanism of the NFS.

Shalom,

Patrick points out an important security mechanism which I did not remember.

The data still goes unencrpted across your network for all to see, whether authorized to mount or not.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО05-04-2006 07:20 AM

тАО05-04-2006 07:20 AM

Re: Security mechanism of the NFS.

In addition to the access= specification in /etc/exports, one thing to consider NOT doing is including root= specifications. This allows root on the specified hosts to access the NFS mounted file system (on a read-write mount, root can write also) and is generally considered a Bad Thing(TM).
--
Jeff Traigle
0 Kudos
Reply
Steve Lewis
Honored Contributor

тАО05-04-2006 07:43 AM

тАО05-04-2006 07:43 AM

Re: Security mechanism of the NFS.

What about NFS over SSL?
e.g.
http://www.crufty.net/Products/sNFS.html

Also, don't forget VPN /IPSec etc.

Do a google search on NFS over SSL
0 Kudos
Reply
Robert Fritz
Regular Advisor

тАО05-05-2006 04:06 AM

тАО05-05-2006 04:06 AM

Re: Security mechanism of the NFS.

True, NFSv3 doesn't have cryptographic authentication nor integity proteection, and though some have gotten SSH-tunneling (which uses SSL), its not supported, and pretty klunky.

The good news is that NFS protocol-4 does have cryptographic integrety and authentication. I'd expect to see that support coming soon.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Reply
Eberno
Regular Advisor

тАО05-16-2006 01:24 AM

тАО05-16-2006 01:24 AM

Re: Security mechanism of the NFS.

Robert,

When I found this NFS Protocol-4???
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.