- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HPUX NFS Security (2)
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2000 07:51 AM
07-27-2000 07:51 AM
1. Andy Monks suggested me to allow every host to access my NFS server. This will create a security issue. I only want all my company's hosts to access the server. But the host list is over 256 characters. How can I just allow my company's hosts access and do not loose my security?
2. Andreas Voss suggested patch PHNE_21108. It is a recalled patch. The replacement is PHNE_21704 which is a recalled patch too. Anyone knows the good patch for NFSv3?
Thanks again!
P.S. Sorry I do not know how to replay to you guys. I have to create a new message.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2000 08:30 AM
07-27-2000 08:30 AM
SolutionI will advise you to exercise patience when it comes to patch installations. The caution point to note is allow the patch to be upto 3 months. There are no recent patches for NFSv3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2000 08:33 AM
07-27-2000 08:33 AM
Re: HPUX NFS Security (2)
A problem has been discovered with superseding patches PHNE_21108 and PHNE_21704. These two patches can cause NFS clients to observe NULL characters at the end of files from the NFS server. PHNE_20957 does not exhibit this same behavior and is being re-released until a replacement patch is available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2000 09:19 AM
07-27-2000 09:19 AM
Re: HPUX NFS Security (2)
But your security question makes me wonder about another issue. Do you have a firewall between your internal resources and the internet world? If you don't, I would very strongly suggest that you invest in one very soon. If the firewall is setup properly, outside entities should not even see your servers, not just the exported file systems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2000 12:40 PM
07-27-2000 12:40 PM
Re: HPUX NFS Security (2)
Thanks for your suggestions!
I tried "netgroup". In /etc/exports, it seems like "access=" overwrites "root=" and "rw=". root can only read from the mounted file system. I do not know how to configure it and let root to read and write mounted file system. I am still working on this issue.
Talking about firewall. Company has firewall to protact whole network but not between the hosts. We do not need firewall to set on each host. I installed a security application on each host.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2000 01:23 PM
07-27-2000 01:23 PM
Re: HPUX NFS Security (2)
There have been all sorts of patches out there that impact NFS. If you are on 10.X there are a variety of different NFS packages as well (standard vs ACE). To put it plainly, there are a variety of bugs out there with no particular version any better off than the next from what I can determine. It has been a while since I have setup any NFS mounts, so giving you any guidance on what package is 'best' is somewhat of a shot in the dark.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2000 03:44 AM
07-28-2000 03:44 AM
Re: HPUX NFS Security (2)
1. root access must be a host list. netgroups will not work.
2. access=group is almost the same as rw=group. if using rw and ro, then do not use the access. It will confuse issues.
EXAMPLES
netgroup:
rwhosts (rwhost1,,) (rwhost2,,)
rohosts (rohost1,,) (rohost2,,)
admin (admin1,,) (admin2,,)
exports:
/dir1 root=admin1:admin2,rw=rwhosts,ro=rohosts
NOTE: Depending on how you resolve names the way the netgroups are interpreted can vary. I.E. If you are running a name server, and "domain=somedomain" on the server, then all clients will resolv to host.domain. The client however must do the same or it will tell the server that it is just "host" and will fail to authenticate. This will require two netgroups entries for each host, and on the export. One entry with domain, and the other not. This gets very difficult to maintain. (Sun has a nice export option of domain=.domain which will append that listed domain to any host(no domain specified) and re-attempt authentication. NICE)
Best Regards!
Shannon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2000 01:11 PM
07-31-2000 01:11 PM
Re: HPUX NFS Security (2)
Good luck,
Jamie R.