HPE Community
Operating System - HP-UX
1827800 Members
2303 Online
109969 Solutions
New Discussion

NFS

 
Marcelo De Florio_1
Frequent Advisor

‎01-19-2001 12:31 PM

‎01-19-2001 12:31 PM

NFS

Anybody know, the problems of security for this protocol
Marcelo De Florio
0 Kudos
Reply
2 REPLIES 2
Patrick Wallek
Honored Contributor

‎01-19-2001 12:44 PM

‎01-19-2001 12:44 PM

Re: NFS

What kind of problems are you referring to? Do you have any specific security concerns about NFS?

If you set up your /etc/exports file correctly then you can restrict which machines mount which exported directories. You can do a 'man exports' for more information on that file.

0 Kudos
Reply
Shannon Petry
Honored Contributor

‎01-19-2001 03:54 PM

‎01-19-2001 03:54 PM

Re: NFS

As previously stated, the biggest problems are with full world access, and rpc.statd.

in /etc/exports, you should specify something like
/mydisk -rw=host1:host2,ro=host3:host4

This would give read-write access to host1 and host2, read-only access to host3 and host3. All others would be denied access.
I myself for large sites use netgroups to make exporting a whole lot shorter. Remember that root access can only be granted to host.

rpc.statd has many conceptual flaws, which must exist for it to work properly.

SunOS supports a nice "domain" feature for exports which will try to apply host.defined-domain to unresolvable connections. If it can not resolve host1, it will try host1.domain.com. If it can not resolve this, then the connection is refused. This is nice because there can be problems with your own security.....


Hope it helps,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.