Re: (OT) The NFS security system
In article <[🔎] 200209131835.09893.rasa@gmx.ch>,
Raffaele Sandrini <rasa@gmx.ch> wrote:
>On Friday 13 September 2002 18:23, Miquel van Smoorenburg wrote:
>>
>> So basically there is no NFS security system ..
>>
>
>Hmm i assumed that... but thats very bad... I mean, that makes NFS unusable in
>a LAN wich needs to be protected also against its own users. Every user can
>just connect his Laptop to the network and "surf" as root in the NFS
>shares...
If you exported the share to his/her IP address, or if they can
use any IP address they like (and pick one that the share is exported
to) , then yes.
>so you need the squash root everywhere and that makes it unusuable
>for system things like nfsroot :-((
Yup. In fact squash_root only prevents you from accessing files
as root; you can still access them as any other user.
Well, for nfsroot you could export the filesystem read-only ofcourse,
and keep writable dirs on local disk.
>Is there another common way for shring files on Linux? A system wich respects
>the UNIX user system? Please don't say SAMBA cause it does not do that...
Uhm .. coda (http://www.coda.cs.cmu.edu/) comes to mind,
and sfs (http://www.fs.net/)
Mike.
Reply to: