Re: nfs daemon
>
> > From: Alex Romosan <alex@juliet.fnal.gov>
> > would any one care to enlighten me why the nfs daemons are commented
> > out of /etc/init.d/netstd_nfs. i needed to mount a disk off another
> > linux machine and i couldn't do it until i turned on the daemons by
> > hand. are there any security issues associated with this? the same
> > daemons are also commented out of /etc/inetd.conf.
>
> Well if not configured properly (ie proper restrictions) it is
> possible for anyone to mount your drives and then convince your
> system that they have root file priveliges. I saw this on our local
> Sun nfs server before I was given root access and fixed it.
>
In debian, as far as I can see, all daemons should be enabled by
default. if you want to disable them, just remove the links in /etc/rc?.d.
nfs is the only one that is disabled by default, as far as I know.
nfs doesn't come with an exports file like
/ *(rw,no_root_squash)
but rather with an empty one. That doesn't pose a security threat.
And, had Alex had an /etc/exports file like the one above, Alex
probably had a good reason for it (i.e. he only has a local network).
In my opinion, nfs should just install like the rest of the daemons.
> IMHO, all network daemons should be disabled by default and the
> sysadmin should have to enable them one by one. I hate spending
> an hour on a new system just turning off things that I don't want
> running.
An hour?
# rm /etc/rc2.d/*
Does that take an hour? (OK it deletes more than you want to,
but selecting the right ones still doesn't get close to an hour).
--
joost witteveen
joost@rulcmc.leidenuniv.nl
joostje@debian.org
--
Use Debian/GNU Linux!
Reply to: