Re: NFS and security

To: Raffaele Sandrini <rasa@gmx.ch>
Cc: debian-user@lists.debian.org
Subject: Re: NFS and security
From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Date: Fri, 28 Jun 2002 09:04:04 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1020628085615.3018A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 200206281751.23351.rasa@gmx.ch>

hi ya raffaele

On Fri, 28 Jun 2002, Raffaele Sandrini wrote:

> I recently set up a very little debian system wich i use fo maintaince and 
> setup on my clients. Its loaded via the NFSROOT feature of the 2.4 kernel. To 
> do that i needed to set up a exports entry like:
> 
> /path/to/system	10.1.1.0/24(rw,no_root_squash)

/etc		10.1.1.0/24(ro... )
/path/to/home	10.1.1.0/24(ro... )
#
# only "A" on the other end can write into /home/a
#
/path/to/home/a	10.1.1.a/32(rw... )
/path/to/home/b	10.1.1.c/32(rw... )
/path/to/home/c	10.1.1.c/32(rw... )

simple way to make it little stiffer... but not by much
and use automounters so "root" is not needed to manually mount stuff
	and root probably should be squashed..

- i'd like a better way to do stuff too ...

c ya
alvin

secure fs...
	http://www.Linux-Sec.net/FileSystem/  - at bottom

> As you can see this is _very_ insecure cause everyone can conntect and alter 
> it who is in my network and has a machine on wich his root.
> Ok to make it secure i could only let the machines access on wich would like 
> to start the system at the moment but its annoying to alter the exports file 
> everytime...
> Is there a way to make that secure by still using NFS? (not initrd or similar 
> things)
> 


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- NFS and security
  - From: Raffaele Sandrini <rasa@gmx.ch>

Prev by Date: thinkpad 600X
Next by Date: Re: ipchains: drop a single IP address?
Previous by thread: Re: NFS and security
Next by thread: Re: NFS and security
Index(es):
- Date
- Thread