Re: NFS and security

To: debian-user@lists.debian.org
Subject: Re: NFS and security
From: Raffaele Sandrini <rasa@gmx.ch>
Date: Fri, 28 Jun 2002 18:14:42 +0200
Message-id: <[🔎] 200206281814.42904.rasa@gmx.ch>
In-reply-to: <[🔎] 20020628155652.GA1777@misery.proulx.com>
References: <[🔎] 200206281751.23351.rasa@gmx.ch> <[🔎] 20020628155652.GA1777@misery.proulx.com>

On Friday 28 June 2002 17:56, Bob Proulx wrote:
> > /path/to/system	10.1.1.0/24(rw,no_root_squash)
>
> Yes.  Why do you need the no_root_squash enabled?  I strongly
> recommend you disable that.  It is hard to think about any other
> security improvements while that is enabled.

I need it because the kernel wich mounts it connects to it as root. If root is 
squashed to nobody he wont be able to any of the files because they owned by 
root.

>
> You have /path/to/system which implies that you have multiple system
> images there.  More details would enable more informed suggestions.
>

I have a Debian server here. Here are clientimages and other stuff installed 
like my nfsroot system. It stored in a directory on the server. So i don't 
connect to a running system.

-- 
Raffaele Sandrini <rasa@gmx.ch>
Annoyed about M$ Windows? Don't worry. Try Linux! (www.linux.org)
For encrypted Mail get my Public Key from "search.keyserver.net"
ID: 0xEC4950E9

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: NFS and security
  - From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>

References:
- NFS and security
  - From: Raffaele Sandrini <rasa@gmx.ch>
- Re: NFS and security
  - From: bob@proulx.com (Bob Proulx)

Prev by Date: Re: ipchains: drop a single IP address?
Next by Date: Re: ipchains: drop a single IP address?
Previous by thread: Re: NFS and security
Next by thread: Re: NFS and security
Index(es):
- Date
- Thread