Re: NFS and security

To: <debian-user@lists.debian.org>
Subject: Re: NFS and security
From: "nate" <debian-user@aphroland.org>
Date: Fri, 28 Jun 2002 09:23:01 -0700 (PDT)
Message-id: <[🔎] 3442.10.121.110.34.1025281381.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 200206281751.23351.rasa@gmx.ch>
References: <[🔎] 200206281751.23351.rasa@gmx.ch>

<quote who="Raffaele Sandrini">
> Hi
>
> I recently set up a very little debian system wich i use fo maintaince
> and  setup on my clients. Its loaded via the NFSROOT feature of the 2.4
> kernel. To  do that i needed to set up a exports entry like:
>
> /path/to/system	10.1.1.0/24(rw,no_root_squash)


while I have not played with NFSROOT yet.. If you want real
security I would look into how the BBLCD is setup. it is a
CD-based distribution. i mention it because it does a lot
of work in making the system available off a read only media.
it would take some work to adapt this system to NFS but i
believe it could work.

the url is here:
http://www.bablokb.de/bblcd/

with some effort I have made a CD that has:
SSH server
NFS server
NFS Client
BIND Name server
PCMCIA support
Firewalling/NAT support


it works by creating a .tar.gz file which extracts to the
/var filesystem which is on a RAMDISK. the rest is read-only.
really nifty. /etc is read only, / is read only ..

with this setup you could get by with almost everything
read only except home directories.

nate



-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- NFS and security
  - From: Raffaele Sandrini <rasa@gmx.ch>

Prev by Date: Re: NFS and security
Next by Date: moves dot files to different directory
Previous by thread: Re: NFS and security
Next by thread: thinkpad 600X
Index(es):
- Date
- Thread