Re: (OT) The NFS security system

To: debian-user@lists.debian.org
Subject: Re: (OT) The NFS security system
From: bob@proulx.com (Bob Proulx)
Date: Fri, 13 Sep 2002 11:04:15 -0600
Message-id: <[🔎] 20020913170415.GC1440@misery.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200209131835.09893.rasa@gmx.ch>
References: <[🔎] 200209131802.17432.rasa@gmx.ch> <[🔎] alt3e9$9ig$2@ncc1701.cistron.net> <[🔎] 200209131835.09893.rasa@gmx.ch>

Raffaele Sandrini <rasa@gmx.ch> [2002-09-13 18:35:09 +0200]:
> On Friday 13 September 2002 18:23, Miquel van Smoorenburg wrote:
> > So basically there is no NFS security system ..
> 
> Hmm i assumed that... but thats very bad... I mean, that makes NFS
> unusable in a LAN wich needs to be protected also against its own
> users.

Yes.  Now you have the concept.  Which is why *nobody* likes the NFS
(no)security model.  It is only okay on a local lan where you trust
everybody.  And or everyone on the local lan alreayd has root access
and so it just does not matter.

> Every user can just connect his Laptop to the network and
> "surf" as root in the NFS shares... so you need the squash root
> everywhere and that makes it unusuable for system things like
> nfsroot :-((

Actually you should not be worried about root so much.  The
root-squash will keep any root owned file safe.  Which is why all
system files on a unix machine are owned by root such as / and /bin,
etc.  In the old, old days those were owned by 'bin' instead of 'root'
but that had to change once NFS appeared on the scene.  Today root is
the only safe user because of the root-squash.

What you should be worried about is a user becoming 'you' and
accessing your files or becoming 'named' and taking over your DNS
server or becoming 'postdrop' and rewriting mail in the mail queues.
All kinds of NFS attacks are available against any file on an NFS
server which are not owned by root.  Therefore any server that needs
any type of security should not run the NFS server.  One model of
operation is that NFS servers are never the same machines as NFS
clients and that works as well as can be expected.  (Unfortunately,
even though I believe that strongly I still can't make that happen on
all of the machines I attend to.)

BTW there is really no such thing as "NFS shares".  Shares are a
windows thing.  NFS uses exported filesystems.  (I am sorry.  That
"NFS shares" thing just grates on my nerves.)

> Is there another common way for shring files on Linux? A system wich
> respects the UNIX user system? Please don't say SAMBA cause it does
> not do that...

Almost certainly everyone will point you to [1] AFS or the more recent
CODA.  AFS uses kerberos to authenticate users.  It uses ACLs (Access
Control Lists) which seem more normal to non-computer users but old
timer unix users tend to be confused by them.  AFS is an industrial
grade solution but can be very heavy.  So in a nutshell if you have to
ask then it is probably too heavy for you.

  [1] http://www.openafs.org/

Bob

Attachment: pgpGI49MZBHf1.pgp
Description: PGP signature

Reply to:

References:
- (OT) The NFS security system
  - From: Raffaele Sandrini <rasa@gmx.ch>
- Re: (OT) The NFS security system
  - From: "Miquel van Smoorenburg" <miquels@cistron.nl>
- Re: (OT) The NFS security system
  - From: Raffaele Sandrini <rasa@gmx.ch>

Prev by Date: Re: (OT) The NFS security system
Next by Date: Re: (OT) The NFS security system
Previous by thread: Re: (OT) The NFS security system
Next by thread: Re: (OT) The NFS security system
Index(es):
- Date
- Thread