Re: Filesharing on small LAN

To: debian-user@lists.debian.org
Subject: Re: Filesharing on small LAN
From: Daniel Nilsson <daniel.n.nilsson@home.se>
Date: Mon, 28 Nov 2005 23:22:36 +0100
Message-id: <[🔎] 20051128222236.GB9730@oden.homeip.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 438B7517.9040408@utysket.dk>
References: <[🔎] 438B7517.9040408@utysket.dk>

On Mon, Nov 28, 2005 at 10:22:31PM +0100, Lars wrote:
> Hey
> 
> I'm running a small LAN and is a bit lost  in the question regarding a 
> simple filesharing on a small LAN...
> NFS: I don't get it. If anyone plugs into the lan and have a 
> root-account they are on the share.

No, actually the root user is normally mapped to the user nobody that
won't have any access on the remote share. If you read the manpage of
exports this concept is called "squashing", so the root account on the
remote machine is normally not the issue. The issue is rather that the
root user on the remote machine can become any other user (or actually
user id) that he wants and gain access to the files on the remote
share as that user. You control that by limiting who (what IPs) that
are allowed to mount your share. You therefore need to be able to
control who can gain access to what IP number on your network.

without knowing more about what kind of environment you are trying to
secure here it is hard to suggest a good solution. You mention "anyone
plugs in" which makes me believe that you are concerned about access
from people that have physical access to your equipment. If that is
the case, you will have serious trouble securing your network. But
then again, maybe your servers are kept in a secure location?

/Daniel

Reply to:

References:
- Filesharing on small LAN
  - From: Lars <debs@utysket.dk>

Prev by Date: Re: Filesharing on small LAN
Next by Date: Re: 2.6.14 kernel woes
Previous by thread: Re: Filesharing on small LAN
Next by thread: Re: Filesharing on small LAN
Index(es):
- Date
- Thread