[K12OSN] Linux client file shareing protocols
Dan Young
dan_young at parkrose.k12.or.us
Wed Aug 11 22:44:37 UTC 2004
On Wed, 2004-08-11 at 14:52, Jamie wrote:
> We're setting up some Fedora core 2 stand alone clients for teachers to
> use on their desktops. They all have home directories on one of our
> file servers. I really hate to share these via NFS with the security
> concerns of NFS (exporting the /data/staff/ directory to our entire
> subnet where we could get a malicious user switching UIDs to delete
> other peoples files etc).
>
> So i am wondering how you guys do it? Is this a legitimate security
> concern? Could i somehow auto-mount the users volumes via smb? I would
> like to not have the users home folder local, but rather located on the
> server.
>
> Any ideas?
NFSv4 features strong security when used in conjunction w/ Kerberos (or
LIPKEY or SPKM-3). But, alas, a Kerberos infrastructure is non-trivial
to implement. You could try tunneling NFSv4 over SSH:
http://www.vanemery.com/Linux/NFSv4/NFSv4-no-rpcsec.html#sshtun
--
Dan Young
Parkrose School District
More information about the K12OSN
mailing list