[K12OSN] Linux client file shareing protocols

Jeff Kinz jkinz at kinz.org
Thu Aug 12 00:16:33 UTC 2004 

On Wed, Aug 11, 2004 at 03:39:00PM -0700, Jamie McParland wrote:
> 
> On Aug 11, 2004, at 3:24 PM, Jeff Kinz wrote:
> 
> > On Wed, Aug 11, 2004 at 02:52:42PM -0700, Jamie wrote:
> >> We're setting up some Fedora core 2 stand alone clients for teachers 
> >> to
> >> use on their desktops. They all have home directories on one of our
> >> file servers. I really hate to share these via NFS with the security
> >> concerns of NFS (exporting the /data/staff/ directory to our entire
> >> subnet where we could get a malicious user switching UIDs to delete
> >> other peoples files etc).
> >
> > I'm not sure I get the problem.
> > The teachers directories should be mounted only to the machines they
> > login on, no matter what/where it is.
> >
> 
> I have 500 staff members, and we use DHCP so this is not an option. 
> This would mean setting all their computers up with static addresses 
> and then making an export of each home folder in /etc/exports correct?
> 
> > If your accounts are properly secured, no one should be switching user
> > IDs at anytime except root.
> 
> I'm under the impression that if you export a directory say /data/staff 
> to an entire subnet using the root squash option only the non root 
> users will have access to their files based on their UID and GID 
> numbers.
> 
> Say a kid comes to school with a nix laptop. Mounts the export. Creates 
> a user on his machine with the same UID as his teachers. Bam he has 
> read write access to her files on the export. I could be wrong but this 
> is my understanding and my concern.

Perhaps "secure NFS" may be a solution.  The clients have to generate
and use PGP-like keys in conjunction with the NFS server.  Only clients
with the keys could mount secure NFS exports.

This is all book learnin' - Never used it myself.
see pages 178-187 in OReilly "Managing NFS and NIS"


-- 
Linux/Open Source.  Now all your base belongs to you, for free.
============================================================
Idealism:  "Realism applied over a longer time period"

Jeff Kinz, Emergent Research, Hudson, MA.

More information about the K12OSN mailing list