is NFS secure ?
Vladimir Zlatkin
vzlatkin at redhat.com
Thu Aug 31 16:26:13 UTC 2006
Certainly a vague question. I think of it from the perspective of how
hard is it for me to see someone else's nfs data. The answer is: very easy.
Take a common scenario where many users mount their home directory via
nfs, and you use root_squash. To gain access to a user's data all you
need is root on a machine that can mount any home directory. Then just
su - [username] and you'll have access. Some magic required, but that
is pretty insecure.
I've never tried nfs over ssh, but I know you can restrict the different
nfs components to use a specific port instead of portmap. Therefore, it
should be possible to do nfs over ssh.
-Vlady
Miner, Jonathan W (CSC) (US SSA) wrote:
> Hi -
>
> Asking if something is "secure" is a pretty vague question... Whether your system is secure or not depends on how you are using it, and what level of security you need. I can't speak for NFSv4 yet.
>
> See the manual page for /etc/exports to learn how to restrict who can mount your filesystems, read-write or read-only, and whether the clients' root account has privs or not.
>
> You could even use iptables (or another firewall) to restrict clients.
>
> NFS does not encrypt traffic, but it might be possible to run NFS over an VPN or SSH-tunnel.
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com on behalf of Shekhar Dhotre
> Sent: Thu 08/31/2006 08:58 AM
> To: General Red Hat Linux discussion list
> Cc:
> Subject: RE: is NFS secure ?
>
> So, NFS versions before NFSv4 were not secure right ?
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Anze Vidmar
> Sent: Thursday, August 31, 2006 8:53 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is NFS secure ?
>
> On Thu, 2006-08-31 at 08:48 -0400, Shekhar Dhotre wrote:
>
>> OK , Is NFS secure ?
> NFSv4 is.
>
>
More information about the redhat-list
mailing list