[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: is NFS secure ?



Certainly a vague question. I think of it from the perspective of how hard is it for me to see someone else's nfs data. The answer is: very easy.

Take a common scenario where many users mount their home directory via nfs, and you use root_squash. To gain access to a user's data all you need is root on a machine that can mount any home directory. Then just su - [username] and you'll have access. Some magic required, but that is pretty insecure.

I've never tried nfs over ssh, but I know you can restrict the different nfs components to use a specific port instead of portmap. Therefore, it should be possible to do nfs over ssh.

-Vlady

Miner, Jonathan W (CSC) (US SSA) wrote:
Hi -

Asking if something is "secure" is a pretty vague question... Whether your system is secure or not depends on how you are using it, and what level of security you need. I can't speak for NFSv4 yet.

See the manual page for /etc/exports to learn how to restrict who can mount your filesystems, read-write or read-only, and whether the clients' root account has privs or not.

You could even use iptables (or another firewall) to restrict clients.

NFS does not encrypt traffic, but it might be possible to run NFS over an VPN or SSH-tunnel.


-----Original Message-----
From:	redhat-list-bounces redhat com on behalf of Shekhar Dhotre
Sent:	Thu 08/31/2006 08:58 AM
To:	General Red Hat Linux discussion list
Cc:	
Subject:	RE: is NFS  secure ?

So, NFS versions before NFSv4 were not secure right ?

-----Original Message-----
From: redhat-list-bounces redhat com
[mailto:redhat-list-bounces redhat com] On Behalf Of Anze Vidmar
Sent: Thursday, August 31, 2006 8:53 AM
To: General Red Hat Linux discussion list
Subject: Re: is NFS secure ?

On Thu, 2006-08-31 at 08:48 -0400, Shekhar Dhotre wrote:

OK , Is NFS secure ?
NFSv4 is.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]