is NFS secure ?
Shekhar Dhotre
sdhotre at Cedardoc.com
Thu Aug 31 16:32:01 UTC 2006
Surprised!!!
When it comes to NFS, it's a vague question but, when comparing between
telnet and ssh it's not a vague question. Both the questions are related
to secure or not.
Why is that?
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Vladimir Zlatkin
Sent: Thursday, August 31, 2006 12:26 PM
To: General Red Hat Linux discussion list
Subject: Re: is NFS secure ?
Certainly a vague question. I think of it from the perspective of how
hard is it for me to see someone else's nfs data. The answer is: very
easy.
Take a common scenario where many users mount their home directory via
nfs, and you use root_squash. To gain access to a user's data all you
need is root on a machine that can mount any home directory. Then just
su - [username] and you'll have access. Some magic required, but that
is pretty insecure.
I've never tried nfs over ssh, but I know you can restrict the different
nfs components to use a specific port instead of portmap. Therefore, it
should be possible to do nfs over ssh.
-Vlady
Miner, Jonathan W (CSC) (US SSA) wrote:
> Hi -
>
> Asking if something is "secure" is a pretty vague question... Whether
your system is secure or not depends on how you are using it, and what
level of security you need. I can't speak for NFSv4 yet.
>
> See the manual page for /etc/exports to learn how to restrict who can
mount your filesystems, read-write or read-only, and whether the
clients' root account has privs or not.
>
> You could even use iptables (or another firewall) to restrict clients.
>
> NFS does not encrypt traffic, but it might be possible to run NFS over
an VPN or SSH-tunnel.
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com on behalf of Shekhar Dhotre
> Sent: Thu 08/31/2006 08:58 AM
> To: General Red Hat Linux discussion list
> Cc:
> Subject: RE: is NFS secure ?
>
> So, NFS versions before NFSv4 were not secure right ?
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Anze Vidmar
> Sent: Thursday, August 31, 2006 8:53 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is NFS secure ?
>
> On Thu, 2006-08-31 at 08:48 -0400, Shekhar Dhotre wrote:
>
>> OK , Is NFS secure ?
> NFSv4 is.
>
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list