is NFS secure ?

Shekhar Dhotre sdhotre at Cedardoc.com
Thu Aug 31 16:32:01 UTC 2006 


Surprised!!!
 When it comes to NFS, it's a vague question but, when comparing between
telnet and ssh it's not a vague question. Both the questions are related
to secure or not.

Why is that?


-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Vladimir Zlatkin
Sent: Thursday, August 31, 2006 12:26 PM
To: General Red Hat Linux discussion list
Subject: Re: is NFS secure ?

Certainly a vague question.  I think of it from the perspective of how 
hard is it for me to see someone else's nfs data.  The answer is: very
easy.

Take a common scenario where many users mount their home directory via 
nfs, and you use root_squash.  To gain access to a user's data all you 
need is root on a machine that can mount any home directory.  Then just 
su - [username] and you'll have access.  Some magic required, but that 
is pretty insecure.

I've never tried nfs over ssh, but I know you can restrict the different

nfs components to use a specific port instead of portmap. Therefore, it 
should be possible to do nfs over ssh.

-Vlady

Miner, Jonathan W (CSC) (US SSA) wrote:
> Hi -
> 
> Asking if something is "secure" is a pretty vague question... Whether
your system is secure or not depends on how you are using it, and what
level of security you need. I can't speak for NFSv4 yet.
> 
> See the manual page for /etc/exports to learn how to restrict who can
mount your filesystems, read-write or read-only, and whether the
clients' root account has privs or not.
> 
> You could even use iptables (or another firewall) to restrict clients.
> 
> NFS does not encrypt traffic, but it might be possible to run NFS over
an VPN or SSH-tunnel.
> 
> 
> -----Original Message-----
> From:	redhat-list-bounces at redhat.com on behalf of Shekhar Dhotre
> Sent:	Thu 08/31/2006 08:58 AM
> To:	General Red Hat Linux discussion list
> Cc:	
> Subject:	RE: is NFS  secure ?
> 
> So, NFS versions before NFSv4 were not secure right ?
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Anze Vidmar
> Sent: Thursday, August 31, 2006 8:53 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is NFS secure ?
> 
> On Thu, 2006-08-31 at 08:48 -0400, Shekhar Dhotre wrote:
> 
>> OK ,   Is NFS secure ? 
> NFSv4 is.
> 
> 

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list