Certainly a vague question. I think of it from the perspective of how
hard is it for me to see someone else's nfs data. The answer is: very easy.
Take a common scenario where many users mount their home directory via
nfs, and you use root_squash. To gain access to a user's data all you
need is root on a machine that can mount any home directory. Then just
su - [username] and you'll have access. Some magic required, but that
is pretty insecure.
I've never tried nfs over ssh, but I know you can restrict the different
nfs components to use a specific port instead of portmap. Therefore, it
should be possible to do nfs over ssh.
-Vlady
Miner, Jonathan W (CSC) (US SSA) wrote:
Hi -
Asking if something is "secure" is a pretty vague question... Whether your system is secure or not depends on how you are using it, and what level of security you need. I can't speak for NFSv4 yet.
See the manual page for /etc/exports to learn how to restrict who can mount your filesystems, read-write or read-only, and whether the clients' root account has privs or not.
You could even use iptables (or another firewall) to restrict clients.
NFS does not encrypt traffic, but it might be possible to run NFS over an VPN or SSH-tunnel.
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx on behalf of Shekhar Dhotre
Sent: Thu 08/31/2006 08:58 AM
To: General Red Hat Linux discussion list
Cc:
Subject: RE: is NFS secure ?
So, NFS versions before NFSv4 were not secure right ?
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Anze Vidmar
Sent: Thursday, August 31, 2006 8:53 AM
To: General Red Hat Linux discussion list
Subject: Re: is NFS secure ?
On Thu, 2006-08-31 at 08:48 -0400, Shekhar Dhotre wrote:
OK , Is NFS secure ?
NFSv4 is.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
