Dean Anderson wrote:
If you can establish a tcp connection to an NFS(v3) (and are in the
acl list), there is NOTHING an NFS server can do to prevent you from
accessing every file on the share. If you control every node on the
network, you can attempt to secure the clients so users cant get root,
but what about the scenario of a userspace NFS client pretending to be
root?
NFSv3 uses UDP, and was designed to be a stateless protocol. But the
server can also be configured to ignore root, or be read-only. NFSv3 is
definitely 'cooperative' only.
Actually, you're both right. NFS version 3 can use either TCP or UDP for
transport[1].
Benji
[1] RFC1813 - NFS Version 3 Protocol Specification Section 2.3
(Transport address)
_______________________________________________
bblisa mailing list
[email protected]
http://www.bblisa.org/mailman/listinfo/bblisa
