On Fri, Jul 25, 2003 at 07:10:51PM -0700, Mr O wrote: > (ro, root_squash)?? > What's better for my network then? NFS seems to offer me better > performance over SMB. I don't know why though. > > Seriously curious, > > Mr O. Mr O.,
Seriously insecure! What are the purposes of storing data on a server? 1 Prevent unauthorized viewers 2 Prevent unauthorized changes 3 Central information store && backup && a few others For a read only, public share nfs can work great. It seems to perform better for me as well, with limited testing and having unix file permissions is wonderful! What about #1 and #2? How about having user home directories on an nfs server? You don't want one user viewing or changing data from another user, however you do want a user to be able to change his or her own data. How is the user authenticated to the server? By host and uid. Where does the uid come from? The local system. I say telnet is more secure than nfs. A telnet server that is never logged in to never provides the password to the network. However an nfs server provides its shares to an intruder whether they capture any legitimate traffic or not. By stepping through some configurations one could configure a laptop to assume various ip addresses and uids trying to mount nfs shares. By browsing through dns records and other network services one could easily get a network layout game plan that would make this easier to do. A network share /home/mro and a computer named mros_puter.domain.com probably go together for instance. Lookup the ip address of the system and you are half way there. Step through some common uids, say 1000-5000 and you have it. This is a lot easier than trying to brute force a telnet daemon. For your home network, behind a firewall, nfs is fine. For public read only shares nfs is fine. I have started to use nfs on my local lan at petersen-arne, however I am really disappointed in it's lack of security. Windows 95 password protected shares are more secure than nfs. Unfortunately intermezzo and coda are pretty immature. Coda says use me if you have less than 30 knowledgable users, but not if either condition is false. They offer things like encryption, authentication and a disconnect mode for laptops. I *really* want that last feature! Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
