John Haywood wrote: >On Saturday 30 March 2002 11:57, you wrote: > >>May be there is a AUTH system that could be used for NFS.. but a lot of >>text that I read just keep telling me how insecure that NFS is.. >> > >Isn't that what NFS stands for <old 'nix joke approaching> > >No f&&**�ng Security ...... > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > hmmmm....
Well, nfs can mount filesystems on other machines _only_if_ the other machine offers it and offers it specifically to the host you are trying to mount it from. It does not necessarily give write access, and it does not give root privileges unless it is set for it. It is machine specific rather than user specific, but then mounting the nfs direectory is normally a root function on the local machine performing the remote access, This can be controlled (in the sense of giving non-root users access) on the local machine by editing sudoers and/or setting up a wheel group and giving some users access to it. So the graininess of the security is controlled by the setup of the network nodes and not by nfs directly, and someone who throws all gates open in setting up nfs is asking for trouble. But I set up the following: 15 clerical positions had machines where a READ-ONLY nfs mount at boot gave them access to a backup of their work files on an internet gateway/fileserver. At a staggered time near the close of work every day, a cron job popped up, gave the user a message, after two minutes killed the nfs connection then initiated a new one (root only with write access to the directory containing the directory containing the backup files, then wrote the day's changes over to the fileserver, killed the mount and remounted the read-only. So the level of security is largely a function of how the local network is set up. Of course Samba can be used linux-to-linux and can be made quite secure for those who want all the security in the sharing system, rather than in the setup. Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
