Re: [newbie] Is NFS really that bad (reality check)

Sun, 10 Oct 1999 18:23:43 -0700 

Aaron deRozario wrote:
> Note: Please be aware that having an NFS service available on your system
> can be a security risk. Personally, I don't recommend using it.
> For your reference the URL for this page is
> http://www.ojichan.com/linux-admin/x1270.html

I'm not exactly sure what the security implications of running NFS
service might be.  Certainly, there are the problems of "spoofing" hosts
-- machines masquerading as someone they're not in an attempt to gain
unauthorized access.  However, these sorts of things can happen with any
other service available on your machine.

It might be interesting to contact the LAME authors (really, no pun
intended, these guys do the crap work of documenting this beast) and
find out what they meant by their paragraph.  I'd certainly be intersted
in knowing!

> The author of the Linux Administration Made Easy does not recommend using
> nfs services?  The author seems to suggest that this is due to potential
> security risks, however these risks are not elaborated upon.  Is there
> anyone on this list who has experience in using nfs services, who can shed
> light on these security risks?  Need I be overly concerned by the risks, or
> are these risks similar for all types of networking/file sharing systems?

I suspect they're the same sorts of risks that you face with any sort of
network service that offers resources on a machine.  

The other portion of your original query regarded the point that NFS was
considered slow.  That, at least, is true.  Work is being done in the
2.2.x and 2.3.x kernels to move NFS service into the kernel in an effort
to provide better speed and support.  The work is progressing slowly,
but kernel-based NFS (knfsd) ships with Mandrake 6.0 and 6.1.  I don't
have a network available here to test throughput (at home), but I'm sure
you could probably find some sort of benchmark available on the net.

Other network file systems to consider (please take these as pointers
only, I haven't had occasion to use any of them):  Coda, ARLA, (and one
more I've forgotten... anyone?)

Hope the information above helps heal the wounds of the "trollspotting"
that occurred earlier.  :)

-- 
Steve Philp
Network Administrator
Advance Packaging Corporation
[EMAIL PROTECTED]

Reply via email to