primm wrote:
On Sunday 23 December 2007 15:17:46 Anders Johansson wrote:
On Sunday 23 December 2007 14:59:12 James Knott wrote:
Anders Johansson wrote:
On Sunday 23 December 2007 14:09:44 primm wrote:
I'm now reading that Linux nfs which I installed by yast all by myself
is also a security risk.
It is a security risk in that it's not encrypted.
Another problem is that the nfs server in versions 3 and below fully
trusts the client about user IDs. It won't put viruses on your
machines, but it does mean that if you don't control the root account
on all machines, anyone can read any file, or write to any share.
I thought the purpose of root squash was to prevent that.
No, the purpose of root squash is to prevent anyone from pretending to be
UID 0
But if your home share is UID 1000, and I have root on my machine, I create
a user with UID 1000, mount, su to that user and I can access your home as
if I were you
As I said, nfs v <= 3 trusts the client. Actually, v4 does too, if you
don't use kerberos
OK guys. Anoraks off and xmas ties on. This is the works xmas outing. Hands
up:
Which of the posters to this thread actually runs a network? That works.
I have been part of running several (so large that it's
actually a team effort!) with the number of machines
ranging from several dozen to a few thousand.
cu tomorrow afternoon!
L x
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
