Hi > Tilo Lutz [EMAIL PROTECTED] wrote: > > NFS is too insecure because it trusts remote id numbers and there > > is no way of authentication. Everone able to be root on a client > > can read all data on my server.
Michael Kurowski wrote: > Sorry, that's rubbish. Read the docs. Sure it is true. Example: I export /home on a server with no_root_squash and mount it as /home on the client. Being root someone has just type su $user cd ~ to get into the users homedir. I haven't found any way to prevent a client root from getting access to users data with su. The next problem is NFS trusts IPs. Anyone with a laptop can plug it into the network, connect to the share and change uid numbers on the client with su so every file can be accessed. I read a lot about nfs but I didn't find any secure solution. Thats one reason nfs is called "no file security". If you know how I can get nfs run in a secure way I would be glad when you're shareing your secret with me. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
