Tim: >> If I am user 500, username Tim on one box, and export /home to another, >> I really also want to be user 500, on the second box. Then, I can >> access my files on both PCs. And, that mount is handled by root. Ambrogio: > well, is for that that NFS is considered unsure. "Unsecure" means not safe, "unsure" means not really known. It kinda changes the meaning of a few things... I don't know what would be "unsure" about NFS. ;-) > I can be on your lan with my PC in which user 500 is not TIM and mount > your home. > SURELY, Only if /etc/exports permits that. The default way that it works is it can't/doesn't prohibit it, and that's why NFS earned the other nickname of standing for No Fucking Security. It (foolishly) trusts the client machines to be secure in themselves, rather than handle security at the server. By default, and tradition (i.e. older NFS versions) there isn't a way for NFS to restrict to particular users. You'd need something else, as well (e.g. kerberos in addition to NFS). > I read something about NFS v4 that is capable to use some more sure > protocol (Kerberos I think). I've only read that v4 offers some extra security features, I haven't got around to looking into how and why. >> Server's /etc/export file: >> /home *.localdomain(rw,sync) >> >> This exports part of the file system to my LAN, the /home partition, and >> each user within that file system's home directories get exported as-is >> (Tim's files are Tim's elsewhere, johndoe's files are his elsewhere, and >> so on). >> >> Client's /etc/fstab file: >> server.localdomain:/home /mnt/server/home nfs auto,intr,noexec,nodev >> >> This mounts the export on a client machine. Root is doing the mount, >> but because the individual directories are owned by other people, and >> NFS understands ownership, ownership is maintained on both sides, so >> long as you set up the client machines with the same user IDs on both >> sides. > Thinking like Microsoft does (and a lot of customer does), IT Admin > think that exporting the entire home is more insecure that exporting > single directory. It's certainly true that exporting a whole tree, like home, or worse, the root, is insecure. > So the exports is like that > /home/user1 pc1.localdomain(rw,sync) > /home/user2 pc2.localdomain(rw,sync) That still wouldn't be "secure". All that another user would have to do to get at someone else's data, would be reconfigure their network address to pretend to be the other PC. For that simplistic way of separating users, you'd have to have different interfaces per user, so a hacker would have to repatch the server, not just change their address, to get in. -- (Currently running FC4, occasionally trying FC5.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
