On Tue, 2006-06-20 at 16:51 +0200, Ralf Corsepius wrote: > > > IMO, NFS/NIS are perfectly suitable for use inside of a LAN. Of cause > > > these services impose a certain level on insecurity, but at a certain > > > point paranoia has to stop and trust has to start. > > > > NFS allows anyone who can become root on any machine allowed to > > access it (perhaps by booting a Knoppix CD...) to mount and access > > anything. Even if you don't permit root access, anyone who is > > root locally can pretend to be anyone else. > And where is the problem? Anyone with physical access to a box, can > become root anywhere. That *is* the problem. Your server may be in a secure room, but anything shared via NFS is open to anyone with physical access to any box on the network - or within wireless range if you have a wireless LAN. -- Les Mikesell lesmikesell@xxxxxxxxx
