Professional Web Applications Themes

nfs question - Linux / Unix Administration

I set up a nfs to share a directory to other servers. How can I restrict others from accessing this directory? Users do have root access to these servers and I don't want them to access the shared directory. thanks....

  1. #1

    Default nfs question

    I set up a nfs to share a directory to other servers. How can I
    restrict others from accessing this directory? Users do have root
    access to these servers and I don't want them to access the shared
    directory.
    thanks.

    rogv24@yahoo.com Guest

  2. #2

    Default Re: nfs question

    com wrote: 

    NIS netgroups, ACLs.
     

    It is not possible to restrict access from anyone with root access.
    Nothing you can do will work because everything you can do will
    have a workaround by them. Turn your NFS access back off and
    no one will be able to access the data.

    Doug Guest

  3. #3

    Default Re: nfs question

    Not true. You can prevent a root user from accessing/modifying content
    a mounted NFS share from a remote server with the following:

    - on HPUX: use 'access' directive
    - on Linux: use 'root_squash or no_root_squash

    Remote root access operation on mounted NFS shares is disabled by
    default. You have to explicitly enable it via /etc/exports. Finally,
    NFS relies heavily on UIDs and GIDs. I can go around your security by
    creating an account on a remote system with an UID or GID that owns
    files/dirs on the mounted share. Short of exporting read-only, there
    is not much you can do.

    man exports is your friend.

    --==[ Guest

  4. #4

    Default Re: nfs question

    --==[ bman ]==-- wrote: 

    This is UseNet. Please learn to quote context.
     

    Here's my statement that was called not true:
     [/ref]

    It remains true. It access is given to user "dfreybur" on the client
    host, but that users doesn't exist on that host or never logs in,
    anyone with the root password can create "dfreybur" or give it a
    local password. Bingo, access.

    There's more access in the world than access *as* root. Anyone
    with the root password can use any granted access as that user.

    Doug Guest

Similar Threads

  1. Newbie Question: Biz Card Template Question
    By Thomas_Porter@adobeforums.com in forum Adobe Indesign Windows
    Replies: 4
    Last Post: May 30th, 08:08 AM
  2. Replies: 9
    Last Post: April 27th, 04:44 AM
  3. Pen Tool Use Question. (Embarrassingly Newbie Question)
    By Bozo Schmozo in forum Macromedia Flash
    Replies: 0
    Last Post: November 12th, 10:00 PM
  4. regexp question + html::pr question on the side
    By boris in forum PERL Miscellaneous
    Replies: 4
    Last Post: September 27th, 02:24 AM
  5. newB question: related tables question
    By Blue man in forum Microsoft SQL / MS SQL Server
    Replies: 1
    Last Post: June 30th, 04:13 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139