Mailinglist Archive: opensuse (3156 mails)
| < Previous | Next > |
Re: [opensuse] Re: NFS sync vs. async mounts
- From: James Knott <james.knott@xxxxxxxxxx>
- Date: Sun, 23 Dec 2007 14:48:38 -0500
- Message-id: <476EBB96.80104@xxxxxxxxxx>
primm wrote:
A is 1000 on one system. Another user 1000 on another system will have
access to A's files. The key is make sure user ID's are consistent
across all systems. Someone with root access could of course create a
new user with whatever ID they want or use an existing ID.
--
Use OpenOffice.org <http://www.openoffice.org>
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
What NFS allows is the user id number, not name. This means is if userIt is a security risk in that it's not encrypted.nfs is good, it mostly just works. But v3 has drawbacks in security, so4 years ago it cost me two days work and a 300 Euro installation cost
if you're not in total control of the network, it might not be so good
nfsv4 + kerberos can provide real authentication and encryption though,
so you still don't have to abandon nfs
from an engineer who also sold me the licences for my workstations. That
was w2000.
It was plagued by viruses and most of my hardware wan't recognised so I
had to fork out for new machines too. 5000 Euros later.
I'm now reading that Linux nfs which I installed by yast all by myself is
also a security risk.
Another problem is that the nfs server in versions 3 and below fully trusts
the client about user IDs. It won't put viruses on your machines, but it
does mean that if you don't control the root account on all machines,
anyone can read any file, or write to any share.
What? So, I login as me. There is no way nfs will let me write to the folders
of other users. Unless the other user has given me permission to do so. What
do you mean by 'control the root account on all machines'? No one else other
than me can login as root on any box on my network. Could you please tell me
if need to change my filesystem? What version of nfs do I have if I have
opensuse version 10.3? Yes. I know I can find out. But please don't tell me
where to stuff it.
Lynn x
A is 1000 on one system. Another user 1000 on another system will have
access to A's files. The key is make sure user ID's are consistent
across all systems. Someone with root access could of course create a
new user with whatever ID they want or use an existing ID.
--
Use OpenOffice.org <http://www.openoffice.org>
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |