primm wrote:
nfs is good, it mostly just works. But v3 has drawbacks in security, so if you're not in total control of the network, it might not be so good
nfsv4 + kerberos can provide real authentication and encryption though, so you still don't have to abandon nfs 4 years ago it cost me two days work and a 300 Euro installation cost from an engineer who also sold me the licences for my workstations. That was w2000.
It was plagued by viruses and most of my hardware wan't recognised so I had to fork out for new machines too. 5000 Euros later.
I'm now reading that Linux nfs which I installed by yast all by myself is also a security risk. It is a security risk in that it's not encrypted.
Another problem is that the nfs server in versions 3 and below fully trusts the client about user IDs. It won't put viruses on your machines, but it does mean that if you don't control the root account on all machines, anyone can read any file, or write to any share.
What? So, I login as me. There is no way nfs will let me write to the folders of other users.
Unless you have root access, and create a second username with the same UID as a legitimate user.
Unless the other user has given me permission to do so.
Or you have root access and give yourself permssion to do so. This one reason (among many) why root passwords should NEVER be given to non-admins -- even those who are competant enough to not screw things up...are also competant enough to become security threats in other ways.
What do you mean by 'control the root account on all machines'? No one else other than me can login as root on any box on my network.
In many large companies, MANY people have the root password, and they are changed frequently in case any admin momentarily falls prey to the (sometimes very great) temptation to just give a knowledgeable and competant user the root password so he can "fix the problem himself."
Could you please tell me if need to change my filesystem? What version of nfs do I have if I have opensuse version 10.3? Yes. I know I can find out. But please don't tell me where to stuff it.
You're perfectly secure. As long as you keep the root password to yourself, or an employee whose ONLY job is to be an admin, then the security weakness of NFS doesn't apply to you. (As soon as you give an admin additional responsibilities, there is a very great temptation for the admin to configure the system to his benefit at the expense of the other employees, and therefore to you, the owner).
Lynn x
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org