On Sunday 23 December 2007 14:59:12 James Knott wrote:
Anders Johansson wrote:
On Sunday 23 December 2007 14:09:44 primm wrote:
I'm now reading that Linux nfs which I installed by yast all by myself is also a security risk.
It is a security risk in that it's not encrypted.
Another problem is that the nfs server in versions 3 and below fully trusts the client about user IDs. It won't put viruses on your machines, but it does mean that if you don't control the root account on all machines, anyone can read any file, or write to any share.
I thought the purpose of root squash was to prevent that.
No, the purpose of root squash is to prevent anyone from pretending to be UID 0 But if your home share is UID 1000, and I have root on my machine, I create a user with UID 1000, mount, su to that user and I can access your home as if I were you As I said, nfs v <= 3 trusts the client. Actually, v4 does too, if you don't use kerberos Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org