[NBLUG/talk] Time to RTFM, but which FM? -- Mounting home directories via nfs

Eric Eisenhart eric at nblug.org
Wed Aug 27 16:10:03 PDT 2003


On Wed, Aug 27, 2003 at 12:02:57PM -0700, Doug Palmer wrote:
> OK, but if I want to avoid evil things, what is the normal way to do
> this? 

Basic issue: if you set no_root_squash you *really* have to trust your
network.  Are all the machines trustable?  Are any ports usable by untrusted
people?  (etc.)  If you've got a good firewalling, switching and VLAN
architecture, it might be okay...

Read "man exports" -- there's some options for squashing.  You can use
anonuid and anongid to squash to something with more trust; you can use
all_squash to make everybody into nobody, or you can combine the two to make
everybody into a specific user.

But overall, unless you have a really trustable network setup, I suggest not
trying to do things as root over NFS if you can help it...  And even if you
do have a really trustable network setup it's probably a bad idea. 
Squashing to a specific user (or group) or simply sshing to the server to
handle things may be the best answer.

What are you trying to accomplish over NFS, exactly?
-- 
Eric Eisenhart
NBLUG Co-Founder & President Pro Tempore
The North Bay Linux Users Group
http://nblug.org/
eric at nblug.org, IRC: Freiheit at freenode, AIM: falschfreiheit, ICQ: 48217244



More information about the talk mailing list