[NBLUG/talk] Time to RTFM, but which FM? -- Mounting home directories via nfs
Eric Eisenhart
eric at nblug.org
Wed Aug 27 16:10:03 PDT 2003
On Wed, Aug 27, 2003 at 12:02:57PM -0700, Doug Palmer wrote:
> OK, but if I want to avoid evil things, what is the normal way to do
> this?
Basic issue: if you set no_root_squash you *really* have to trust your
network. Are all the machines trustable? Are any ports usable by untrusted
people? (etc.) If you've got a good firewalling, switching and VLAN
architecture, it might be okay...
Read "man exports" -- there's some options for squashing. You can use
anonuid and anongid to squash to something with more trust; you can use
all_squash to make everybody into nobody, or you can combine the two to make
everybody into a specific user.
But overall, unless you have a really trustable network setup, I suggest not
trying to do things as root over NFS if you can help it... And even if you
do have a really trustable network setup it's probably a bad idea.
Squashing to a specific user (or group) or simply sshing to the server to
handle things may be the best answer.
What are you trying to accomplish over NFS, exactly?
--
Eric Eisenhart
NBLUG Co-Founder & President Pro Tempore
The North Bay Linux Users Group
http://nblug.org/
eric at nblug.org, IRC: Freiheit at freenode, AIM: falschfreiheit, ICQ: 48217244
More information about the talk
mailing list