[Samba] Re: Problem running kde
Tilo Lutz
TiloLutz at gmx.de
Mon Nov 15 10:09:20 GMT 2004
Hi
> Tilo Lutz [TiloLutz at gmx.de] wrote:
> > NFS is too insecure because it trusts remote id numbers and there
> > is no way of authentication. Everone able to be root on a client
> > can read all data on my server.
Michael Kurowski wrote:
> Sorry, that's rubbish. Read the docs.
Sure it is true.
Example: I export /home on a server with no_root_squash
and mount it as /home on the client.
Being root someone has just type
su $user
cd ~
to get into the users homedir. I haven't found
any way to prevent a client root from getting
access to users data with su.
The next problem is NFS trusts IPs. Anyone with a laptop
can plug it into the network, connect to the share and
change uid numbers on the client with su so every file
can be accessed.
I read a lot about nfs but I didn't find any secure
solution. Thats one reason nfs is called "no file security".
If you know how I can get nfs run in a secure way I would
be glad when you're shareing your secret with me.
Cheers, Tilo
More information about the samba
mailing list