[Samba] Re: Problem running kde

Tilo Lutz TiloLutz at gmx.de
Mon Nov 15 10:09:20 GMT 2004


> Tilo Lutz [TiloLutz at gmx.de] wrote:
> > NFS is too insecure because it trusts remote id numbers and there
> > is no way of authentication. Everone able to be root on a client
> > can read all data on my server.

Michael Kurowski wrote:
> Sorry, that's rubbish. Read the docs.

Sure it is true.
Example: I export /home on a server with no_root_squash
and mount it as /home on the client.

Being root someone has just type
su $user
cd ~

to get into the users homedir. I haven't found
any way to prevent a client root from getting
access to users data with su.

The next problem is NFS trusts IPs. Anyone with a laptop
can plug it into the network, connect to the share and
change uid numbers on the client with su so every file
can be accessed.

I read a lot about nfs but I didn't find any secure
solution. Thats one reason nfs is called "no file security".

If you know how I can get nfs run in a secure way I would
be glad when you're shareing your secret with me.

Cheers, Tilo

More information about the samba mailing list