Samba and NFS need some explanations.
yinyang at eburg.com
Tue Apr 11 18:53:59 UTC 2006
Zane C.B. wrote:
> On Tue, 11 Apr 2006 13:08:10 -0500
> Les Mikesell <lesmikesell at gmail.com> wrote:
>> Note in particular that anyone who has root access on a client
>> (or can boot a knoppix CD) can pretend to be anyone else in
>> regard to the NFS server file permissions.
> Yup, which is why you only want to use it in secure environments. It is
> great for sharing stuff between servers. You can tell the NFS server to
> remap root, but this largely useless though.
Usually, they're called "trusted" environments, which is different from
a "secure" environment. In a traditional NFS environment, you must
trust each workstation to which you export a filesystem, and to some
extent, you probably need to trust the users, too.
NFSv4 has made advances in that area, utilizing RPCSEC_GSS to provide
security in hostile environments (See chapter 11):
Less technical discussion here:
Some interesting Linux-specific configuration documentation here:
More information about the users