0

With NFS, when a file system is mounted on a client machine, the username on the client is used to authenticate access (i.e., user A on the local client is assumed to be user A on the file system).

Problem: any local root on the client can su as anyone and access anyone's files on the file system.

If the file system is intended to be read-only for all, exporting the system for mounting with all_squash would solve the problem.

But what if I want the system to be read-write and I don't want to export the system to particular client machines only?

Are there some other ways or alternatives to solve this problem? Perhaps with a different file system or authentication method? Basically I want a user to be truly authenticated as the actual user of the file system before access is granted (i.e., not just based on the username on the client machine).

user1364550
  • 11
  • 1
  • You can make [NFS use Kerberos](http://wiki.debian.org/NFS/Kerberos) tickets for authentication. – Flexo Apr 29 '12 at 19:11
  • Well, kerberos still based on trusted hosts as root user can steal other user TGT and use it as it's own. NFS and kerberos protection based on trusted hosts. Nevertheless kerberos protects you from man-in-midle attack. – kofemann Apr 29 '12 at 19:31

2 Answers2

0

Why not configure your /etc/exports file to only allow specific user-names from each client? eg:

/home/user1 -mapall=user1 user1.host.machine

You can add Kerberos to stop IP spoofing.

Jonathan
  • 859
  • 7
  • 15
  • But that requires I have knowledge of all clients for each user (if I have 100 users and each user has 5 machines, then that's 500 clients I have to spell out in /etc/exports) – user1364550 May 01 '12 at 17:03
  • Hmm, /etc/exports is not intended for large scale management. Is it possible to get a script to generate /etc/exports for your system? – Jonathan May 01 '12 at 20:46
0

you could use sshfs instead of nfs - which should take care of the darn spoofing user problem.

Walt
  • 1