On Tuesday, 25 בDecember 2007 17:13, Geoffrey S. Mendelson wrote: > > However be aware that except for Windows, NFS uses *NIX user numbers > for access control. If your user name to user number mapping is > not consistent across all your systems you can have security > problems.
Indeed, consistency is at the heart of things. I like to use Netapp storages since they do multi-protocol access to the same filesystem so well. > One of the biggest problems with NFS is that if someone knows a user > number (or you allow root access over NFS), is that they can boot a *NIX > "Live CD" and create an account with the correct user number and access > any files on an NFS share they want. Yes, NFS was not designed for personal workstations basically, it was designed for servers, assuming that you can't boot a server with LiveCD. This is indeed a very big problem, since NFS(v1/2/3) doesn't authenticate before allowing access. I haven't looked hard enough at NFSv4, I know it does have kerberos incorporated in it, I am not however familiar yet with the implementation. > > Geoff. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
