Additional Resources - Red Hat ENTERPRISE LINUX 3 Reference Manual

122
9.5.1. Host Access
NFS controls who can mount an exported file system based on the host making the mount request, not
the user that actually uses the file system. Hosts must be given explicit rights to mount the exported
file system. Access control is not possible for users, other than through file and directory permissions.
In other words, once a file system is exported via NFS, any user on any remote host connected to the
NFS server can access the shared data. To limit the potential risks, administrators often allow read-
only access or squash user permissions to a common user and group ID. Unfortunately, these solutions
prevent the NFS share from being used in the way it was originally intended.
Additionally, if an attacker gains control of the DNS server used by the system exporting the NFS
file system, the system associated with a particular hostname or fully qualified domain name can be
pointed to an unauthorized machine. At this point, the unauthorized machine is the system permitted to
mount the NFS share, since no username or password information is exchanged to provide additional
security for the NFS mount.
Wildcards should be used sparingly when exporting directories via NFS as it is possible for the scope
of the wildcard to encompass more systems than intended.
It is also possible to restrict access to the
,
portmap rpc.mountd
For more information on securing NFS and
the Red Hat Enterprise Linux Security Guide. Additional information about firewalls can be found in
Chapter 17
iptables
9.5.2. File Permissions
Once the NFS file system is mounted read/write by a remote host, the only protection each shared file
has is its permissions. If two users that share the same user ID value mount the same NFS file system,
they can modify each others files. Additionally, anyone logged in as root on the client system can use
the command to become a user who could access particular files via the NFS share. For more on
su -
NFS and user ID conflicts, refer to the chapter titled Managing User Accounts and Resource Access
in the Red Hat Enterprise Linux Introduction to System Administration.
By default, access control lists (ACLs) are supported by NFS under Red Hat Enterprise Linux. It is
not recommended that this feature be disabled. For more about this feature, refer to the chapter titled
Network File System (NFS) in the Red Hat Enterprise Linux System Administration Guide.
The default behavior when exporting a file system via NFS is to use root squashing. This sets the user
ID of anyone accessing the NFS share as the root user on their local machine to a value of the server's
account. Never turn off root squashing.
nfsnobody
If exporting an NFS share read-only, consider using the
accessing the exported file system take the user ID of the

9.6. Additional Resources

Administering an NFS server can be a challenge. Many options, including quite a few not mentioned
in this chapter, are available for exporting or mounting NFS shares. Consult the following sources for
more information.
9.6.1. Installed Documentation
• /usr/share/doc/nfs-utils- version-number /
with the version number of the NFS package installed. This directory contains a wealth of
portmap
, and can also be limited by creating firewall rules with
rpc.nfsd
.
Chapter 9. Network File System (NFS)
service via TCP wrappers. Access to ports used by
, refer to the chapter titled Server Security in
portmap
all_squash
nfsnobody
— Replace
iptables
option, which makes every user
user.
version-number
.