File Permissions - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

to mount the NFS share, since no username or password information is exchanged to provide
additional security for the NFS mount.
Wildcards should be used sparingly when exporting directories via NFS as it is possible for the scope
of the wildcard to encompass more systems than intended.
It is also possible to restrict access to the portmap service via TCP wrappers. Access to ports
used by portmap, rpc.mountd, and rpc.nfsd can also be limited by creating firewall rules with
iptables.
For more information on securing NFS and portmap, refer to
19.8.1.2. Using NFSv4
The release of NFSv4 brought a revolution to authentication and security to NFS exports. NFSv4
mandates the implementation of the RPCSEC_GSS kernel module, the Kerberos version 5 GSS-API
mechanism, SPKM-3, and LIPKEY. With NFSv4, the mandatory security mechanisms are oriented
towards authenticating individual users, and not client machines as used in NFSv2 and NFSv3.
Note
It is assumed that a Kerberos ticket-granting server (KDC) is installed and configured
correctly, prior to configuring an NFSv4 server. Kerberos is a network authentication
system which allows clients and servers to authenticate to each other through use of
symmetric encryption and a trusted third party, the KDC.
NFSv4 includes ACL support based on the Microsoft Windows NT model, not the POSIX model,
because of its features and because it is widely deployed. NFSv2 and NFSv3 do not have support for
native ACL attributes.
Another important security feature of NFSv4 is the removal of the use of the MOUNT protocol for
mounting file systems. This protocol presented possible security holes because of the way that it
handled file handles.
For more information on the RPCSEC_GSS framework, including how rpc.svcgssd and rpc.gssd
inter operate, refer to http://www.citi.umich.edu/projects/nfsv4/gssd/.

19.8.2. File Permissions

Once the NFS file system is mounted read/write by a remote host, the only protection each shared
file has is its permissions. If two users that share the same user ID value mount the same NFS file
system, they can modify each others files. Additionally, anyone logged in as root on the client system
can use the su - command to become a user who could access particular files via the NFS share.
By default, access control lists (ACLs) are supported by NFS under Red Hat Enterprise Linux. It is not
recommended that this feature be disabled.
The default behavior when exporting a file system via NFS is to use root squashing. This sets the
user ID of anyone accessing the NFS share as the root user on their local machine to a value of the
server's nfsnobody account. Never turn off root squashing.
If exporting an NFS share as read-only, consider using the all_squash option, which makes every
user accessing the exported file system take the user ID of the nfsnobody user.
Section 43.9, "IPTables".
File Permissions
261