Path: utzoo!utgpu!watserv1!watmath!att!pacbell.com!mips!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!ira.uka.de!rusmv1!news From: ps3@ph3hp840.physik.uni-stuttgart.de (ps-Gruppe) Newsgroups: comp.protocols.nfs Subject: Re: PCNFS Security Problems - Questions Message-ID: <1991May29.173651.17409@rusmv1.rus.uni-stuttgart.de> Date: 29 May 91 17:36:51 GMT References: <1991May28.180655.1@gsb-yen.stanford.edu> Sender: news@rusmv1.rus.uni-stuttgart.de (USENET News System) Organization: Physikalisches Inst., U Stuttgart, FRG Lines: 30 In article <1991May28.180655.1@gsb-yen.stanford.edu> 92disanto@gsb-yen.stanford.edu writes: > >I would like to know about security problems using NFS on a PC. I do not have much experience with NFS, because we are just starting with this things. If I am wrong, Please correct me. I think that using PCNFS is not a security problem, because the PCNFSD ( the daemon for PCNFS on your workstation) queries for your password, when mounting NFS. So you cannot do anything, you colud not do when logging in. In normal NFS (with workstations) there is no password. The server just takes your user-id to determine, what you are allowed to do. This means: When a file-system is exported to the whole world, you can take your workstation, create a user with an user-id, which exists on the server and then you can do the same things like the real user without knowing the password of this user. So you should filesystems only to computers you know or you should restrict the user for an export to the whole world. (For example only anonymous when exporting to the world and giving only small capabilities to the user anonymous). Regards Thomas Stuempfig ============================================================================== Thomas Stuempfig | stuempfig@physik.uni-stuttgart.de Pikosekunden-Labor | ps3@ph3hp840.physik.uni-stuttgart.de 3. Physikalisches Institut |================================================ Uni Stuttgart | ocac@ds0rus1i.bitnet ==============================================================================