02-06-2018
Yes, If you share the share with root permissions.
I haven't actually tried to export the entire filesystem hierarchy via NFS...
Even with ro permission, the user will see all the files on the system, including password hashes from operating system files, host keys etc.
This should not be done as it compromises system security in so many ways ...
Auditors should not have or require access to those important security files.
If required, you should provide those files with hashes replaced/blanked.
Only if the requirement of audit is to compromise the trust of the server and its users.
Hope that helps
Regards
Peasant.
This User Gave Thanks to Peasant For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
how do you fsck the / filesystem? I know it does it automatically the next time I boot up following a switch on the wall shutdown but is there a flad somewhere that forces this on next boot up?
Thanks (2 Replies)
Discussion started by: DGK
2 Replies
2. UNIX for Advanced & Expert Users
Actually I want to display the entire output fired by ps command. My output gets trucated after 80 chars.
Thus, i am not able to see the entire command running when i give a ps -eaf ....
Does anyone know how do i display the entire output fired by ps command .. (i.e the command along with... (5 Replies)
Discussion started by: vinithepoo
5 Replies
3. Shell Programming and Scripting
Guys,
I am trying to read the whole file using while loop but when i run the ssh part of the script it reads only the first line and exit after that.
There are in total 134 lines in the file, but when the output is redirected, it does only for one line and comes to command prompt.
pls help..... (11 Replies)
Discussion started by: sdosanjh
11 Replies
4. Shell Programming and Scripting
I am using the time-honored construct "while read field1 field2 field3 ; do" to pull delimited fields from lines of data in a file, but there are a few places within the loop where I need to manipulate the entire, unsplit line of data. Does "while read" keep each entire record/line somewhere prior... (2 Replies)
Discussion started by: fitzwilliam
2 Replies
5. UNIX for Dummies Questions & Answers
Hello-
I am trying to view a file which is quite large. However, whenever I do 'cat (file name)' it shows me just the half.. I am using Putty to access my server.
Also, is it possible to edit a file from a unix system on a 'Gedit for Windows" text editor?
Thanks (7 Replies)
Discussion started by: DallasT
7 Replies
6. AIX
Dear all,
We are facing prolem when we are going to mount AIX filesystem, the system returned the following error
0506-307The AFopen call failed
: A file or directory in the path name does not exist.
But when we ls filesystems in the /etc/ directory it show
-rw-r--r-- 0 root ... (2 Replies)
Discussion started by: m_raheelahmed
2 Replies
7. Shell Programming and Scripting
Hi
I am new to writing script and want to use a Bash Piped while-read and read from user input.
if something happens on server.log then do while loop or if something happend on user input then do while loop.
Pseudocode something like:
tail -n 3 -f server.log | while read serverline || read... (8 Replies)
Discussion started by: MyMorris
8 Replies
8. UNIX for Dummies Questions & Answers
Hi everyone,
I've installed RedHat 5 enterprise into a VirtualBox, but some how i can't eve create a single file, cause appear u message like this:
Read-only filesystem.
i'm logged as root.
Any idea (6 Replies)
Discussion started by: Newer
6 Replies
9. Shell Programming and Scripting
Hello,
I heva a problem creating a script that read specifc value from all the files of an entire folder
I have a number of email files into a directory and i need to extrect from each file 2 specific values.
After that i have to put them into a new file that looks like that:
To: value1
... (1 Reply)
Discussion started by: ahmenty
1 Replies
10. Solaris
Hi,
i just started few days ago to face the problem when the whole system is getting freeze. By freeze i mean:
* server is reachable (via network)
* i cannot connect to server via SSH or Telnet(when try to use SSH or telnet it will find server, try to connect, but it freeze after... (4 Replies)
Discussion started by: frankosun
4 Replies
nfssec(5) File Formats Manual nfssec(5)
NAME
nfssec - overview of NFS security modes
DESCRIPTION
The mount_nfs(1M) and share_nfs(1M) commands each provide a way to specify the security mode to be used on an NFS filesystem through the
option. mode can be either or These security modes may also be added to the automount maps. Note that mount_nfs(1M) and automount(1M) do
not support at this time.
The option on the share_nfs(1M) command line establishes the security mode of NFS servers. If the NFS connection uses the NFS Version 3
protocol, the NFS clients must query the server for the appropriate mode to use. If the NFS connection uses the NFS Version 2 protocol,
then the NFS client uses the default security mode, which is currently NFS clients may force the use of a specific security mode by speci-
fying the option on the command line. However, if the filesystem on the server is not shared with that security mode, the client may be
denied access.
If the NFS client wants to authenticate the NFS server using a particular (stronger) security mode, the client wants to specify the secu-
rity mode to be used, even if the connection uses the NFS Version 3 protocol. This guarantees that an attacker masquerading as the server
does not compromise the client.
The NFS security modes are described below. Of these, the modes use the Kerberos V5 protocol for authenticating and protecting the shared
filesystems. Before these can be used, the system must be configured to be part of a Kerberos realm.
Use authentication. The user's UNIX user-id and group-ids are passed in the clear on the network, unauthenticated by the NFS server
. This is the simplest security method and requires no additional administration. It is the default used by HP-UX NFS Version 2
clients and HP-UX NFS servers.
Use a Diffie-Hellman public key system
which is referred to as in the forthcoming Internet RFC).
Use Kerberos V5 protocol to authenticate users before granting access
to the shared filesystem.
Use Kerberos V5 authentication with integrity checking (checksums) to
verify that the data has not been tampered with.
User Kerberos V5 authentication, integrity checksums, and privacy protection
(encryption) on the shared filesystem. This provides the most secure filesystem sharing, as all traffic is encrypted. It should
be noted that performance might suffer on some systems when using depending on the computational intensity of the encryption
algorithm and the amount of data being transferred.
Use null authentication
NFS clients using have no identity and are mapped to the anonymous user by NFS servers. A client using a security mode other
than the one with which an HP-UX NFS server shares the filesystem has its security mode mapped to In this case, if the filesystem
is shared with users from the client are mapped to the anonymous user.
WARNINGS
lists the NFS security services. Do not edit this file. It is not intended to be user-configurable.
FILES
NFS security service configuration file
SEE ALSO
automount(1M), mount_nfs(1M), share_nfs(1M), rpc_clnt_auth(3N), secure_rpc(3N), nfssec.conf(4).
nfssec(5)