Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: User with read-only to entire filesystem
Operating Systems Solaris User with read-only to entire filesystem Post 303012587 by Peasant on Tuesday 6th of February 2018 11:34:20 AM
Old 02-06-2018
Yes, If you share the share with root permissions.
I haven't actually tried to export the entire filesystem hierarchy via NFS...

Even with ro permission, the user will see all the files on the system, including password hashes from operating system files, host keys etc.

This should not be done as it compromises system security in so many ways ...

Auditors should not have or require access to those important security files.
If required, you should provide those files with hashes replaced/blanked.

Only if the requirement of audit is to compromise the trust of the server and its users.

Hope that helps
Regards
Peasant.
This User Gave Thanks to Peasant For This Post:
rbatte1
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

/ filesystem is mounted read only

how do you fsck the / filesystem? I know it does it automatically the next time I boot up following a switch on the wall shutdown but is there a flad somewhere that forces this on next boot up? Thanks (2 Replies)
Discussion started by: DGK
2 Replies

2. UNIX for Advanced & Expert Users

Read the entire output fired by ps command

Actually I want to display the entire output fired by ps command. My output gets trucated after 80 chars. Thus, i am not able to see the entire command running when i give a ps -eaf .... Does anyone know how do i display the entire output fired by ps command .. (i.e the command along with... (5 Replies)
Discussion started by: vinithepoo
5 Replies

3. Shell Programming and Scripting

How to Read the entire file using while loop

Guys, I am trying to read the whole file using while loop but when i run the ssh part of the script it reads only the first line and exit after that. There are in total 134 lines in the file, but when the output is redirected, it does only for one line and comes to command prompt. pls help..... (11 Replies)
Discussion started by: sdosanjh
11 Replies

4. Shell Programming and Scripting

Accessing entire line during "while read"

I am using the time-honored construct "while read field1 field2 field3 ; do" to pull delimited fields from lines of data in a file, but there are a few places within the loop where I need to manipulate the entire, unsplit line of data. Does "while read" keep each entire record/line somewhere prior... (2 Replies)
Discussion started by: fitzwilliam
2 Replies

5. UNIX for Dummies Questions & Answers

How to read entire output from a file?

Hello- I am trying to view a file which is quite large. However, whenever I do 'cat (file name)' it shows me just the half.. I am using Putty to access my server. Also, is it possible to edit a file from a unix system on a 'Gedit for Windows" text editor? Thanks (7 Replies)
Discussion started by: DallasT
7 Replies

6. AIX

Mount Filesystem in AIX Unable to read /etc/filesystem

Dear all, We are facing prolem when we are going to mount AIX filesystem, the system returned the following error 0506-307The AFopen call failed : A file or directory in the path name does not exist. But when we ls filesystems in the /etc/ directory it show -rw-r--r-- 0 root ... (2 Replies)
Discussion started by: m_raheelahmed
2 Replies

7. Shell Programming and Scripting

Help with Bash piped while-read and a read user input at the same time

Hi I am new to writing script and want to use a Bash Piped while-read and read from user input. if something happens on server.log then do while loop or if something happend on user input then do while loop. Pseudocode something like: tail -n 3 -f server.log | while read serverline || read... (8 Replies)
Discussion started by: MyMorris
8 Replies

8. UNIX for Dummies Questions & Answers

Change the entire filesystem

Hi everyone, I've installed RedHat 5 enterprise into a VirtualBox, but some how i can't eve create a single file, cause appear u message like this: Read-only filesystem. i'm logged as root. Any idea (6 Replies)
Discussion started by: Newer
6 Replies

9. Shell Programming and Scripting

Bash script read specific value from files of an entire folder

Hello, I heva a problem creating a script that read specifc value from all the files of an entire folder I have a number of email files into a directory and i need to extrect from each file 2 specific values. After that i have to put them into a new file that looks like that: To: value1 ... (1 Reply)
Discussion started by: ahmenty
1 Replies

10. Solaris

Solaris 10 - Filesystem become read only suddenly

Hi, i just started few days ago to face the problem when the whole system is getting freeze. By freeze i mean: * server is reachable (via network) * i cannot connect to server via SSH or Telnet(when try to use SSH or telnet it will find server, try to connect, but it freeze after... (4 Replies)
Discussion started by: frankosun
4 Replies

LEARN ABOUT HPUX

nfssec

nfssec(5)							File Formats Manual							 nfssec(5)

NAME

       nfssec - overview of NFS security modes

DESCRIPTION

       The  mount_nfs(1M)  and	share_nfs(1M) commands each provide a way to specify the security mode to be used on an NFS filesystem through the
       option.	mode can be either or These security modes may also be added to the automount maps.  Note that mount_nfs(1M) and automount(1M)	do
       not support at this time.

       The  option  on	the share_nfs(1M) command line establishes the security mode of NFS servers.  If the NFS connection uses the NFS Version 3
       protocol, the NFS clients must query the server for the appropriate mode to use.  If the NFS connection uses the NFS  Version  2  protocol,
       then  the NFS client uses the default security mode, which is currently NFS clients may force the use of a specific security mode by speci-
       fying the option on the command line.  However, if the filesystem on the server is not shared with that security mode, the  client  may	be
       denied access.

       If  the	NFS client wants to authenticate the NFS server using a particular (stronger) security mode, the client wants to specify the secu-
       rity mode to be used, even if the connection uses the NFS Version 3 protocol.  This guarantees that an attacker masquerading as the  server
       does not compromise the client.

       The  NFS security modes are described below.  Of these, the modes use the Kerberos V5 protocol for authenticating and protecting the shared
       filesystems.  Before these can be used, the system must be configured to be part of a Kerberos realm.

       Use	 authentication.  The user's UNIX user-id and group-ids are passed in the clear on the network, unauthenticated by the NFS  server
		 .  This is the simplest security method and requires no additional administration.  It is the default used by HP-UX NFS Version 2
		 clients and HP-UX NFS servers.

       Use a Diffie-Hellman public key system
		 which is referred to as in the forthcoming Internet RFC).

       Use Kerberos V5 protocol to authenticate users before granting access
		 to the shared filesystem.

       Use Kerberos V5 authentication with integrity checking (checksums) to
		 verify that the data has not been tampered with.

       User Kerberos V5 authentication, integrity checksums, and privacy protection
		 (encryption) on the shared filesystem.  This provides the most secure filesystem sharing, as all traffic is encrypted.  It should
		 be  noted  that  performance  might  suffer on some systems when using depending on the computational intensity of the encryption
		 algorithm and the amount of data being transferred.

       Use null authentication
		 NFS clients using have no identity and are mapped to the anonymous user by NFS servers.  A client using  a  security  mode  other
		 than the one with which an HP-UX NFS server shares the filesystem has its security mode mapped to In this case, if the filesystem
		 is shared with users from the client are mapped to the anonymous user.

WARNINGS

       lists the NFS security services.  Do not edit this file.  It is not intended to be user-configurable.

FILES

       NFS security service configuration file

SEE ALSO

       automount(1M), mount_nfs(1M), share_nfs(1M), rpc_clnt_auth(3N), secure_rpc(3N), nfssec.conf(4).

																	 nfssec(5)
All times are GMT -4. The time now is 07:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy