10-13-2000
You must insure that the versions of network daemons such as the services you decribe in your post are running the lastest patches which have addressed the vulnerabilites you are concerned about. Most software with known vulnerabilites has patches to close the security holes. NFS has had many vulnerablities, historically, over the years; but they are patched and newer versions fixed. You should check to see what versions you are running and make sure you have the latest versions.
9 More Discussions You Might Find Interesting
1. AIX
We have windows clients that access drawing files shared from our AIX server using NFS. The Windows clients are intermittently unable to open files or access the system. For some reason restarting the rpc.lockd temporarily resolves the problem. However, that is the only clue I have to what the... (1 Reply)
Discussion started by: theologic
1 Replies
2. Solaris
How to implement NFS Security in server where filesystem is configured as NFS & AutoFS?
Any special patch need to be applied?
What are the procedures? (1 Reply)
Discussion started by: KhawHL
1 Replies
3. Red Hat
I can't seem to make sense of this.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga)
$
$ mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies
4. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
If you look at the permissions associated with a symbolic link, it has universal access. Does this lead to... (0 Replies)
Discussion started by: linux17
0 Replies
5. UNIX for Advanced & Expert Users
Hello,
We have some new application requirements that require us to use nfs mounts from aix 5.3 and mount to Oracle Linux 5.6.
Do you know why when on the destination ( linux ) box, the root user cannot access directories made by other users in the nfs mounted filesystem ?
I read that there... (0 Replies)
Discussion started by: fwellers
0 Replies
6. BSD
Hi!
I have a major issue with FreeBSD 7.1 i386.
We did a change in our Unix env where we exchanged home storage from a NetAPP running udp to a NetAPP running tcp.
Now I cant mount homedirs since NFS/AMD seem to fallback to udp :(
Trying to force it with amd options nfs_proto=tcp and so on.
... (0 Replies)
Discussion started by: Esaia
0 Replies
7. HP-UX
Hi, I support a small lab of older HP UX 9 and 10 boxes. We have some older NT 4.0 machines at each UX box, with a old ZFS Server programs hosting two mounted directories. (Each UX and NT machine is on its own private network via crossover cable). Due to hardware failure/support EOL on NT, I have... (3 Replies)
Discussion started by: the spyder
3 Replies
8. UNIX for Advanced & Expert Users
Does the use of cron (HP-UX 11) present a security risk IF it is only given to accounts which have shell access anyway.
If it does present a risk, what is the risk?
Can a script (or command) run via cron; run anything, write anywhere or read anywhere that the same user can not do outside of... (2 Replies)
Discussion started by: eileenkeeney
2 Replies
9. Red Hat
Hi Experts,
I have been using Linux (Redhat server 5.6) as a NFS server and it is mounted to 4 linux (SUSE) servers for storing the db logs. I added an entry in fstab in all my 4 clients to make sure the mount is available all the time. but unfortunately the mount is not showing in servers after... (6 Replies)
Discussion started by: sarav
6 Replies
rpc.nfsd(8) System Manager's Manual rpc.nfsd(8)
NAME
rpc.nfsd - NFS server process
SYNOPSIS
/usr/sbin/rpc.nfsd [options] nproc
DESCRIPTION
The rpc.nfsd program implements the user level part of the NFS service. The main functionality is handled by the nfsd kernel module. The
user space program merely specifies what sort of sockets the kernel service should listen on, what NFS versions it should support, and how
many kernel threads it should use.
The rpc.mountd server provides an ancillary service needed to satisfy mount requests by NFS clients.
OPTIONS
-d or --debug
enable logging of debugging messages
-H or --host hostname
specify a particular hostname (or address) that NFS requests will be accepted on. By default, rpc.nfsd will accept NFS requests on
all known network addresses. Note that lockd (which performs file locking services for NFS) may still accept request on all known
network addresses. This may change in future releases of the Linux Kernel.
-p or --port port
specify a diferent port to listen on for NFS requests. By default, rpc.nfsd will listen on port 2049.
-N or --no-nfs-version vers
This option can be used to request that rpc.nfsd does not offer certain versions of NFS. The current version of rpc.nfsd can support
both NFS version 2,3 and the newer version 4.
-s or --syslog
By default, rpc.nfsd logs error messages (and debug messages, if enabled) to stderr. This option makes rpc.nfsd log these messages
to syslog instead. Note that errors encountered during option processing will still be logged to stderr regardless of this option.
-T or --no-tcp
Disable rpc.nfsd from accepting TCP connections from clients.
-U or --no-udp
Disable rpc.nfsd from accepting UDP connections from clients.
nproc specify the number of NFS server threads. By default, just one thread is started. However, for optimum performance several threads
should be used. The actual figure depends on the number of and the work load created by the NFS clients, but a useful starting point
is 8 threads. Effects of modifying that number can be checked using the nfsstat(8) program.
Note that if the NFS server is already running, then the options for specifying host, port, and protocol will be ignored. The number of
processes given will be the only option considered, and the number of active nfsd processes will be increased or decreased to match this
number. In particular rpc.nfsd 0 will stop all threads and thus close any open connections.
NOTES
If the program is built with TI-RPC support, it will enable any protocol and address family combinations that are marked visible in the
netconfig database.
SEE ALSO
rpc.mountd(8), exports(5), exportfs(8), rpc.rquotad(8), nfsstat(8), netconfig(5).
AUTHOR
Olaf Kirch, Bill Hawes, H. J. Lu, G. Allan Morris III, and a host of others.
7 Aug 2006 rpc.nfsd(8)