Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Linux w/ local admin mounting nfs drives securely?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Linux w/ local admin mounting nfs drives securely?
# 1  
Old 08-16-2008
Linux w/ local admin mounting nfs drives securely?
Got a situation where some people in the network using Linux would like local admin rights. People have admin rights in Windows and the Linux users want more flexibility.

They need to be able to mount some nfs drives.

If they have local admin rights, even with root squash set for the nfs server, there is a danger that someone could change their UserID to something else and mount into someone else's home directory. If that someone else happens to have root access, ...

Is there any way to securely give someone local admin rights on their box and let them mount some NFS drives without this risk?
# 2  
Old 08-16-2008
hi frostybeard,

you can give sudo su access to user and in /etc/sudouser file you can define what all command he can access in that give him the access to mount command...

hope it will work...
# 3  
Old 08-16-2008
I believe NFS basically equates a remote root to "nobody". There are some minor loopholes but the main issue that you have I believe is solved by that.
# 4  
Old 08-17-2008
Era, if no_root_squash is not set (meaning root squash = on), then it does this by default. Still the user with local su rights can change his userid he uses to mount the nfs drive. Some people with home directories there have su rights. If someone manages to login as someone who has su, then bad, bad things could happen. See Security and NFS for a more detailed explanation.

I was thinking it could work by giving those who want local admin in Linux no nfs access, but rather samba access, the same as Windows users. (slower, but secure)

Vidyahar85: thanks for trying to be helpful. Unfortunately it is in a network where we can't cross our fingers and hope it works.

NFSv4 has Kerberos authentication, but I am not sure how that could be used to ascertain that the id of the user doing the mounting is that actual person. Anyone been using this?
# 5  
Old 08-19-2008
you know, the fstab file has one option that alows normal users to mount and unmount "things"
and "things" can include nfs mounts.
this option is defined per mount point.
man fstab and read about "user" and "users" (the s changes who can unmount it later)
# 6  
Old 08-19-2008
Quote:
Originally Posted by broli
you know, the fstab file has one option that alows normal users to mount and unmount "things"
and "things" can include nfs mounts.
this option is defined per mount point.
man fstab and read about "user" and "users" (the s changes who can unmount it later)
When "users" has local admin rights, they can change their machine's "fstab" to "whatever" they want. They can also "do" things like "spoof" the nfs server "into" thinking they are someone else, "by" changing their "userid" or ip address. Problem still not solved.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Mounting NFS

Hi, I am having some issues mounting NFS files. for some reason the mount -F nfs is not being recognized.. bash-3.2# mount -F nfs -o rw 192.168.245.129:/mnt/nfs1/ /mnt UX:vxfs mount: ERROR: V-3-20135: FSType nfs not recognized UX:vxfs mount: INFO: V-3-20147: Usage: mount {special |... (5 Replies)
Discussion started by: br1an
5 Replies

2. Red Hat

NFS mounting issue

The server ip is 10.2.2.24. I have installed nfs-utils package the i have edited /etc/exports i have added the following line /home 10.2.2.0/24(rw,sync,no_root_squash,no_all_squash) i have saved, i have started the nfs service, then i am trying to mount nfs sharing from client machine using... (5 Replies)
Discussion started by: ainstin
5 Replies

3. Red Hat

NFS mounting from client pc

The server ip is 10.2.2.24. I have installed nfs-utils package the i have edited /etc/exports i have added the following line /home 10.2.2.0/24(rw,sync,no_root_squash,no_all_squash) i have saved, i have started the nfs service, then i am trying to mount nfs sharing from client machine using... (1 Reply)
Discussion started by: ainstin
1 Replies

4. What is on Your Mind?

Regarding Admin life either as DBA or UNIX Linux admin

I am planning to choose my career as Unix/Linux Admin or a DBA. But I have come to know from forums and few admins like the job will be 24/7. I have few questions on that. Can we get "DAY" shifts in any one of the admin Job ? Can't we have shift timings in any company ? Eventhough the... (7 Replies)
Discussion started by: Jacktts
7 Replies

5. UNIX for Dummies Questions & Answers

Want to improve the rsize and wsize of nfs mounted drives

Hi we have couple of nfs mounts between various linux servers. Recently i was wondering how to improve the performance by altering the parameters "msize" and "rsize" for nfs. In my machine i have determined the NFSSVC_MAXBLKSIZE_V2 = 8*1024 but kernel 2.6 supports upto 32k Optimizing NFS... (0 Replies)
Discussion started by: rakeshkumar
0 Replies

6. Emergency UNIX and Linux Support

Using ln -s with NFS across two drives?

Hi I have a server with a large RAID partition on it. The raid partition is split into a few directories which are then shared individually via NFS. Unfortunately the whole array is filling up and I need to do a little bit of juggling till I can upgrade the whole array to new disks. I... (5 Replies)
Discussion started by: Bashingaway
5 Replies

7. Solaris

solaris ethernet card and mounting usb drives

I had installed soalris 10 on my dell vostro 1400.It had installed succefully. If i type ifconfig -a it is showing only my loop back adpater. So how to tell me how to mount my usb drive and how to configure my lan ethernet card,My lan ethernet card is Broadcom. Tell me step... (1 Reply)
Discussion started by: testerindia25
1 Replies

8. UNIX for Dummies Questions & Answers

How files can be transferred from one system to another securely using Linux?

i need to know how files can be transfered from one system to another securely in linux. (9 Replies)
Discussion started by: bibing
9 Replies

9. UNIX for Dummies Questions & Answers

local drives vs. shark

Is there a way to tell whether a file system is mounted on a local drive withing the server, or whether it's mounted on an external drive system (shark)? I think the drive system we have is an EMC, but not entirely sure. OP Sys -> AIX 4.3 (1 Reply)
Discussion started by: lawadm1
1 Replies

10. Filesystems, Disks and Memory

Mounting USB Drives in Solaris 9 x86

I'm trying to moun my external USB Mass Storage Drive (80GB) in my Solaris 9 box, I am new to Solaris, and kind of new to linux / unix variants. The external HD contains windows files, but I will be using it as a central storage area for my windows/ linux clients. Thanks -- N:confused:C (1 Reply)
Discussion started by: N0C717
1 Replies
Login or Register to Ask a Question