Clicky

Hi all,
I have a file server base on samba.
This server is member of DC windows 2003 zone.
All Window client is access to this server by Windows Authenticate and there are no problem.
But some linux server want to use this resource on this server and i'm using NFS.
Now this is problem, root user in Linux server can change SID and GID in their local linux server and access to illegal data on Samba file server
How i can fix this security issue?
Thank you so  much

asked 06/08/2011 04:08

arrive_it's gravatar image

arrive_it ♦♦


2 Answers:
This is the biggest security flaw with NFS. There is no fix for it. Unless you want to re-write NFS. What you can do is turn on root_squash. This can be used to prevent root from having access to the NFS shares or "squash" them down to another SID/GID. Other users will still be able to connect but root will only have access as the SID/GID that you define. Some useful information here: http://tldp.org/HOWTO/NFS-HOWTO/security.html
link
Chrisedebo's gravatar image

Chrisedebo

I have been reliably informed that NFS 4 can use kerberos for authentication. Further info here http://www.itp.uzh.ch/~dpotter/howto/kerberos
link
Chrisedebo's gravatar image

Chrisedebo

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

Asked: 06/08/2011 04:08

Seen: 498 times

Last updated: 08/17/2011 11:37