Date: Tue, 2 May 1995 13:10:20 -0400 From: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu> To: Brant Katkansky <bmk@dtr.com> Cc: security@FreeBSD.org Subject: Security options for NFS? Message-ID: <9505021710.AA00462@halloran-eldar.lcs.mit.edu> In-Reply-To: <199505021046.DAA00960@dtr.com> References: <199505021046.DAA00960@dtr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Tue, 2 May 1995 03:46:49 -0700 (PDT), Brant Katkansky <bmk@dtr.com> said: > I'm looking to secure NFS and other services not covered by tcpd - > what's the conventional wisdom for FreeBSD 2.0? NFS has fairly strong access-control checks provided by the kernel code. However, these only operate on a per-mount-point basis. If you specify a host list in /etc/exports, then the NFS server will d oits best to ensure that only the hosts listed are able to access the data, even given a valid file handle. The portmapper is fairly harmless, provided you don't start any services that in themselves are security problems. The FreeBSD versions of `mountd' and YP are reasonable; some of the other RPC services you may want to restrict or just plain not run depending on your security policy (e.g., rusers, rstat). -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9505021710.AA00462>