Unix- TCP/IP Security (11)

• NFS - Network File System

  • UIDs and GIDs must be consistent between NFS clients and servers to prevent unauthorized access
  • do not export directories that contain critical files
  • use ‘secure’ option in ‘exports’ and ‘fstab’ files for file handle encryption
  • carefully assign ro,rw,access,root options
  • avoid root=host option
  • avoid anon=0 which allows all-hosts superuser access
  • always specify nosuid for NFS mounts (SUID execution)

Previous slide

Next slide

Back to first slide

View graphic version