Ok boys, today I will give some advice on NFS on Linux.
1) Do not use the insecure option. Clients should not connect the NFS server from ports greater than 1024. By default its secure
2) By default NFS uses root_squash. It means that a root user on client machine will not be having root access on server. He will be given nobody's UID and GID and that means only world permission. Never make it no_root_squash
3) /usr/local/pub (squash_uids=0-50, squash_gids=0-50)
Ok, dont get upset. This means if this entry is exported with read write permission which is default, it prevents client users from using UID and GID starting from 0 to 50 which is dangerous.
No comments:
Post a Comment