On Mon, Nov 28, 2005 at 10:22:31PM +0100, Lars wrote: > Hey > > I'm running a small LAN and is a bit lost in the question regarding a > simple filesharing on a small LAN... > NFS: I don't get it. If anyone plugs into the lan and have a > root-account they are on the share.
No, actually the root user is normally mapped to the user nobody that won't have any access on the remote share. If you read the manpage of exports this concept is called "squashing", so the root account on the remote machine is normally not the issue. The issue is rather that the root user on the remote machine can become any other user (or actually user id) that he wants and gain access to the files on the remote share as that user. You control that by limiting who (what IPs) that are allowed to mount your share. You therefore need to be able to control who can gain access to what IP number on your network. without knowing more about what kind of environment you are trying to secure here it is hard to suggest a good solution. You mention "anyone plugs in" which makes me believe that you are concerned about access from people that have physical access to your equipment. If that is the case, you will have serious trouble securing your network. But then again, maybe your servers are kept in a secure location? /Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
