:: Re: [DNG] NFS: was mounting /usr
トップ ページ
このメッセージを削除
このメッセージに返信
著者: karl
日付:  
To: dng
題目: Re: [DNG] NFS: was mounting /usr
Steve Litt:
> On Mon, 4 Dec 2017 23:12:59 +0800
> Yevgeny Kosarzhevsky <phaoost@???> wrote:

...
> > ~# ldd /sbin/mount.nfs|grep usr
>
> It appears you're using NFS.
>
> Back in my youth, the wise men told me that NFS was a horrible security
> threat unless you also used YP, which was too sophisticated for me to
> ever figure out. So these days I use sshfs, which is nice, but slower
> than a turtle dragging a railroad engine.


Suns yellow pages is called nis since long time ago.

> Is NFS still a security problem?


NFS security model treated hosts, network and root as trusted, which
doesn't match the reality today. Maybe nfs v4 and kerberos solves part
of the problems.
If you don't trust the network, perhaps running it over a tunnel will
help.

> Does it still have that issue where you never knew what port it
> would listen on?


You use portmap for that.

> Do you still need YP,and is YP as monumentally difficult as I
> remember it being?


I don't think you ever needed nis.
If you want help with nis, please ask on the list.

> Are a lot of you using NFS? Do you feel safe doing so?


It happens, not regulary.

Regards,
/Karl Hammar

-----------------------------------------------------------------------
Aspö Data
Lilla Aspö 148
S-742 94 Östhammar
Sweden
+46 173 140 57