:: Re: [DNG] NFS: was mounting /usr
Top Page
Delete this message
Reply to this message
Author: Simon Hobson
Date:  
To: Dng
Subject: Re: [DNG] NFS: was mounting /usr
Yevgeny Kosarzhevsky <phaoost@???> wrote:

> Ok but this is not about NFS but about any FS that can be accessed over network.


It may help to point out something that I didn't spot when I first came across NFS.

With SMB, AFS, FSoverSSH, etc, etc, etc the client authenticates to the server as a specific user - and then the files accessible by that user are available to the client (depending on setup, they may be accessible onto to the one user, or to many users).
So if you have a multi-user client host, each user would need their own mountpoint to a shared server - with access controls applied on the server side.

NFS is completely different.
The client mounts a share, and IIRC there is no authentication possible at all - at least in earlier versions, not sure if it got added in later versions. Once the client has mounted the share, it takes responsibility for controlling access to the files.
So when user id 1234 tries to access a file, the client host applies the permissions as though it was a local disk and allows or denies the access accordingly. It should be fairly obvious that if you can't trust the client host (ie be sure that user ID 1234 is really John Smith from Accounting) then you have no security.

So NFS is good where you want lots of users to access a shared set of storage AND you have control of all the client hosts AND you have a means of keeping the users in sync. You only need one share/mount and all your users can access it using the normal Unix file permissions model.
It obviously doesn't work when a client is not a system that really understands multiple users, or you can't control user IDs.

So you can probably now see why many people consider NFS to be rather insecure - you HAVE to trust the client to apply file permissions correctly.

As I'd learned networking on single user systems (a bit of Netware, a bit of Windows 3.1 and onwards, Macs from early days) I was used to the "user sits at machine, authenticates to server, server applies access controls" model. It needed someone to point out to me what the difference was with NFS before it made sense.