I set up a nfs to share a directory to other servers.  How can I
restrict others from accessing this directory?  Users do have root
access to these servers and I don't want them to access the shared
directory.
thanks.

[ Post a follow-up to this message ]

rogv24@yahoo.com wrote:
>
> I set up a nfs to share a directory to other servers.  How can I
> restrict others from accessing this directory?

NIS netgroups, ACLs.

> Users do have root
> access to these servers and I don't want them to access the shared
> directory.

It is not possible to restrict access from anyone with root access.
Nothing you can do will work because everything you can do will
have a workaround by them.  Turn your NFS access back off and
no one will be able to access the data.

[ Post a follow-up to this message ]

Not true.  You can prevent a root user from accessing/modifying content
a mounted NFS share from a remote server with the following:

- on HPUX: use 'access' directive
- on Linux: use 'root_squash or no_root_squash

Remote root access operation on mounted NFS shares is disabled by
default.  You have to explicitly enable it via /etc/exports.  Finally,
NFS relies heavily on UIDs and GIDs.  I can go around your security by
creating an account on a remote system with an UID or GID that owns
files/dirs on the mounted share.  Short of exporting read-only, there
is not much you can do.

man exports is your friend.

[ Post a follow-up to this message ]

--==[ bman ]==-- wrote:
>
> Not true.  You can prevent a root user from accessing/modifying content
> a mounted NFS share from a remote server with the following:

This is UseNet.  Please learn to quote context.

>  - on HPUX: use 'access' directive
>  - on Linux: use 'root_squash or no_root_squash
>
> Remote root access operation on mounted NFS shares is disabled by
> default.  You have to explicitly enable it via /etc/exports.  Finally,
> NFS relies heavily on UIDs and GIDs.  I can go around your security by
> creating an account on a remote system with an UID or GID that owns
> files/dirs on the mounted share.  Short of exporting read-only, there
> is not much you can do.
>
> man exports is your friend.

Here's my statement that was called not true:
[vbcol=seagreen] 

It remains true.  It access is given to user "dfreybur" on the client
host, but that users doesn't exist on that host or never logs in,
anyone with the root password can create "dfreybur" or give it a
local password.  Bingo, access.

There's more access in the world than access *as* root.  Anyone
with the root password can use any granted access as that user.

[ Post a follow-up to this message ]

"It is not possible to restrict access from anyone with root access.
Nothing you can do will work because everything you can do will
have a workaround by them. " - point taken if we are talking about
using root gain indirect access to NFS share (like creating a user with
exported UID).

However, root itself cannot access/modify/write if directives described
in my post are used.  I assume that a "basic" trust is established
between the server and a client for this type of opertaions otherwise,
this whole converstation is pointless.

You would not export vital information via NFS from your system to a
client with a questionable reputation, would you?

[ Post a follow-up to this message ]

--==[ bman ]==-- wrote:
>
> "It is not possible to restrict access from anyone with root access.
> Nothing you can do will work because everything you can do will
> have a workaround by them. " - point taken if we are talking about
> using root gain indirect access to NFS share (like creating a user with
> exported UID).
>
> However, root itself cannot access/modify/write if directives described
> in my post are used.  I assume that a "basic" trust is established
> between the server and a client for this type of opertaions otherwise,
> this whole converstation is pointless.
>
> You would not export vital information via NFS from your system to a
> client with a questionable reputation, would you?

As someone who formerly had a security clearance color me
paranoid - Everyone has a questionable reputation.  I know I
can't lock down my systems enough to keep out the most
determined cracker so neither can anyone else.  Assuming a
basic trust isn't as automatic to me as it is to some.  I figure
root's going to be abused eventually.

There's also the question of how "vital" is defined.  /etc is vital
on the local system, application data is vital on the business
level.  One I'm not giving out over NFS the other I am.

[ Post a follow-up to this message ]