Linux Journal: Tux Knows It's Nice to Share, Part 2Feb 08, 2001, 21:23 (0 Talkback[s])
(Other stories by Marcel Gagné)
[ Thanks to 2more0 for this link. ]
"Now, there's a concept for you. We've all been told that it's nice to share (I said it myself right here in this very column), and now we've got to consider what we can and can't share. Yes, it's another week of examining the mysteries of the very universe itself, delving into the human adventure, nay, the very soul of our human nature, as we explore the wonders of our Linux systems. Specifically, file sharing technologies. Whoa! What a segueway. This can only mean that we have reconvened for yet another installment of the "SysAdmin's Corner". As you might remember, we were last discussing NFS file sharing. I called it the Gread-Grand-Somethingorother of network file sharing. Then, we looked at basic setup and exporting file systems to be mounted on remote systems. The basic format of the /etc/exports file looks something like this:
In particular, I used an example where I exported my own /mnt/data1 directory with these options:
In other words, allow the computer at 192.168.1.2 to mount this directory wherever it wants and, then, allow read and write permissions even as root. The default, as I mentioned, is to treat root as an anonymous user, thus severely limiting its access. This is where I want to pick up today: Security in the world of NFS. In the above example, I am assuming that I, being the system administrator, am the one with root access to all machines. I trust myself. Trust, however, must be meted out carefully."