RE: mounting remote partition via NFS

From: Grunberg, Jeffrey (jeff.grunberg@purchase.edu)
Date: 01/10/02


From: "Grunberg, Jeffrey" <jeff.grunberg@purchase.edu>
To: "'renante'" <rbontuyan@inq7.net>, security-basics@security-focus.com
Date: Thu, 10 Jan 2002 12:37:48 -0500

Check out http://nfs.sourceforge.net/nfs-howto/
Pay special attention to
http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS - You could
also use TCP wrappers to only allow server2 access to portmap on server1.
On server1, add a
"portmap: ALL" to /etc/hosts.deny
and a "portmap: IP.ADDRESS.of.server2" to /etc/hosts.allow

NFS has historically been a scary thing, but if setup correctly, is super
useful. Also make sure that you've got /mnt/partition1 in server2's
/etc/fstab (or /etc/device.tab) so it gets mounted at startup.

You should block all access to it from the internet - web clients would
still be able to read web pages (since they're requesting them from
server2). In addition, you should block all access to server1 from server2
except for the ports needed for nfs, (portmap, nfsd), just in case server2
gets taken over - you don't want to be rebuilding two servers instead of
one. In any case, /mnt/partition1 will look exactly like a local partition,
so it wouldn't be any more exploitable via your web server as any other
local partition which contains your DocumentRoot.

 - jeff grunberg

 -----Original Message-----
From: renante [mailto:rbontuyan@inq7.net]
Sent: Wednesday, January 09, 2002 1:30 AM
To: security-basics@security-focus.com
Subject: mounting remote partition via NFS

I want to mount one of the partition located in my other server via NFS.

The scenario:
partition1 in server1 mounted in server2 via NFS and this partition
(/mnt/partition1) will be use
as DocumentRoot as web services.

Is there any security issues regarding NFS, or does the server1 vulnerable
in exploitation
via web, since this particular partition is being used as documentroot of
web service.

Any help will be highly appreciated

Renante B. Bontuyan



Relevant Pages

  • Re: FC2 -> FC3 issue with Partition table entries not in disk order
    ... >> Partition table entries are not in disk order ... > And leave the partition table alone. ... Why did the upgrade change this? ... I built server2 on FC2 and then performed an upgrade ...
    (Fedora)
  • Re: Cluster Concept Question
    ... Device activation error. ... >> I have setup a MS Cluster on two nodes running windows 2003 in an active ... Partition q has the quorum. ... >> server2. ...
    (microsoft.public.windows.server.clustering)
  • Re: Cluster Concept Question
    ... What errors, if any, are you seeing on Server2 in the event log for cluster ... I have my cluster setup with three partitions all on ... Partition q has the quorum. ...
    (microsoft.public.windows.server.clustering)
  • Re: NFS file sharing mount gives permission denied ...
    ... I have created /etc/exports using NFS server configuration ... > GUI as follows on server2. ... The exact /etc/exports file will help. ... exact mount command you use and/or contents of the fstab file if you are ...
    (comp.os.linux.security)
  • NFS file sharing mount gives permission denied ...
    ... I am using NFS to share files between two linux servers using Redhat 8.0 ... GUI as follows on server2. ... when i try to mount files of server2 in server1 i keep getting ... showmount -e shows exported entries of server2 ...
    (comp.os.linux.security)