Date: Mon, 08 Mar 1999 18:30:00 +0100 From: Benoit Rossier <Benoit.Rossier@mcnet.ch> To: freebsd-isp@FreeBSD.ORG Subject: export restriction on nfs Message-ID: <3.0.1.32.19990308183000.0303df44@nocnoc.mcnet.ch>
next in thread | raw e-mail | index | archive | help
Hello, Why it isn't possible to export directories like this: root@noc:~>more /etc/exports /nfs/srv1-mail -maproot=root 192.168.2.251 /nfs/srv1-ftp -maproot=root 192.168.2.251 /nfs/srv1-dns -maproot=root 192.168.2.251 /nfs/srv2-web -maproot=root 192.168.2.252 /nfs/srv2-web2 -maproot=root 192.168.2.252 Ok to do this I have two solutions: - export all the filesystem / - the same export file but specify the network 192.168.2 In both cases, there's a security problem because if a hacker cracks host1 he can mount the volume allowed for host2 and reverse. I think this a FreeBSD limitation but I'm not sure. Is this true? How can I do this? In relation: - what is the best protocol to use with nfs: udp or tcp? - Does the file locking work on FreeBSD? We use FreeBSD 3.1 for both, server and clients. Thanks for your time! Ben +---------------------------------------------------------------------+ | Benoit Rossier M&C Management & Communications SA | | Telecom Rue de Romont 35 | | CH - 1700 Fribourg | | | | voice: +41 (0)26 347 20 40 fax: +41 (0)26 347 20 49 | | E-Mail: Benoit.Rossier@mcnet.ch http://www.mcnet.ch | +---------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19990308183000.0303df44>