From owner-freebsd-isp  Mon Mar  8  9:27: 0 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from nocnoc.mcnet.ch (nocnoc.mcnet.ch [193.5.166.251])
	by hub.freebsd.org (Postfix) with ESMTP id 61AEA14EB2
	for <freebsd-isp@FreeBSD.ORG>; Mon,  8 Mar 1999 09:26:09 -0800 (PST)
	(envelope-from Benoit.Rossier@mcnet.ch)
Received: from pc15.mcnet.ch (pc15.mcnet.ch [193.5.166.35])
	by nocnoc.mcnet.ch (8.9.2/8.9.3) with SMTP id SAA17784
	for <freebsd-isp@FreeBSD.ORG>; Mon, 8 Mar 1999 18:26:55 +0100 (CET)
Message-Id: <3.0.1.32.19990308183000.0303df44@nocnoc.mcnet.ch>
X-Sender: brossier@nocnoc.mcnet.ch
X-Mailer: Windows Eudora Pro Version 3.0.1 (32) [F]
Date: Mon, 08 Mar 1999 18:30:00 +0100
To: freebsd-isp@FreeBSD.ORG
From: Benoit Rossier <Benoit.Rossier@mcnet.ch>
Subject: export restriction on nfs
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello,

Why it isn't possible to export directories like this:

root@noc:~>more /etc/exports
/nfs/srv1-mail -maproot=root 192.168.2.251
/nfs/srv1-ftp  -maproot=root 192.168.2.251
/nfs/srv1-dns  -maproot=root 192.168.2.251
/nfs/srv2-web  -maproot=root 192.168.2.252
/nfs/srv2-web2 -maproot=root 192.168.2.252

Ok to do this I have two solutions:
- export all the filesystem / 
- the same export file but specify the network 192.168.2

In both cases, there's a security problem because if a hacker
cracks host1 he can mount the volume allowed for host2 and reverse.

I think this a FreeBSD limitation but I'm not sure. Is this true?
How can I do this?

In relation:
- what is the best protocol to use with nfs: udp or tcp?
- Does the file locking work on FreeBSD?

We use FreeBSD 3.1 for both, server and clients.

Thanks for your time!
Ben

+---------------------------------------------------------------------+
| Benoit Rossier                   M&C Management & Communications SA |
| Telecom                          Rue de Romont 35                   |
|                                  CH - 1700 Fribourg                 |
|                                                                     |
| voice: +41 (0)26 347 20 40       fax: +41 (0)26 347 20 49           |
| E-Mail: Benoit.Rossier@mcnet.ch  http://www.mcnet.ch                |
+---------------------------------------------------------------------+


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message