Slashdot Mirror

← Back to Stories (view on slashdot.org)

Understanding NFS

Posted by michael on from the things-man-was-not-meant-to-know dept.

LiquidPC writes: "ONLamp.com's Big Scary Daemons section has yet another great new BSD article, this one on Understanding NFS and using it in FreeBSD."

5 of 138 comments (clear)

  1. What about security??? by Anonymous Coward · · Score: 4, Interesting

    I'm appalled that he considers IP address matching to be a way of preventing abuse. Sure, his cable modem is a separate interface so he can use a firewall to block it. But what if you're on a large untrusted LAN and you want to share files between two machines? I have exactly this problem (I have a laptop and a desktop at university) and I'm still looking for a simple yet secure way to share between them without allowing anyone to just spoof the IP address (and preferrably without transmitting my secret plans for world domination over the wire in the clear).

    1. Re:What about security??? by autechre · · Score: 5, Informative

      As someone else has already mentioned, you could use the Self-certifying File System .

      You could also establish an encrypted tunnel between the two machines using whatever implementation of IPSEC they have (Linux has FreeSWAN, OpenBSD has something built into the kernel, not sure about others). Then you could share stuff however you wanted.

      We're currently using NFS to share our MP3 collections on our private network (behind the firewall/gateway), and it's not a big problem there. But for any network I don't trust (and I'm not very trustworthy :), I'd stay away from it.

      --
      WMBC freeform/independent online radio.
  2. Corrections, pointers, and cautions by angio · · Score: 5, Informative
    A few things in the article deserve to be clarified. First, Lucas states that "One thing to note is that NFS uses the same usernames on each side of the connection." This is not accurate - NFS uses the same UIDs on both sides of the connection. If you don't have a unified UID space between your machines, you'll have .. issues.

    Second, if you export NFS to the world, you're insane and deserve what you get. If you want remote filesystem access, use a secure protocol like the Self-Certifing Filesystem (SFS). SFS also avoids completely the problem of having a shared UID space.

    Finally, his advice to mount your filesystems intr is good. But insufficient - also mount them soft, so that filesystem calls will eventually timeout if the server goes poof.

  3. NFS Howto by I+Want+GNU! · · Score: 4, Informative

    There is already stuff about NFS! The NFS HOWTO can be found at http://nfs.sourceforge.net/nfs-howto/

  4. You CAN have multiple lines for the same partition by fist · · Score: 5, Informative

    Comments about /etc/exports...
    "There are no identifiers between the components of the line. Yes, it would be easier to read if we could put each shared directory on its own line, but we can't; they're all on the same partition. The FreeBSD team could rewrite this so that it had more structure, but then our /etc/exports would be incompatible with that from any other Unix."

    What?!?! Did this guy even read the man page for /etc/exports? Of course you can have seperate directories from the same partition on different lines!! In the man page they have an example of it! Plus there is this comment lifted directly from the FreeBSD 4.5 man page for /etc/exports.

    "Mount points for a filesystem may appear on multiple lines each with different sets of hosts and export options."

    Michael's articles are usually of excellent quality, but I can't believe how many other mistakes he's made! The article is written to familiarize a "junior" sys admin to NFS, but only teaches them bad habits. Hopefully he'll do a little more research for his future articles.