[Freeipa-users] insecure IPA'd NFS
Nalin Dahyabhai
nalin at redhat.com
Wed May 9 21:43:17 UTC 2012
On Wed, May 09, 2012 at 09:16:45PM +0000, Steven Jones wrote:
> I just setup a RHEL6 server as a NFS server and I have 2 x RHEL6
> workstation clients doing NFS via automount as per section 10.3 admin
> guide 6.3beta....all good until I use a Ubuntu client to 'attack it"
> I find the non-IPA's ubuntu client can delete, alter and edit
> files......kind of Oops....I think there is a stage missing in the doc
> or a bug.......can someone have a look at that doc and tell me if a
> step is missing please?
What was the exact command used to mount the filesystem at the client,
and what are the contents of the mountpoint's entry in /proc/mounts on
the client after it's been mounted?
The guide lists "sys" as one of the security flavors when it shows an
example entry in /etc/exports (I guess, because it's demonstrating
adding Kerberos settings to a previously-configured export), which I
suspect is at least part of it.
HTH,
Nalin
More information about the Freeipa-users
mailing list