[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] insecure IPA'd NFS



On Wed, May 09, 2012 at 09:16:45PM +0000, Steven Jones wrote:
> I just setup a RHEL6 server as a NFS server and I have 2 x RHEL6
> workstation clients doing NFS via automount as per section 10.3 admin
> guide 6.3beta....all good until I use a Ubuntu client to 'attack it"
> I find the non-IPA's ubuntu client can delete, alter and edit
> files......kind of Oops....I think there is a stage missing in the doc
> or a bug.......can someone have a look at that doc and tell me if a
> step is missing please?

What was the exact command used to mount the filesystem at the client,
and what are the contents of the mountpoint's entry in /proc/mounts on
the client after it's been mounted?

The guide lists "sys" as one of the security flavors when it shows an
example entry in /etc/exports (I guess, because it's demonstrating
adding Kerberos settings to a previously-configured export), which I
suspect is at least part of it.

HTH,

Nalin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]