restricting nfs to specific stations
I work at a small charter highschool, I have ~20 linux stations that I set up, clone systems.
Basically I have a server configured that shars the home directories to all the stations via nfs. I accomplished this by having it share /home to 192.168.93.*(rw) (the ip scheme)
This has worked very well, however a student was able to boot up his laptop into linux, change his ip to one within the above range, then mount /home, he then simply created a user account with the same name as another students home directory and then had full access to that students files. (root is squashed)
I am wondering if there is some way to secure against this short of banning laptops from our network (NOT an option).
The stations are all identical clones, the only exception to this si they each have a different static ip set.
|