LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-04-2007, 03:20 PM   #1
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Arch
Posts: 1,374

Rep: Reputation: 47
restricting nfs to specific stations


I work at a small charter highschool, I have ~20 linux stations that I set up, clone systems.

Basically I have a server configured that shars the home directories to all the stations via nfs. I accomplished this by having it share /home to 192.168.93.*(rw) (the ip scheme)

This has worked very well, however a student was able to boot up his laptop into linux, change his ip to one within the above range, then mount /home, he then simply created a user account with the same name as another students home directory and then had full access to that students files. (root is squashed)

I am wondering if there is some way to secure against this short of banning laptops from our network (NOT an option).

The stations are all identical clones, the only exception to this si they each have a different static ip set.
 
Old 05-04-2007, 05:54 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
is it possible for you to set-up the LAN clients and laptop clients on a different zone in the firewall?? this way the server can be firewalled from the laptops... of course if the laptop people have physical access to the ethernet then this would only be a speedbump... =/

my NFS experience is virtually nil, but it is my understanding that NFSv4 has strong built-in authentication, while NFSv3 doesn't... proper authentication would have prevented the attacker from accessing the victim's /home folder... so, assuming you are using NFSv3: have you considered upgrading to NFSv4??

Last edited by win32sux; 05-04-2007 at 06:30 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
automount specific user's file on an NFS server cememet Linux - Networking 4 05-16-2007 08:45 PM
NFS - How can I direct traffic to a specific nic? gislil Linux - Networking 2 10-25-2006 04:59 AM
Restricting access to a specific port by MAC address caps_phisto Linux - Networking 3 10-23-2006 01:55 PM
How do I tell if my NIC's can be used for diskless stations? JordanH Linux - Hardware 5 12-23-2003 08:25 PM
AM/FM Radio Stations Aljaber Linux - General 5 11-11-2003 12:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration