NFS NIS and security

NFS NIS and security

Post by Ramamurthy Badrinat » Sun, 26 May 2002 00:23:00



I have a unix file server and wish to export some directories to a
client, sharing the NIS domain qith thw server. It seems that a
superuser on the client machine can su to an arbitrary NIS account,
without providing password. So the root on the client has access to all
the directories exported from the server to this client. Isn't this a
security risk, if I have no control over the superuser on the client? Is
there a way around this?

Thanks in advance for any help.

-Badri

  Ramamurthy.Badrinath.vcf
< 1K Download
 
 
 

NFS NIS and security

Post by Juha Laih » Sun, 26 May 2002 04:07:01



Quote:>I have a unix file server and wish to export some directories to a
>client, sharing the NIS domain qith thw server.

Ok.

Quote:>It seems that a superuser on the client machine can su to an arbitrary
>NIS account, without providing password. So the root on the client has
>access to all the directories exported from the server to this client.

Correct.

Quote:>Isn't this a security risk, if I have no control over the superuser on
>the client?

It is. NFS and NIS are intended for use only in scenarios where the root
account on all the machines is controlled by the same person/group. If
a local user at a NFS client has root access, much of the security is
lost. Also, depending on the setup, NFS client can be compromised by
having root account on the NFS server (when only having a non-root
account on the client).

Quote:>Is there a way around this?

Not with NFS. There are filesystems that address these problems (among
others), but they're not in widespread use. If you truly need these,
read up on AFS and DFS.
--
Wolf  a.k.a.  Juha Laiho     Espoo, Finland

         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

 
 
 

NFS NIS and security

Post by Kevin Buh » Sun, 26 May 2002 06:50:17



> I have a unix file server and wish to export some directories to a
> client, sharing the NIS domain qith thw server. It seems that a
> superuser on the client machine can su to an arbitrary NIS account,
> without providing password. So the root on the client has access to all
> the directories exported from the server to this client. Isn't this a
> security risk, if I have no control over the superuser on the
> client?

It sure is, but plain old NFS doesn't have a better authentication
mechanism than this.

Quote:> Is there a way around this?

It depends on how much access you need to give away.  If Mallory has
root access on the client machine, she can masquerade as any
legitimate user.  Thus, if all legitimate users must be able to log
into the client machine and read and modify their own files,
then---necessarily---Mallory can read and modify *every* legitimate
user's files.

If Ann is the only one who needs to access her files on the client,
then you can obviously export just Ann's directory, and Mallory---even
if she gets root---will only be able to cause trouble for Ann.
Similarly, if a small subset of users will be using the client, you
can export just their filesystems and "sacrifice" them to Mallory
without exposing other users to much danger.

(Of course, you can also export the files read-only, and you can use
the NFS server's uid-squashing facilities to treat all requests as if
they came from some low-priviledge user, like "nobody", no matter who
they really came from.)

Plain old NFS servers work by authenticating clients based on their IP
addresses and trusting clients to authenticate users---in particular,
the NFS server simply trusts the userid field passed to it by the NFS
client in each request.  There are certainly ways to improve this
(using Kerberos NFS or AFS to securely authenticate machines and/or
users to the file server), but no improvement will fix the fundamental
problem that someone with physical access to the client machine can
trick legitimate user Larry into authenticating himself to the NFS
server just before deleting all of Larry's files.

--

 
 
 

1. SSH without password in NIS/NFS ,is it possible?

Hi All,

We're running NIS/NFS (Mandrake 8.2,kernel 2.4.18) and that my home
directory
is the same on all machines, I mean same as in auto-mounted.

Could somebody tell me how can I "ssh hostname" between these machines
without password/passphrase,is it possible?

PS,I'm using OpenSSH 3.1

Thanks a lot,

2. getch() getche()

3. 'su user' & NIS & NFS

4. Passport 44XX

5. ssh + nfs + nis basics

6. Using html in DropDownList

7. Help disproving security through obscurity (NFS)

8. Thanks...I feel better now.

9. NFS security issues

10. NFS security

11. NFS Mount Security Issues

12. PC NFS file sharing, UID/GID security issues ???