[Tfug] pcnfsd(8) privilege reduction

John Gruenenfelder jetpackjohn at gmail.com
Wed Jan 9 02:53:54 MST 2013


On Wed, Jan 9, 2013 at 2:27 AM, Bexley Hall <bexley401 at yahoo.com> wrote:
> Hi John,
>
>
> [Yes, NFS is a dog -- and a security risk.  As is CIFS.  But, the
> machines in question are isolated from all potential threat sources]

Don,

Quite true... but the nice thing about NFS is that, in general, "it
just works".  Especially amongst homogeneous (or nearly so) UNIX
machines.  And when used on an internal network where nfsd and the
router are configured to not allow any connections from outside, most
of the security issues are sufficiently dealt with.

The main reason I make use of it is because NFS integrates more or
less seamlessly with the UNIX file system tree.  At work, when we had
three machines running and each had a significant amount of storage,
we made very heavy use of NFS which was in many cases transparent to
the users.

At this point, I believe I have all of my machines working on NFSv4
via TCP, though I am not making any use of the GSSAPI security
mechanisms.


--John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
Try Weasel Reader for Palm OS  --  http://weaselreader.org
"This is the most fun I've had without being drenched in the blood
of my enemies!"
        --Sam of Sam & Max




More information about the tfug mailing list