Thus Paul M Foster hast written on Wed, Jan 14, 2009 at 04:36:01PM -0500, and, according to prophecy, it shall come to pass that:
> > >>> pokey:/lan /lan/backup nfs sec=none,soft,intr,timeo=12,wsize=8192,rsize=8192 0 0
> >
> > and remembered that I'd read
> >
> > sec=mode Set the security flavor for this mount to "mode".
> > The default setting is sec=sys, which uses local
> > unix uids and gids to authenticate NFS operations
> > (AUTH_SYS). Other currently supported settings are:
> > sec=krb5, which uses Kerberos V5 instead of local unix
> > uids and gids to authenticate users; sec=krb5i, which
> > uses Kerberos V5 for user authentication and performs
> > integrity checking of NFS operations using secure
> > checksums to prevent data tampering; and sec=krb5p,
> > which uses Kerberos V5 for user authentication and
> > integrity checking, and encrypts NFS traffic to prevent
> > traffic sniffing (this is the most secure setting).
> > Note that there is a performance penalty when using
> > integrity or privacy.
> >
> > Try changing the "sec" mount option to "local", then unmount and mount the
> > filesystem on the client.
>
> No "local" option for security under NFS. "none" and "sys" might be
> valid options. Under Samba, I don't see *any* sec= options, according to
> man 8 mount and man 8 smbmount.
Sorry, I meant "sys". Looks like it's an NFS specific mount option.
> Additional data: "none" and "sys" don't affect behavior either way as
> sec= options under NFS (by actual experiment).
There's a SUN page about NFS security that says:
none:
Use null authentication (AUTH_NONE). NFS clients using AUTH_NONE have
no identity and are mapped to the anonymous user nobody by NFS servers.
A client using a security mode other than the one with which a Solaris
NFS server shares the file system has its security mode mapped to
AUTH_NONE. In this case, if the file system is shared with sec=none,
users from the client are mapped to the anonymous user. The NFS
security mode none is supported by share_nfs(1M), but not by
mount_nfs(1M) or automount(1M).
If the server see you as anonymous user or having no auth, you aren't going
to be able to write to anything (directory) that isn't world writable,
and even then, maybe not.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:21:06 EDT