[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] NFS over SSH
On Wed, 2 Jun 2004, January Weiner wrote:
> I'm desperately trying to set up a secure file sharing server. It should
> support both user authentification and data encryption. It will run in a
> non-secure LAN and provide about 15 users with their home directories.
> My first idea was to use NFS over SSH. However, for this you need to
> specify the ports rpc / nfs /nfslock use. It seems that in SuSE there is
> no way of specifying the nfslock port, is this correct? What am I doing
> wrong? How to do NFS over SSH in SuSE?
> Samba would also be a possibility, however there are a couple of problems
> with that one:
> 1) problem with high UID's, we have UIDs >> 65535 and the mounted samba
> shares do not get proper permissions
Haven't been a problem for a couple of years, as far as I can gather,
definitely shouldn't be for Samba 3. Changed rather shortly after
kernel 2.4 appeared supporting UiDs > 65535. Haven't tested this
myself, just did a quick google just now.
> 2) is it true that Samba does not support special files (like sockets),
> thus rendering this file system unusable for the purpose of mounting
> home directories to use e.g. with KDE (which needs to create sockets)?
Not true. 'Unix extension = yes' in smb.conf solves this, the problem
with KDE is that it has odd (':' in particular) characters in filenames,
this is solved by also setting 'mangled names = no'. Gnome, on the
other hand, uses a file locking strategy which is broken with sambamount.
Setting an environment variable GCONF_LOCAL_LOCKS=1 for the user moves the
file locking to /tmp and makes Gnome useable, though the solution isn't
> Am I wrong? What other possibilities are there?
Someone suggested VPN, which can force the user to authenticate to get an
IP address - at which point IP security all of a sudden deserves to
contain the word "security" in it.
Bjørn Tore Sund Phone: (+47) 555-84894 Stupidity is like a
System administrator Fax: (+47) 555-89672 fractal; universal and
Math. Department Mobile: (+47) 918 68075 infinitely repetitive.
University of Bergen VIP: 81724
Support: system@xxxxxxxxx Contact: teknisk@xxxxxxxxx Direct: bjornts@xxxxxxxxx
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here