Browse Prior Art Database

Method to Improve Security and Manageability of NFS (Network File System) Export Lists

IP.com Disclosure Number: IPCOM000030026D
Original Publication Date: 2004-Jul-23
Included in the Prior Art Database: 2004-Jul-23
Document File: 4 page(s) / 277K

Publishing Venue

IBM

Abstract

This article describes a method to improve manageability of NFS (Network File System) Exports list. The method delegates to end users and filesystem administrator the authority of managing the list of hosts that can access the filesystems. It also creates an abstraction layer so users can be associated to filesystems, instead of host names.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 4

Method to Improve Security and Manageability of NFS (Network File System) Export Lists

1.1 - Introduction on NFS:

    NFS is a Network File System, that allows clients taking the NFS protocol [1] to access remote files residing in another machine (the NFS server).

    The steps for accessing a NFS Filesystems are: -a NFS client mounts (associate) a local directory to a remote exported directory in the NFS server
-the NFS Server validates the NFS client identity -the NFS client access the files, performing file operations on the local directory associated to the NFS server exported directory like they were local files. The file permission checking is done at the client. -if the NFS filesystems isn't needed anymore it can be unmounted (association destroyed)

1.2 - Security of NFS Exported filesystems [2]

    The NFS security is very weak. There are two checks that are done: -hostname checks: during the mount operation the hostname (TCP/IP name) of the NFS client is compared against a list of machines that can mount the file systems. That list is specified on the /etc/exports file.Filesystems can be exported in read-only mode to specific hosts, so the identity of hosts communicating with the NFS server is checked on each operation to make sure the hostname has write access. -file ownership and permission: when the NFS client access files on the mounted filesystem, it will send the identity and group membership of the user accessing the file to the NFS fileserver. The identity is used to check file ownership and permission. However the NFS server trusts the information sent by the NFS client and will not require any type of authentication. If one user has access to the superuser (root or administrator) of a NFS Client he can impersonate any other userid.

    The file /etc/exports [3] controls the hosts that can mount, have write or read-only access to the filesystem. Some other options can be specified on that file.

    Usually the root user (the administrator of a UNIX (R) machine) of the NFS client does not have any special power on the remote NFS filesystems. This behavior can also be changed with options on the /etc/exports file.

References:
[1] RFC1813 - NFS Version 3 Protocol Specification http://www.ietf.org/rfc/rfc1813.txt
[2] NFS Security http://www.sans.org/rr/unix/nfs_security.php
[3] /etc/export Manpage http://nscp.upenn.edu/aix4.3html/files/aixfiles/exports.htm

2 - Summary of the invention:

1

Page 2 of 4

    The invention is to have a separate database with filesystem, user and hostname information. Using the database, NFS filesystems are exported to specific users by a NFS filesystem administrator. The NFS filesystem administrator can control the level of access of a user: mount, read-only, read-write and root access.

    The user can associate a hostname to an NFS filesystem for which he has access. An automated process will retrieve that information from the database at regular intervals and create an /etc/exports file that is used to control access...