[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Jonathan Melhuish wrote:
I'm using Debian on both client and server, BTW (stable on the server, unstable on the client).
NFS v2 uses UID and trusts both ends to have the same ideas on UID's. Thus the quick and dirty approach is to fix MAC addresses to static IP's (man arp?) and to only share to IP's you trust (man exports?). Won't keep the determined and knowledgable out - but the squirrels won't read your files. Probably the smart thing is to run a VPN, and share to VPN users only, putting some encryption between your stuff and the public, but that sounds a lot of work. I kind of lost track of the extra security features in later versions of NIS and NFS - soon came to the conclusion you keep those bits a long way away from the bad guys (and malware).
Attachment:
signature.asc
Description: OpenPGP digital signature