[NFS-Ganesha-Support] Re: Restricting root's FS access
Yes, what is the requirement here?
The issue is really a security one. Initial connections are only 'protected' by
Client config limited to host/ip ranges. If someone can 'reach' the NFS server
then they can connect as root (nobody) and potentially access anything which is
world-readable. This is obviously a 'classic' issue with ip-based auth on NFS, and
I was hoping that the existence of kerberos authentication helped here. Perhaps not.
Yes, definitely. Note that directory permissions are not sufficient
to protect files since
a client could "guess" a file handle and access any inode on an exported file
system (even an inode in a portion of the file system that is outside an exported
sub-tree
of the file system).
Indeed - the top-level directory has to be world-executable, which then opens up attacks
through guessing paths/filenames.
I suppose we could set some top-level ACLs to explicitly restrict the 'nobody'
user to have no access, but I was hoping that there might be a nicer way for the server to
just reject all FS requests for certain users.