Linux: File System and Nfs Essay

Submitted By AimFire6969
Words: 820
Pages: 4

Developed by Sun Microsystems, NFS allows users to treat shared files as if they are stored on the local file directory. A client/server protocol that operates independently from the OS in that it treats the server as a shared storage device using permissions to restrict access. (Indiana University 2014) In order for NFS to be a useful application, the client and server must be present on separate computers. The client reads the files on the server's directory as if the files were stored on the client's own directory, seamlessly and with ease. The NFS share can be created using either a CLI (command line interface) or a GUI (graphical user interface) format. The graphical user interface is preferred due to ease of access.TCP/IP is the gateway through which access is given and received. (techtarget.com) Using the host’s requests, the user is only given access to files mounted on the server.

User permissions are often squashed to keep attacks at bay. Another useful tool that can be deployed by NFS is read-only access which allows a user to simply read the document. In this case, the user may not write nor execute any commands. Another great way to thwart attacks is to generate rules using the iptables command allowing access to certain ports in the firewall. Another way to do this is to use the rpcbind command. Because NFS has vulnerabilities it is recommended that the implementation of this protocol should be used on LAN networks only. (Fedora n.d.) There is a two-step authentication process a client must adhere to in order to gain access to a server. First is to gain mount access, after that a client must access the shared file on the directory. Using NFS a user can allow or deny certain ports from being accessed. A host can also use an IP address to allow or deny access using either/etc/hosts.allow or /etc/hosts.deny. In order to keep a server secure and to keep a client from getting root privileges a host can use the root_squash (one of many squash commands) command. This only works if all directories are owned by root and not bin, lib, or any other non-root account or directory. This is because a client can use SU and become any user to gain privileges. Now, this is not to say that the client is completely safe, because a share is a two-way street. A suid account can be created by the host on the client machine to gain access to the client files. This can pose a problem for a user that wants to operate in a secure environment. A user can protect themselves by using the nosuid command. This will not allow the creation of the super user ID and therefore thwart this kind of attack. (tldp.org n.d.)

From time to time a user may experience issues when accessing NFS. This is because Linux comes in many different editions and distributions. A user must remember that after making any changes to /etc/exports the system must be rebooted for those changes to take effect. This is an important step as a wild goose chase for changes may ensue if the restart does not take place. Another problem a user may run into is that of the portmap daemon. On some systems, this