Why am I able to mount NFS share simply because root on my machine has the same UID as the NFS owner?
I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).
I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).
I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?
If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?
If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?
linux permissions mount nfs freenas
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
add a comment |
I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).
I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).
I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?
If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?
If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?
linux permissions mount nfs freenas
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
add a comment |
I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).
I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).
I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?
If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?
If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?
linux permissions mount nfs freenas
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).
I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).
I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?
If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?
If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?
linux permissions mount nfs freenas
linux permissions mount nfs freenas
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
asked Feb 11 at 11:38
Mike WilliamsMike Williams
12
12
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404406%2fwhy-am-i-able-to-mount-nfs-share-simply-because-root-on-my-machine-has-the-same%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404406%2fwhy-am-i-able-to-mount-nfs-share-simply-because-root-on-my-machine-has-the-same%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
