[rescue] Uptime war (Was: STOP THE INSANITY)

Curtis H. Wilbar Jr. rescue at hawkmountain.net
Wed Jun 18 12:35:01 CDT 2003


If your users are all trustworthy, then NFS won't matter.

However, it is unfortunately all too simple to circumvent "security" in
NFS (mainly because it works on the trust principal).

-- Curt


>From: Mattias Nordlund <mathew at eagle.y.se>
>
>On Wed, 18 Jun 2003, Curtis H. Wilbar Jr. wrote:
>
>> >From: Mattias Nordlund <mathew at eagle.y.se>
>> >
>> >Probably, but as it only is used as mail-server with postfix, and
>> >is firewalled so only open port from the internet is port 25.
>> >
>> >Then all users read mail localy on other machines that have NFS mounted it
>> >or over imap (not from the internet)
>>
>> What protection do you have against NFSshell ?  Around 6 years ago when
>> I was at a regional ISP, we eliminated NFS to the mail server and went
>> with an undocumented IMAP (using pine's master config to reference the
>> IMAP server).  Anyone using something other than pine from the shell
>> server no longer had e-mail access... but that was only a couple of
>> people.  There was too much rampant abuse of NFS and eliminating it was
>> the easiest thing.
>
>None, but this is a non-profit computer club, so security does matter, but
>is not the most importamt thing. If we can't trust the users of the other
>machines, then it is all allready owned..
>
>/Mattias
>_______________________________________________
>rescue list - http://www.sunhelp.org/mailman/listinfo/rescue


Curtis Wilbar
Hawk Mountain Networks
rescue at hawkmountain.net

My e-mail is protected against viruses and spam by MailGuardian
                  http://www.mailguardian.net
          Top notch protection at unbelievable prices



More information about the rescue mailing list