[lug] Silly Question

Michael J. Hammel mjhammel at graphics-muse.org
Thu Oct 4 10:51:44 MDT 2001


Thus spoke Holshouser, David
> I've only heard, but I've heard it all the time. 
> I don't know anything about the security of NFS but would love to hear some
> opinions.

Well, for what it's worth, I wouldn't use it across the Internet because
it's slow and a resource hog.  But it works fine behind a firewall on a
LAN.  Keeping it firewalled from the Internet should keep it modestly
secure from the outside.  Keeping it secure on the inside probably requires
SS trops overseeing your users.

"Insecure" might mean that, improperly configured, users can access files
they shouldn't.  But that's true of just about any data sharing protocol.  
I've not seen any malicous attacks that came through NFS ports while
reading the security info that comes into LWN.net over the past year, but
then I don't follow the security stuff all that closely (only on weeks I
have to write that page).

NFS biggest problem to me is that it's slow and used to get confused a lot,
causing clients systems to lock up waiting from responses from servers that
had gone away.  It meant, at one time in the past, that clients that were
in the process of coming down on a reboot would get stuck waiting to
unmount servers that had gone away requiring the client to be power cycled.
Nasty things happened to filesystems under those conditions.  But that
doesn't seem to happen nearly as much these days.  The trick was to
recognize the server had gone away and reboot it before you tried to do
anything drastic to the client.  That gave the server a chance to respond
and cleared the lock on the client.  AGain, these problems are less common
these days on my systems.  YMMV.
-- 
Michael J. Hammel                               The Graphics Muse 
mjhammel at graphics-muse.org                      http://www.graphics-muse.com
------------------------------------------------------------------------------
Follow the three R's: Respect for self, Respect for others, Responsibility 
for all your actions.  -  Credited to the Dalai Lama.



More information about the LUG mailing list