Re: tlug: NFS question

[Frank Bennett <bennett@example.com>]

Karl-Max Wagner <karlmax@example.com> writes:

Thank you for putting in time on this.

> IMHO everything suggested so far is unnecessary complex. I'd do
> it the following way:
> 
> On the server in /etc/exports:
> 
> I enter the user machines and the directories that are exported
> to them ( their home directories, maybe some directories ro with
> tools for general use ).

If the size of the exported directory does not itself impose
significant overhead, I'll just export /home once, to keep
maintenance simple.  Clients will pick up /home, and bypass other
user's accounts in that space, just as they would if logging into
the server.

> I also create the home directories for the users

Yes, on the server: but only /home or its link point need be
created on the clients.  Again, this keeps maintenance simple.

> On the clients in /etc/fstab:
> 
> I add the nfs directories that are to be mounted at boot time
> from the server.

Again, only /home will be needed.

> Appropriate application of the above should pretty much solve
> all problems. 

Except security, which is what Rex's postings were about.
In some way we have to assure that clients share consistent
/etc/passwd file data, and that that data is consistent with the
expectations of the server's filesystem.

However, the mounting business is set up, I need to be sure that
users cannot access other users' home directories.  I thought
about this again, and it seems to me that it IS a pretty serious
problem under NFS.  If the server doesn't know anything about
usernames, it is going to trivial for someone to boot a
workstation (or adjust the IP in their laptop), login as root,
change their own user ID to that of the person whose data they
would like to snoop, and mount the NFS directories from the
server.

To protect against this, I figure that each subdirectory needs a
file like ~/.checkname, owned by root but readable to everyone
else.  The /etc/profile script that runs before ~/.bash_profile
will check the content of this, and compare it with the result of
"whoami".  If there's a discrepancy, the server knows that the
user is spoofing his identity, and script issues an immediate
"exit", killing the shell.

Can anyone see obvious holes in this?

> To distribute config files: either you use rdist or the like or
> you put them into the home directory of the users and have a
> script copy them onto the client machine at boot time. you ncan
> also use links pointing to them directly ( however, I have a
> bias against pointing links into nfs mounted directories - it's
> not particularly secure because all authentication requests are
> sent over nfs ).

Rdist certainly sounds like something I need to study.

For machine-specific configuration data (the X config file, and
the list of kernel drivers needed for a given workstation), I
figure I can just make subdirectories in /home with the IP
address of the workstation.  Then we set up links something like
/home/$IP_ADDRESS/Xconfig.  This is a one-time access at startup,
so there's no problem with overhead.

Cheers,
-- 
-x80
Frank G Bennett, Jr         @@
Faculty of Law, Nagoya Univ () email: bennett@example.com
Tel: +81[(0)52]789-2239     () WWW:   http://rumple.soas.ac.uk/~bennett/
---------------------------------------------------------------
Next Nomikai: 20 November, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 12 December, 12:30 Tokyo Station Yaesu central gate
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp