As I mentioned in the previous email, I filed a bug to set that option to enabled by default for both modes.
However, having it set to disabled doesn't mean that any user can access a filesystem. Those options are kind of misnomers - they're actually removing the limit on port ranges for privileged ports. When they are set to "on" then you are only allowed a set range of ports to access NFS and mount with. (1-1024)
They really don't have anything to do with the user that is mounting. Users can't mount from Linux clients by default. You have to configure the client to allow it. And users can mount via privileged ports. The non-privileged ports are specified at mount.
The port behavior is still controlled by the client. If you don't want non-privileged ports, then don't allow them on the client. :)
On 8/12/13 7:20 PM, "Peter D. Gray" pdg@uow.edu.au wrote:
On Mon, Aug 12, 2013 at 04:25:45PM +0000, Parisi, Justin wrote:
On a side note, this option is set to disabled in clustered Data ONTAP by default.
So, it would appear that the default security model has changed almost silently with NFSv4.
With NFSv3, nfs.mount_rootonly is true by default and ensured the clients ports were privilaged. This is good.
With NFSv4, the above setting is not used, and mounts from non-privilaged ports is allowed by default. This is bad. At some time in 8.1, nfs.nfs.rootonly was introduced, but the default setting is off which still makes it bad.
With the nfs.nfs_rootonly setting being false, any user on the client machine can gain access to any filesystem the filer exports to that cleint as any user.
Am I the only person who things this is unreasonable?
Now, before anybody starts, I know that NFSv4 has other security models that fix this problem. Thats not the point here. I think the default settings should give he best security they can.
Regards, pdg
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters