LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/solrhe/Securing-Optimizing-Linux-R.../chap5sec33.html

264 lines
4.1 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>The /etc/exports file</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
REL="HOME"
TITLE="Securing and Optimizing Linux"
HREF="index.html"><LINK
REL="UP"
TITLE="General System Security"
HREF="gen-syssecured.html"><LINK
REL="PREVIOUS"
TITLE="The root account"
HREF="chap5sec32.html"><LINK
REL="NEXT"
TITLE="Disable console program access"
HREF="chap5sec34.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="chap5sec32.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. General System Security</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="chap5sec34.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="AEN3264"
>5.5. The <TT
CLASS="filename"
>/etc/exports</TT
> file</A
></H1
><P
>&#13; If you are exporting file systems using <SPAN
CLASS="acronym"
>NFS</SPAN
> service, be sure to configure the <TT
CLASS="filename"
>/etc/exports</TT
> file with the most restrictive access possible. This means not using wildcards, not allowing root write access, and mounting read-only wherever possible.
<DIV
CLASS="example"
><A
NAME="AEN3270"
></A
><P
><B
>Example 5-1. Export file systems using <SPAN
CLASS="acronym"
>NFS</SPAN
></B
></P
><P
>&#13; Edit the exports file vi <TT
CLASS="filename"
>/etc/exports</TT
> and add:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="programlisting"
>&#13; /dir/to/export host1.mydomain.com(ro,root_squash)
/dir/to/export host2.mydomain.com(ro,root_squash)
</PRE
></TD
></TR
></TABLE
>
Where:
<P
></P
><UL
><LI
STYLE="list-style-type: opencircle"
><P
>&#13; <TT
CLASS="filename"
>/dir/to/export</TT
> is the directory you want to export.
</P
></LI
><LI
STYLE="list-style-type: opencircle"
><P
>&#13; <TT
CLASS="literal"
>host<TT
CLASS="prompt"
>#</TT
>.mydomain.com</TT
> is the machine allowed to log in this directory.
</P
></LI
><LI
STYLE="list-style-type: opencircle"
><P
>&#13; The <TT
CLASS="literal"
>ro</TT
> option mean mounting read-only.
</P
></LI
><LI
STYLE="list-style-type: opencircle"
><P
>&#13; The <TT
CLASS="literal"
>root_squash</TT
> option for not allowing root write access in this directory.
</P
></LI
></UL
>
</P
></DIV
>
For this change to take effect you will need to run the following command on your terminal:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="screen"
>&#13; [root@deep]# /usr/sbin/exportfs -a
</PRE
></TD
></TR
></TABLE
>
</P
><DIV
CLASS="note"
><BLOCKQUOTE
CLASS="note"
><P
><B
><SPAN
CLASS="inlinemediaobject"
><IMG
SRC="./images/Note.gif"
ALT="Note"
></IMG
></SPAN
>: </B
>
Please be aware that having an <SPAN
CLASS="acronym"
>NFS</SPAN
> service available on your system can be a security risk. Personally, I don't recommend using it.
</P
></BLOCKQUOTE
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="chap5sec32.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="chap5sec34.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>The root account</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="gen-syssecured.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Disable console program access</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink