Re: lug-bg: NFS

[lug@xxxxxxxx (LUG-Yambol)]

On Sat, 10 Jul 1999, you wrote:
> Vizte faila /etc/exports - tam se definira koi ima prawo i koi 
> direktorii da mountwa. Ima i man page za nego.
> Eto edin primeren fail:
> 
> # See exports(5) for a description.
> # This file contains a list of all directories exported to other 
> computers.
> # It is used by rpc.nfsd and rpc.mountd.
> /   toni.home.net(rw,no_root_squash)
Towa gornoto ne zwu4i lo6o ;-), no 6te triabwat i dopylnenia. W tozi fail,
oswen HOST-a(ili NET-a) za koito se prawi export-a, triabwa da se zadade i
netmask-ata. Oswen towa, ne prepory4wam zapisi ot gornia tip ;-).
Pri NFS, root-a na HOST-a , koito MOUNT-va, ne se razglejada kato 
UID=0 GID=0, a mu se premap-vat nowi UID i GID.
Kato e opisano w "man mount", "no_root_squash" syzdawa iluzia za komputera,
koito exportva NFS-a, 4e USER-a, koito e mount-nal , w slu4aia "/" e localen,
 i ako towa e root(log-nat na drugata mashina), to toi pridobiwa wsi4ki prawa
nad /. Sled towa , wseki uwajawa6t sebe si prohojda6t cracker, startira 'rm -rf
<Path-kydeto-e-mount_nata_/> &" . Hubawoto na cialata istoria, 4e opisanoto po
gore niama da sraboti za wyn6ni(spriamo LAN) mashini, ako w /etc/hosts.allow e
kazano:

#------ cut here  & paste & edit in  hosts.allow    ------ 
#Start of hosts.allow.
ALL:192.168.122.
# End of hosts.allow.
#  remark: Predpolagam , 4e LAN-a ti e zadaden kato 192.168.122.0              
#------------------ cut here ----------------- 

a wyw faila hosts.deny - slednoto:
#------ cut here  & paste & edit in  hosts.deny    ------ 
#Start of hosts.deny.
ALL:ALL
# End of hosts.deny.
#------------------ cut here ----------------- 

Sled kato si razre6il problemite sys sigurnosta na systemata ot wyn6ni ataki (
za wytre6nite 6te triabwa da se pogriji6 sam ;-), ostawa da startira6
daemon-ite.
towa staw po dwa na4ina, no az prepory4wam slednia:

wyw /etc/rc.d/rc.inet2 ( bi triabwalo da go ima, no ako lipswa, dobawi go):

NET=/usr/sbin
# # Start the various SUN RPC servers.
if [ -f ${NET}/rpc.portmap ]; then
  # Start the NFS server daemons.
  if [ -f ${NET}/rpc.mountd ]; then
    echo -n " mountd"
    ${NET}/rpc.mountd
  fi
  if [ -f ${NET}/rpc.nfsd ]; then
    echo -n " nfsd"
    ${NET}/rpc.nfsd
  fi
# ... i drugi RPC istorii ;-)
fi # Done starting various SUN RPC servers.                                   
                                                              
wsi4ko gorenapisano waji za SlackWare ili podobni ditribucii ( BSD compatible).
Pri  SysV podobnite, kato RedHat, ima razli4ia, za koito ne moga da kaja koi
znae kolko.

I taka, drugata preporyka e da si ima6 EXPORT samo za otdelni DIR-ii, kato
naprimer /usr.
Za neia zapisa w /etc/exports ( ako LAN-a ti e 192.168.122.0) bi izglejdal taka:

#----- cut &paste&edit in /etc/exports -----------
 /usr   192.168.122.0/255.255.255.0(ro) 
# predpolagam , 4e ne si prawil ograni4itelna NETMASK
#
#I ako iska6 da ima6 edna DIR na wseki HOST, w koiato da moje6
#da pishesh, 4ete6 i kawoto drugo piska6, eto edin primer
/share 		192.168.0.0/255.255.255.0(rw, no_root_squash)
#--------------- cut here------------------

Ami, towa misli 4e e , i dano ne sym obyrl ne6to;-). Ako ima problemi , obadi se
pak  				
                                        Say_Man
----> LUG-Yambol    mailto:lug@xxxxxxxx
==================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
For more send to lug-bg-request@xxxxxxxxxxxx a single word 'info'
==================================================================