beautypg.com

Network file system (nfs) service, Before you set up nfs service, Setup overview – Apple Mac OS X Server (Administrator’s Guide) User Manual

Page 256: Network file system (nfs) service 256, Before you set up nfs service 256, Security implications 256, Setup overview 256

background image

256

Chapter 5

Network File System (NFS) Service

Network File System is the protocol used for file services on UNIX computers. Use NFS to
provide file service for your UNIX clients (other than Mac OS X clients). You can export a
shared item to a set of client computers or to “World.” Exporting an NFS volume to World
means that anyone who can access your server can also access that volume.

Note: The NFS term for sharing is export. This guide, therefore, uses that term to be
consistent with standard NFS terminology.

You use the NFS module of Server Settings to configure and manage NFS service. You also
use the Sharing module of Workgroup Manager to set privileges and access levels for the
share points or folders you want to export.

Before You Set Up NFS Service

Be sure to consider the security implications of exporting in NFS before you set up NFS service.

Security Implications

NFS was created for a secure networking environment, in which you can trust the client
computer users and the people who administer the clients. Whereas access to Apple file
service, Windows file sharing, and FTP service share points is controlled by authentication
(user name and password), access to NFS shared items is controlled by the client software
and file permissions.

NFS allows access to information based on the computer’s IP address. This means that a
particular client computer will have access to certain share points regardless of who is using the
computer. Whenever the computer is started up, some volumes or folders are automatically
mounted or made available, and anyone who uses the computer has access to them.

With NFS, it’s possible for a user to spoof ownership of another person’s files. For example, if
a file on the server is owned by a user with user ID 1234, and you export a folder that
contains that file, someone on a remote computer can create a local user on the remote
computer, give it a user ID of 1234, mount that folder, and have the same access to the
folder’s contents as the file’s original owner.

You can take some steps to prevent this by creating unique user IDs and by safeguarding user
information. If you have Internet access and plan to export to World, your server should be
behind a firewall.

Setup Overview

Here is an overview of the major steps for setting up NFS service.

This manual is related to the following products:
See also other documents in the category Apple Software: