Check out http://nfs.sourceforge.net/nfs-howto/ Pay special attention to http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS - You could also use TCP wrappers to only allow server2 access to portmap on server1. On server1, add a "portmap: ALL" to /etc/hosts.deny and a "portmap: IP.ADDRESS.of.server2" to /etc/hosts.allow
NFS has historically been a scary thing, but if setup correctly, is super useful. Also make sure that you've got /mnt/partition1 in server2's /etc/fstab (or /etc/device.tab) so it gets mounted at startup. You should block all access to it from the internet - web clients would still be able to read web pages (since they're requesting them from server2). In addition, you should block all access to server1 from server2 except for the ports needed for nfs, (portmap, nfsd), just in case server2 gets taken over - you don't want to be rebuilding two servers instead of one. In any case, /mnt/partition1 will look exactly like a local partition, so it wouldn't be any more exploitable via your web server as any other local partition which contains your DocumentRoot. - jeff grunberg -----Original Message----- From: renante [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 1:30 AM To: [EMAIL PROTECTED] Subject: mounting remote partition via NFS I want to mount one of the partition located in my other server via NFS. The scenario: partition1 in server1 mounted in server2 via NFS and this partition (/mnt/partition1) will be use as DocumentRoot as web services. Is there any security issues regarding NFS, or does the server1 vulnerable in exploitation via web, since this particular partition is being used as documentroot of web service. Any help will be highly appreciated Renante B. Bontuyan
