[BBLISA] Secure, authenticated file serving to untrusted clients

Theo Van Dinter felicity at kluge.net
Fri Apr 17 20:54:27 EDT 2009


You can limit root access, but that doesn't stop people doing "su -
username" and then doing things as that user, for example.  sec=krb5
limits access pretty well, and if you can also limit who is able to
log into the client things become much more reasonable.

"NFS" and "secure" tend not to show up in the same sentence a lot. :(


On Fri, Apr 17, 2009 at 8:35 PM, Michael Sprague <mfs at komerex.com> wrote:
> I could be way off base here, but couldn't you use something like grsecurity
> or selinux to prevent even root from doing anything bad to the network
> attached storage?  That's basically what we do where I work and we use
> grsecurity.




More information about the bblisa mailing list