NFS HOWTO : Security and NFS : Client Security
Previous: Security and NFS
Next: Server security: nfsd

6.1. Client Security

On the client we can decide that we don't want to trust the server too much a couple of ways with options to mount. For example we can forbid suid programs to work off the NFS file system with the nosuid option. This is a good idea and you should consider using this with all NFS mounted disks. It means that the server's root user cannot make a suid-root program on the file system, log in to the client as a normal user and then use the suid-root program to become root on the client too. We could also forbid execution of files on the mounted file system altogether with the noexec option. But this is more likely to be impractical than nosuid since a file system is likely to at least contain some scripts or programs that needs to be executed. You enter these options in the options column, with the rsize and wsize, separated by commas.


NFS HOWTO : Security and NFS : Client Security
Previous: Security and NFS
Next: Server security: nfsd