5.4. Securing NFS

The Network File System or NFS is an RPC service used in conjunction with portmap and other related services to provide network accessible file systems for client machines. For more information on how NFS works, refer to the chapter titled Network File System (NFS) in the Red Hat Enterprise Linux Reference Guide. For more information about configuring NFS, refer to the Red Hat Enterprise Linux System Administration Guide. The following subsections assume basic knowledge of NFS.

ImportantImportant
 

It is recommended that anyone planning to implement an NFS server first secure the portmap service as outlined in Section 5.2 Securing Portmap, before addressing the following issues.

5.4.1. Carefully Plan the Network

Because NFS passes all information unencrypted over the network, it is important the service be run behind a firewall and on a segmented and secure network. Any time information is passed over NFS on an insecure network, it risks being intercepted. Careful network design in these regards can help prevent security breaches.

5.4.2. Beware of Syntax Errors

The NFS server determines which file systems to export and which hosts to export these directories to via the /etc/exports file. Be careful not to add extraneous spaces when editing this file.

For instance, the following line in the /etc/exports file shares the directory /tmp/nfs/ to the host bob.example.com with read and write permissions.

/tmp/nfs/     bob.example.com(rw)

This line in the /etc/exports file, on the other hand, shares the same directory to the host bob.example.com with read-only permissions and shares it to the world with read and write permissions due to a single space character after the hostname.

/tmp/nfs/     bob.example.com (rw)

It is good practice to check any configured NFS shares by using the showmount command to verify what is being shared:

showmount -e <hostname>

5.4.3. Do Not Use the no_root_squash Option

By default, NFS shares change the root user to user nfsnobody, an unprivileged user account. This way all root-created files are owned by user nfsnobody, which prevents uploading of programs with the setuid bit set.

If no_root_squash is used, remote root users will be able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.