Using credentials to access an NFS share

[STREBLO]

I'm a bit confused as to how you're supposed to set up credentials for an NFS share. I have read through the documentation but I'm still confused if I'm supposed to be using mapalll and I'm not really sure what that does. Basically I want to have a password required when someone wants to mount and access a certain share, is this just not possible with NFS, or am I missing something really obvious here?

 

[SweetAndLow]

Not possible unless you setup the client to use some kind of authentication service like kerberos. If you want password auth you can use cifs with Linux.

Mapall just makes it so any user that connects always looks kind the same user to freenas.

 

[STREBLO]

Does Kerberos work well?

 

[SweetAndLow]

If you have to ask you probably don't want to use it. It works great but is complicated if you have never used it before.

 

[STREBLO]

Is it possible to use it without using a directory service? Or do you have to use active directory alongside it?

 

[solarisguy]

@STREBLO, some questions that maybe need to be answered first

• Is it an assignment for one of your classes?
• What is the origin of login/password tuple for existing users?
• One NFS client? More than one?

Please tell us what is your goal or your vision how things would be working. Please do not tell us what tools need to be used (unless it is a class assignment)...

 

[solarisguy]

If you have to ask you probably don't want to use it. It works great but is complicated if you have never used it before.

About Kerberos: very, very true.

The same for Active Directory...

 

[STREBLO]

@STREBLO, some questions that maybe need to be answered first

• Is it an assignment for one of your classes?
• What is the origin of login/password tuple for existing users?
• One NFS client? More than one?

Please tell us what is your goal or your vision how things would be working. Please do not tell us what tools need to be used (unless it is a class assignment)...

No. For my nas.
I just want to be able to password protect my share so no one else on my network and sign into it. As of now it is just for one NFS share. I know you can do this using CIFS but I would preferred to use an NFS. Ideally when trying to mount the share I would be able to input the password similar similarly to the way you can do it with CIFS/samba.

 

[solarisguy]

No. For my nas.
I just want to be able to password protect my share so no one else on my network and sign into it. As of now it is just for one NFS share.

Have you tried the following?

• recreating the Linux (I am assuming) user on FreeNAS
• making all the files and directories in the share owned by him and his group
• using chmod so no access is given to others (and group if required)
• using sys as a choice for NFS Security

 

[SweetAndLow]

Have you tried the following?

• recreating the Linux (I am assuming) user on FreeNAS
• making all the files and directories in the share owned by him and his group
• using chmod so no access is given to others (and group if required)
• using sys as a choice for NFS Security

Someone would just have to make a user with the same uid as the owner and they would get access.

Use smb if you want to password protect your files.

 

[solarisguy]

• Protection against accidental exposure of private files at home? Good enough.
• Friendly dorm environment? Make sure that the IP address of your NFS client is the only one on the allowed list. Assuming that you are the only user of said system...
  
• Unfriendly dorm environment? They will place a hidden camera to record your credentials, etc.
• Protecting against CSIS or CSE (Canadian NSA wannabe)? NFS? Forget it.

In any case, how do you protect the console of your FreeNAS server, if I may ask?

 

[STREBLO]

Have you tried the following?

• recreating the Linux (I am assuming) user on FreeNAS
• making all the files and directories in the share owned by him and his group
• using chmod so no access is given to others (and group if required)
• using sys as a choice for NFS Security

• Protection against accidental exposure of private files at home? Good enough.
• Friendly dorm environment? Make sure that the IP address of your NFS client is the only one on the allowed list. Assuming that you are the only user of said system...
  
• Unfriendly dorm environment? They will place a hidden camera to record your credentials, etc.
• Protecting against CSIS or CSE (Canadian NSA wannabe)? NFS? Forget it.

In any case, how do you protect the console of your FreeNAS server, if I may ask?

It's basically the principle that I don't like leaving my files completely open to browsing by anyone on the network and even though I'm the only one using a Linux computer, and even though I don't think anyone else would be even able to browse the NFS shares I still prefer to have some security, even if it just means someone can't read my files, so this might just be fine. I had thought about doing this before but was hoping there would be something a little better .

 

[solarisguy]

NFS was made for sharing. Trust me :D