Why am I able to mount NFS share simply because root on my machine has the same UID as the NFS owner?












0















I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).



I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).



I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?



If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?



If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?










share|improve this question



























    0















    I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).



    I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).



    I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?



    If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?



    If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?










    share|improve this question

























      0












      0








      0








      I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).



      I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).



      I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?



      If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?



      If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?










      share|improve this question














      I have recently set up a new FreeNAS machine at home and am beginning to tinker. I have previously had very little experience with network administration (and I have only been using Linux on my home machines for the past year or two).



      I have been used to mounting an SMB share from a Synology DiskStation via CIFS on my Kubuntu machine, and I need to supply credentials to be able to do that. I have been doing some online searching on the topic, and I understand that NFS doesn't require login credentials to mount, although I believe UIDs on the client and NFS machine need to align for the mount to succeed (although I'm not certain my understanding on this is correct or complete).



      I appear to have been able to successfully mount the NFS share from my FreeNAS machine, and I believe this is because I run the mount command with sudo, and the NFS share owner is root in FreeNAS, so the UID's on client and server are both 0 and this allows the mount to proceed?



      If this is correct, I am wondering if anyone who connects a Linux machine on my home network and has su privileges for that machine can then mount the NFS share without any credentials?



      If so, is there a way that I can restrict the ability to mount the share? Is this what Kerberos is for?







      linux permissions mount nfs freenas






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Feb 11 at 11:38









      Mike WilliamsMike Williams

      12




      12






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404406%2fwhy-am-i-able-to-mount-nfs-share-simply-because-root-on-my-machine-has-the-same%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404406%2fwhy-am-i-able-to-mount-nfs-share-simply-because-root-on-my-machine-has-the-same%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Aardman Animations

          Are they similar matrix

          “minimization” problem in Euclidean space related to orthonormal basis