Deploying Suse Linux Enterprise Server
 |
Purchase "Deploying Suse Linux Enterprise Server" at Lulu.com |
Configuring the NFS Server
Configuring the NFS Server
Before I explain how to implement NFS on Suse Linux Enterprise Server, I need to explain a few things about NFS to let you decide if it is the correct solution for your network deployment.
First, you need to understand that NFS is simply a "Network File System", which means that you can "mount" remote filesystems from your local GNU/Linux - Unix machines and have them act as if the filesystem(s) were physically connected to your machine (more or less). However, in this discussion, what NFS is NOT may seem to be more important, especially for those that may be coming from a Microsoft Windows background.
Unlike Microsoft's Windows "one size fits all" Networking approach, NFS is not an authentication mechanism, you must provide another mechanism to ensure that User's are authenticated from a central server (if you wish them to be). This means that you will probably need to use an LDAP Server, NIS Server or a Windows/Samba server for User Authentication.
NFS is also not a way to ensure that the remote user is who they say they are (meaning "ensuring the computer being logged in from is a part of a 'Domain' or something similar"). For networks that put network security a top priority, you must also implement another service, such as Kerberos, within your network to ensure users are only logging into certain machines.
Let me explain a little more about security: Let's say I implement an NFS server without implementing Kerberos, and I restrict the access to the filesystem to certain network addresses. Then let's say I have a User, "Ron Paul" within my LDAP server with username "rpaul" and user ID number 1105. Then let's say someone decides to bring a GNU/Linux notebook into your network, they just happen to create the a new user with username "rpaul" and user ID 1105 locally (on their notebook) and logs in as this new user. As long as that notebook has an address within the range allowed by the NFS server, that notebook user can then mount an NFS filesystem from your server and have all the permissions that the "rpaul" user has on your server (read/write to the same files/directories that the rpaul user is allowed to).
Although this may sound like a huge security hole, keep in mind that 75% of all Windows Server installations are deployed with shares that are world readable/writable.
Since most networks do not (yet) have GNU/Linux or Unix workstations, and since the next version of Samba will probably have a Kerberos implementation "rolled into it", I have decided not to explain how to implement Kerberos within Suse Linux Enterprise (yet) as the implementation will likely soon change in the next year or two. Until then, if you have any financial or other secure information on your network, it is your responsibility to configure Kerberos within your network or simply do not put secure information within an NFS share.
|
Purchase "Deploying Suse Linux Enterprise Server" at Lulu.com |
