If you are exporting file systems using NFS service, be sure to configure the /etc/exports file with the most restrictive access possible. This means not using wildcards, not allowing root write access, and mounting read-only wherever possible.
Example 5-1. Export file systems using NFS
Edit the exports file vi /etc/exports and add:
/dir/to/export host1.mydomain.com(ro,root_squash)
/dir/to/export host2.mydomain.com(ro,root_squash)
|
Where:
/dir/to/export is the directory you want to export.
host#.mydomain.com is the machine allowed to log in this directory.
The ro option mean mounting read-only.
The root_squash option for not allowing root write access in this directory.
For this change to take effect you will need to run the following command on your terminal:
[root@deep]# /usr/sbin/exportfs -a
|
:
Please be aware that having an NFS service available on your system can be a security risk. Personally, I don't recommend using it.
