When files are exported on an NFS server, the administrator designates which clients can mount specific directory trees located on the server. The type of access may also be given for exported files.
For Sun Microsystems Network Filesystem (NFS), the /etc/exports
file contains entries for directories that can be exported to NFS
clients. Each line of the /etc/exports file has the
``Directory'' is the pathname of a directory or a filesystem. ``Options'' allow a variety of security-related options to be specified. It is important that a system administrator is aware of default access that is allowed if certain options are not specified. It is also important that the system administrator is aware of the implications of using or not using certain options. The following list gives examples of how to export files so that the possibility of unauthorized file access is reduced. Examples given apply to the implementation of NFS in SunOS [SUN90b].
The following example exports the /usr directory to
clientA and clientB. All other systems are denied permission to
mount these files.
It is advisable for administrators to regularly inspect the file which gives permission for directories to be exported to clients (i.e., the /etc/exports file for SunOS) to verify that entries have not been modified.
In order to protect a system from unauthorized setuid and setgid programs, it is advisable to mount all files with the nosuid option. Use of the nosuid option provides a measure of protection on the client from someone with root access on the server gaining root access on the client through a setuid program that grants root privileges to the user executing the program. For example, the superuser on the server can create an executable file (e.g., a copy of sh) with setuid root, i.e., when sh is run, it runs as root. If this file is exported to a client, then any user on that client who can execute that file can become superuser on the client.