Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
Prev	Chapter 5. General System Security	Next

exports` file

If you are exporting file systems using NFS service, be sure to configure the /etc/exports file with the most restrictive access possible. This means not using wildcards, not allowing root write access, and mounting read-only wherever possible.

Example 5-1. Export file systems using NFS

Edit the exports file vi /etc/exports and add:
/dir/to/export host1.mydomain.com(ro,root_squash) /dir/to/export host2.mydomain.com(ro,root_squash)
Where:

/dir/to/export is the directory you want to export.
host#.mydomain.com is the machine allowed to log in this directory.
The ro option mean mounting read-only.
The root_squash option for not allowing root write access in this directory.

For this change to take effect you will need to run the following command on your terminal:

            [root@deep]# /usr/sbin/exportfs -a

: Please be aware that having an NFS service available on your system can be a security risk. Personally, I don't recommend using it.

Prev	Home	Next
The root account	Up	Disable console program access

5.5. The /etc/exports file

5.5. The `/etc/exports` file