Improving the Security of RFS

RFS facilitates the sharing of files. Unless precautions are taken when using RFS, unintended access may be granted for shared resources. This is especially true for file systems that are not exported with options specified to control access. The following is a list of ways to make RFS more secure. Commands used pertain to the System V Release 4 version of RFS.

• When starting RFS, issue the command rfstart -v. This command will tell RFS to deny connection requests from any system that has not been given a password via the RFS verification procedure. Connection requests will also be denied from any system that specifies an incorrect password. The connection security feature of RFS makes it more difficult for clients to be impersonated.

• Use the -access option on all share commands. Hosts not included in the access list will not be permitted to mount the resource.

• Shared files, such as system files, should be exported read only, and owned by root. This will help to prevent system files from being modified.

• For exported file systems, use UNIX file permissions to control access to shared resources.

• Implement user id and group id mappings. This will deter user impersonation attacks. The idload command can be used to display current user and group mappings in effect.

• Do not allow untrusted systems to mount file systems with root access enabled.

• The dfshares command can be used to display a list of all resources in the domain that are available for mounting via RFS. The dfmounts command can be used to display a list of remote hosts that have resources mounted from a server. These commands can be used to assist in monitoring RFS security.

• Do not run RFS on a secure gateway (see sec. 10.3).