Comment by mistrial9
13 hours ago
you sound so wise and produce excellent reference, but in the next breath you show NFS in use?
signed -confused
13 hours ago
you sound so wise and produce excellent reference, but in the next breath you show NFS in use?
signed -confused
What would you use for remote mounting filesystems? I don't know of any that are simply superior (w/o caveats/tradeoffs).
I upvoted you, and yes, cleartext NFS is a concern.
I had it wrapped in stunnel TLS, but I ripped that out recently as I am retiring and the new staff is simply not capable of maintaining that configuration.
My users were yelling, and the patch to tinysshd to omit all permissions checks silenced the complaints. No, it's not pretty.
Why is it so self-evident that NFS is bad?
Security is optional in NFS 4, and practically non-existent before. The standard Linux NFS client does not implement security.
> The Linux NFS client does not yet support certain optional features of the NFS version 4 protocol, such as security negotiation, server referrals, and named attributes.
> man 5 nfs