
NFS Exports
The exact format for specifying which hosts can mount an exported directory
varies between Unix implementations. Generally, the information is contained
within the file /etc/exports. This file contains an access list of directories with
a series of specific "hosts" or "netgroups" showing which directories are
NFS-mountable. The "hosts" are individual machines, and "netgroups" are
combinations of hosts and usernames specified in /etc/netgroup. This listing flexibility
is intended as a means to fine-tune access.
The exports file also contains information about whether the directory is to
be exported as read-only or read-write, and whether super-user access is to be
allowed from clients that mount the directory. If the access list for a
particular directory in /etc/exports contains:
Nothing: Your directory can be mounted by anyone, anywhere.
A specific hostname: Your directory can be mounted by anyone permitted to
run the mount command at hostname. This might not be a trustworthy person.
A netgroup name: If the netgroup is empty, anyone can mount your directory,
from anywhere.
Contains "(,,)": Anyone can mount your directory, from
anywhere.
Contains the name of an empty netgroup or contains "(,,)": Anyone
can mount your directory, from anywhere.
Contains "(hostname,,)": Anyone on
the named host who has permission to mount files can mount your directory.
Contains "(,username,)": The named user can mount your directory, from
anywhere.
Contains the server's own hostname: Anyone can use a
vulnerability in the portmapper program so that the server thinks that a
remote call to mount is from the localhost. This allows anyone to mount your
directory. Intranet Scanner will report if it is able to mount via the
portmapper.
A long list of specific hostnames: Your directories can be mounted by anyone
if the list of hostnames is longer than 256 bytes and you are running an old
mount program. Your Unix vendor can provide a fix for this.
A word that is neither a hostname nor a netgroup: If you meant to export the
directory to the host hosta, but misspell it as, for example, "hotsa," the
word "hotsa" is taken as a netgroup name. This can then be found to be an
empty netgroup, and the directory can be mounted by anyone from anywhere.
To safely create an "empty" netgroup entry:
ngname (-,-,-)
This is a netgroup that matches no one on no host on no NIS domain.
Consult the system manual for more information on exports, NFS, or netgroups.