NFS Services Administrator's Guide (B.11.31.03) August 2008

Examples for Securely Sharing Directories

This section discusses different examples for sharing directories in a secure manner.

• Granting access to shared directories only for AUTH_DES mode users

share -F nfs -o sec=dh /var/casey

In this example, only clients that use AUTH_DES security mode are granted access.

• Sharing directories using a combination of security modes

share -F nfs -o sec=dh,rw,sec=sys,rw=onc21 /var/Casey

In this example, the security modes dh and sys are combined.

• Sharing directories with read-only access for all non AUTH_DES users

share -F nfs -o sec=dh,rw,sec=sys,ro /var/Casey

All clients that do not use the AUTH_DES security mode get read-only access.

• Sharing directories with two groups having different access permissions

share -F nfs -o ro=nw1,rw=nw2 /var/Casey

In this example, client onc36 is common to two netgroups, nw1 and nw2. Each

netgroup is granted different access permissions, rw and ro. The order of the two

options determines the permission that the client is granted. Client onc36 is granted

read-only access.

share -F nfs -o rw=nw1,ro=nw2 /var/Casey

In this example, the client onc36 is granted read-write access.

• Sharing directories with different access permissions

share -F nfs -o ro=onc32,root=onc21 /var/Casey

In this example, onc21 is included in the root= list. There is no interaction between

the root option, and the rw and ro options. Here, onc21 is denied access.

share -F nfs -o ro=onc32,rw=onc21,root=onc21 /var/casey

In this example, onc21 is given read-write access.

Secure NFS Client Configuration with Kerberos

To secure your NFS client setup using Kerberos, follow these steps:

1. Set up Kerberos client for the same realm as the NFS server. You can copy the

krb5.conf file from the NFS server.

40 Configuring and Administering NFS Services