HP-UX Reference (11i v2 04/09) - 5 Miscellaneous Topics (vol 9)
n
nfs_portmon(5) nfs_portmon(5)
(Tunable Kernel Parameters)
NAME
nfs_portmon - restricts NFS services to clients from privileged ports
VALUES
Allowed Values
Minimum:
0
Maximum: 1
Default: 0
DESCRIPTION
The nfs_portmon tunable enhances security checking on the NFS server. When set to
1,itprevents
malicious users from gaining access to files exported by the NFS server. It checks whether the source
port from which a request was sent is a privileged port. The range of privileged ports is
512 to 1023.
Checking for privileged ports prevents users from writing their own RPC-based applications to defeat the
access checking used by the NFS client.
EXAMPLES
To set the variable, execute the following command on the target system:
kctune nfs_portmon=1
To unset the variable, execute the following command on the target system:
kctune nfs_portmon=0
WARNINGS
The privileged port notion is not universally supported. In addition, not all NFS client implementations
bind their transport endpoints to a port number in the reserved range. Therefore, interoperability prob-
lems may result if the tunable is set to 1.
AUTHOR
nfs_portmon was developed by Sun Microsystems.
SEE ALSO
nfsd(1M).
Section 5−−232 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: September 2004