Managing NFS and NIS, 2nd Edition - Mike Eisler [145]
* * *
Warning
There is no mechanism for removing the PROM security without supplying the PROM password. If you forget the PROM password after installing it, there is no software method for recovery, and you'll have to rely on Sun's customer service organization to recover!
* * *
The secure nets file
If the file /var/yp/securenets is present, then ypserv and ypxfrd will respond only to requests from hosts listed in the file. Hosts can be listed individually by IP address or by a combination of network mask and network. Consult your system's manual pages for details.
The point of this feature is to keep your NIS domain secure from access outside the domain. The more information an attacker knows about your domain, the more effective he or she can be at engineering an attack. The securenets file makes it harder to gather information.
Because ypserv and ypxfrd only read the securenets file at startup time, in order for changes to take effect, you must restart NIS services via:
# /usr/lib/netsvc/yp/ypstop
# /usr/lib/netsvc/yp/ypstart
Unknown password entries
If a user's UID changes while he or she is logged in, many utilities break in esoteric ways. Simple editing mistakes, such as deleting a digit in the UID field of the password file and then distributing the "broken" map file, are the most common source of this problem. Another error that causes a UID mismatch is the replacement of an NIS password file entry with a local password file entry where the two UIDs are not identical. The next time the password file is searched by UID, the user's password file entry will not be found if it no longer contains the correct UID. Similarly, a search by username may turn up a UID that is different than the real or effective user ID of the process performing the search.
The whoami command replies with "no login associated with uid" if the effective UID of its process cannot be found in the password file. Other utilities that check the validity of UIDs are rcp, rlogin, and rsh, all of which generate "can not find password entry for user id" messages if the user's UID cannot be found in the password map. These messages appear on the terminal or window in which the command was typed.
* * *
[2] An su-like utility is contained in Unix System Administration Handbook, by Evi Nemeth, Scott Seebass, and Garth Snyder (Prentice-Hall, 1990).
NFS security
Filesystem security has two aspects: controlling access to and operations on files, and limiting exposure of the contents of the files. Controlling access to remote files involves mapping Unix file operation semantics into the NFS system, so that certain operations are disallowed if the remote user fails to provide the proper credentials. To avoid giving superuser permissions across the network, additional constraints are put in place for access to files by root. Even more stringent NFS security requires proving that the Unix-style credentials contained in each NFS request are valid; that is, the server must know that the NFS client's request was made by a valid user and not an imposter on the network.
Limiting disclosure of data in a file is more difficult, as it usually involves encrypting the contents of the file. The client application may choose to enforce its own data encryption and store the file on the server in encrypted form. In this case, the client's NFS requests going over the network contain blocks of encrypted data. However, if the file is stored and used in clear text form, NFS requests to read or write the file will contain clear text as well. Sending parts of files over a network is subject to some data exposure concerns. In general, if security would be compromised by any part of a file being disclosed, then either the file should not be placed on an NFS-mounted filesystem, or you should use a security mechanism for RPC that encrypts NFS