LinkBack URL
About LinkBacksI agree, thus I said its "not 100% robust but if you trust IP address....". A dedicated network/VLAN for NFS traffic will help slightly. I'm sure this is more than enough security for most environments.Originally Posted by cookie_monster
I agree, thus I said its "not 100% robust but if you trust IP address....". A dedicated network/VLAN for NFS traffic will help slightly. I'm sure this is more than enough security for most environments.
Ok, I just like to have a full understanding of the security implications of any setup I have running.
Thanks.
I thought this was possible too, and at the end of the day this is no worse than the security you have on a Windows server share. However, my question then is what permissions need to be set to allow an ESX host to access an NFS share? In other words, which account do I need to grant access to, is it something like root@esxhost.local, and if so how does the S7000 validate that account?
Does the NFS Exceptions security just work along the same principles as iSCSI initiator security, in that you allow/deny certain hosts (in this case hostnames rather than initiator names)?
Cheers,
Chris
ESX mount NFS volumes as the "root" user (UID 0). It term's of NFS "root" is automatically demoted to user "nobody" for security reasons.
So on the S7000 you can do two things
1) Create a share with access control of "nobody" and "other"2) Under NFS Exceptions select "ROOT ACCESS" check box for specific host
Andy
Last edited by apaton; 29th July 2009 at 06:04 PM. Reason: spelling mistake
Duke (30th July 2009)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
