NAME
nfs_portmon — restricts NFS services to clients from privileged ports
VALUES
Allowed Values
Minimum: 0
Maximum: 1
Default: 0
DESCRIPTION
The
nfs_portmon
tunable enhances security checking on the NFS server.
When set to
1,
it prevents malicious users from gaining access to files exported by
the NFS server.
It checks whether the source port from which a request was sent is a
privileged port.
The range of privileged ports is
512
to
1023.
Checking for privileged ports prevents users from writing their
own RPC-based applications to defeat the access checking
used by the NFS client.
EXAMPLES
To set the variable, execute the following command on the target system:
To unset the variable, execute the following command on the target system:
WARNINGS
The privileged port notion is not universally supported.
In addition, not all NFS client implementations bind their
transport endpoints to a port number in the reserved range.
Therefore, interoperability problems may result if the tunable is set to
1.
AUTHOR
nfs_portmon
was developed by Sun Microsystems.