Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, I'm using tripwire to secure some servers (RHEL 4) and it's asked me to add a parameter to deny anonymous access, which is fair enough. However I can't find ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539

    NFS /etc/exportfs Anonymous Users


    Hi,

    I'm using tripwire to secure some servers (RHEL 4) and it's asked me to add a parameter to deny anonymous access, which is fair enough.

    However I can't find any documentation regarding the value they're recommending (and I don't trust what tripwire suggests as fixes all the time!).

    /exported/directory <host>(rw,sync,anonuid=-1)

    anonuid, no problem. According to man exports:
    Code:
    anonuid and anongid
                  These options explicitly set the uid and gid of the anonymous account.  This option is primarily useful for PC/NFS clients, where you  might
                  want  all  requests  appear  to be from one user. As an example, consider the export entry for /home/joe in the example section below, which
                  maps all requests to uid 150 (which is supposedly that of user joe).
    No reference to the -1 value to deny anonymous/unknown users. I did find a refernce to a parameter anon=-1 for SunOS though.

    Anyone actually know if -1 is a valid value for anonuid on Red Hat Linux?
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  2. #2
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    664
    The normal default value is 65534 for both anonuid and anongid.

  3. #3
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    Hi alf55,

    I don't understand your point, 65534 is a valid uid/gid so how is that going to deny anonymous access?
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jul 2010
    Posts
    1
    I was actually wondering the same thing... I've seen only one other site that's indicated it to be a lockout value, but nothing official. Hopefully someone can shed more light on this than I can.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •