NFS /etc/exportfs Anonymous Users

[matonb]

Hi,

I'm using tripwire to secure some servers (RHEL 4) and it's asked me to add a parameter to deny anonymous access, which is fair enough.

However I can't find any documentation regarding the value they're recommending (and I don't trust what tripwire suggests as fixes all the time!).

/exported/directory <host>(rw,sync,anonuid=-1)

anonuid, no problem. According to man exports:

Code:

anonuid and anongid
              These options explicitly set the uid and gid of the anonymous account.  This option is primarily useful for PC/NFS clients, where you  might
              want  all  requests  appear  to be from one user. As an example, consider the export entry for /home/joe in the example section below, which
              maps all requests to uid 150 (which is supposedly that of user joe).

No reference to the -1 value to deny anonymous/unknown users. I did find a refernce to a parameter anon=-1 for SunOS though.

Anyone actually know if -1 is a valid value for anonuid on Red Hat Linux?

[alf55]

The normal default value is 65534 for both anonuid and anongid.

[matonb]

Hi alf55,

I don't understand your point, 65534 is a valid uid/gid so how is that going to deny anonymous access?

[NixTheLand]

I was actually wondering the same thing... I've seen only one other site that's indicated it to be a lockout value, but nothing official. Hopefully someone can shed more light on this than I can.