On Wed, Sep 07, 2011 at 09:16:35AM +0100, Wayne Stallwood wrote:
Take your point about /home on a share. I must look up how to do this, do you know any guides?
It's very simple, firstly you need to have nfs-kernel-server installed on the server (this is the name in Debian/Ubuntu).
Then on the server edit the file /etc/exports, comments in the file show you what's needed, on my server called dps I have:-
/ 192.168.1.1/24(rw,no_root_squash,async,no_subtree_check)On the client just mount the nfs drive in /etc/fstab:-
dps:/ /dps nfs _netdev,autoObviously this mounts the *whole* of the / filesystem on dps so that clients can see it, in your case you'd replace / with /home.
Is it really wise to be using this as an example ?
Peter if you are going the NFS route DO NOT follow Chris's example or the data you are trying to secure will be even more open than if you had left the disk in the local workstation. Better to read some NFS howto's and see how to add the minimal security NFS can actually offer.
I don't *think* he means secure as in confidential, I think he means secure as in safely backed up. At least that is my reading of the original question.
As my example was (fairly obviously) from a LAN and the security is outside the LAN.
Actually if the data is that sensitive then I wouldn't use NFS period.
Look at mounting the volume with sshfs...it will be slower than the NFS mount but it at least has some security.
Chris...I think posting an example that exports to an entire subnet without clearly expressing this is the case, particularly when the original request stated that this was a request for help in securing data not making it more open is..perhaps...a little irresponsible :)
As I suggest above my understanding of the original request was for 'securing' in the sense of not losing data, not confidentiality. If I have misunderstood that then, yes, I quite agree.