Skip to content

Weak NFS Export Permissions

Table of Contents

Option 1: Disable the NFS Service

Debian/Ubuntu- From within a terminal:

sudo service nfs-kernel-server stop
sudo apt-get --purge remove nfs-kernel-server nfs-common portmap

CentOS 6/RHEL 6- From within a terminal:

chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig portmap off
chkconfig nfs off
yum remove portmap nfs-utils

CentOS 7+/RHEL 7+- From within a terminal:

systemctl disable nfs-lock
systemctl stop nfs
systemctl disable nfs
yum remove nfs-utils portmap

Option 2: Restrict Access to the NFS service

Different systems allow restriction of which clients can connect to the NFS service. - On Linux systems, the /etc/exports file can be configured to whitelist clients that access the NFS service:

[root@server ~]# cat /etc/exports/root/nfs
192.168.0.100(rw,async)

NOTE: On other systems, the solution may be to implement firewall rules to disallow access to the service from untrusted clients.