Solve : Anonymous access is enabled?

1.	Solve : Anonymous access is enabled?
Answer» Hi... I have this ESM violation in UNIX Anonymous access is enabled The named NFS exported directory allows anonymous access. If the anon option is not present or if it is set to a value other than -1, anonymous access is allowed. You should set the value of the anon option to -1 to disable anonymous access. How to solve this ... Im just a beginner and just less knowledge in UNIX Thanks in advance First off: are you sure you need to use NFS? If not, just disable the service. Quote from: Rob Pomeroy on May 26, 2009, 04:43:11 AM First off: are you sure you need to use NFS? If not, just disable the service. Hi Rob, Yes, other users are using this device so I just can't disable the NFS ... I just can't figure out how to disable anonymous access Okay, well I'll prefix this with the disclaimer: I don't use and never have used NFS. But my understanding is this: NFS allows mappings between users on the client system and users on the server system to determine what access (if any) the client has. If on your Unixx system, files are owned by "Joe" and NFS maps this Joe to Joe on the client system, ANDY, say will not have access. That's simplified because I've not considered group ownership, but you get the point. Linux file systems have three sets of access permissions: the owner of the file, the group owner and everyone else. CHECK the file permissions on your Unix box. If you see something like "rwxr-x---" generally speaking anonymous access will not be enabled unless the anonymous (group) user for NFS is an owner of the file. I don't think I've explained that very well, but I've found a more detailed explanation here: http://www.troubleshooters.com/linux/nfs.htm. It relates to Linux, but the same principles will apply to your Unix system.If you try to access the filesystem over NFS from a server using the root account or from a WINDOWS system which has no concept of UIDS, then you will be anonymous. In order to circumvent this you can specify in your exports file that you anonymous should be mapped to a specific UID. For EXAMPLE if a user called Andy always uses a PCcalled windows5 then you could put in the exports file an entry that says anon from windows5 is the UID for Andy. This warning message is simply telling you that anon is not mapped to -1 and so, for example, anyone else using that PC could access Andy's files.

Answer»

Hi...

I have this ESM violation in UNIX

Anonymous access is enabled

The named NFS exported directory allows anonymous access. If the anon option is not present or if it is set to a value other than -1, anonymous access is allowed. You should set the value of the anon option to -1 to disable anonymous access.

How to solve this ... Im just a beginner and just less knowledge in UNIX

Thanks in advance First off: are you sure you need to use NFS? If not, just disable the service. Quote from: Rob Pomeroy on May 26, 2009, 04:43:11 AM

First off: are you sure you need to use NFS? If not, just disable the service.

Hi Rob,

Yes, other users are using this device so I just can't disable the NFS ... I just can't figure out how to disable anonymous access Okay, well I'll prefix this with the disclaimer: I don't use and never have used NFS. But my understanding is this: NFS allows mappings between users on the client system and users on the server system to determine what access (if any) the client has. If on your Unixx system, files are owned by "Joe" and NFS maps this Joe to Joe on the client system, ANDY, say will not have access.

That's simplified because I've not considered group ownership, but you get the point. Linux file systems have three sets of access permissions: the owner of the file, the group owner and everyone else. CHECK the file permissions on your Unix box. If you see something like "rwxr-x---" generally speaking anonymous access will not be enabled unless the anonymous (group) user for NFS is an owner of the file.

I don't think I've explained that very well, but I've found a more detailed explanation here: http://www.troubleshooters.com/linux/nfs.htm. It relates to Linux, but the same principles will apply to your Unix system.If you try to access the filesystem over NFS from a server using the root account or from a WINDOWS system which has no concept of UIDS, then you will be anonymous.

In order to circumvent this you can specify in your exports file that you anonymous should be mapped to a specific UID. For EXAMPLE if a user called Andy always uses a PCcalled windows5 then you could put in the exports file an entry that says anon from windows5 is the UID for Andy.

This warning message is simply telling you that anon is not mapped to -1 and so, for example, anyone else using that PC could access Andy's files.

Solve : Anonymous access is enabled?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment