NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Creating secure Linux shares
This week I purchased a ReadyNAS (firmware 6.9.3) for use in our university research group. We have several users on Windows, Mac and Linux. I enabled SMB and NFS. The Windows and Mac users are able to access the NAS "out of the box" - in their Network Locations (or similar) they can see the device and are then prompted for a username and password. Entering this then gives them access to their newly-created Home directory, as expected.
Following the official FAQ instructions, I first tried on Linux to mount to the NAS Home directory as follows:
sudo mount -t nfs <IP address>:/home/ /home/local/mount/point/
This worked, and I can see all the user folders inside Home, but I cannot access any of them (also as expected, since I never inputted a username or password).
I then created a Share through the Admin page in my browser, enabled it for NFS. Now my NAS hierarchy looks like:
/home /data/test
where "test" is the new NFS folder. If I mount this path, it works and I have full read-write privileges on my Linux machine. However, this seems very insecure, as it never asked for credentials and so anyone on my network could just access it. What is the "proper" way to access NAS using one of the defined users via Linux?
This works with my ReadyNAS
mount -t cifs -o username=<user>,password=<password> //<NAS-IP-Address>/<share name> /mnt
7 Replies
Replies have been turned off for this discussion
You can restrict access for NFS by I.P.
Another option would be to use SMB
Thanks for the response. I did figure out that I could restrict access via IP, but this isn't really what I want to do.
On Windows or Mac, the first time they enter user credentials, a directory is created for that user within the ReadyNAS /home/ directory. I would like to see similar behavior for Linux, but the SMB instructions in the Netgear FAQs are very outdated; they still ask to use code like:
mount -t smb ...
but smb has been deprecated for cifs for a long time, and the provided syntax for username and password doesn't work.
Are you able to show me how to use smb/cifs on a modern Linux system to get behavior similar to Windows/Mac with user-controlled access?
This works with my ReadyNAS
mount -t cifs -o username=<user>,password=<password> //<NAS-IP-Address>/<share name> /mnt
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
