nfssrv:nfs_portmon
- Description
-
Controls some security checking that the NFS server attempts to do to enforce integrity on the part of its clients. The NFS server can check whether the source port from which a request was sent was a reserved port. A reserved port has a number less than 1024. For BSD-based systems, these ports are reserved for processes being run by root. This security checking can prevent users from writing their own RPC-based applications that defeat the access checking that the NFS client uses.
- Data Type
-
Integer (32-bit)
- Default
-
0 (security checking disabled)
- Range
-
0 (security checking disabled) or 1 (security checking enabled)
- Units
-
Boolean values
- Dynamic?
-
Yes
- Validation
-
None
- When to Change
-
Use this parameter to prevent malicious users from gaining access to files by using the NFS server that they would not ordinarily have access to. However, the reserved port notion is not universally supported. Thus, the security aspects of the check are very weak. Also, not all NFS client implementations bind their transport endpoints to a port number in the reserved range. Thus, interoperability problems might result if the security checking is enabled.
- Commitment Level
-
Unstable
- © 2010, Oracle Corporation and/or its affiliates