nfssrv:nfs_portmon

Description

Controls some security checking that the NFS server can do to attempt to enforce integrity on the part of its clients. It can check to see whether the source port from which a request was sent was a reserved port. This is a port whose number is less than 1024. For BSD based systems, these ports are reserved to processes being run by root. This checking can prevent users from writing their own RPC-based applications to defeat the access checking that the NFS client uses.

Data Type

Integer (32–bit)

Default

0 (checking disabled)

Range

0 (checking disabled), 1 (checking enabled)

Units

Boolean values

Dynamic?

Yes

Validation

None

When to Change

Use this parameter to prevent malicious users from gaining access to files by using the NFS server that they would not ordinarily have access to. However, the reserved port notion is not universally supported. Thus, the security aspects of the check are very weak. Also, not all NFS client implementations bind their transport endpoints to a port number in the reserved range, so interoperability problems might result if the checking is enabled.

Stability Level

Evolving