nfs_portmon(5)                                               nfs_portmon(5)
                          Tunable Kernel Parameters



 NAME    [Toc]    [Back]
      nfs_portmon - restricts NFS services to clients from privileged ports

 VALUES    [Toc]    [Back]
    Allowed Values
      Minimum: 0

      Maximum: 1

      Default: 0

 DESCRIPTION    [Toc]    [Back]
      The nfs_portmon tunable enhances security checking on the NFS server.
      When set to 1, it prevents malicious users from gaining access to
      files exported by the NFS server.  It checks whether the source port
      from which a request was sent is a privileged port.  The range of
      privileged ports is 512 to 1023.  Checking for privileged ports
      prevents users from writing their own RPC-based applications to defeat
      the access checking used by the NFS client.

 EXAMPLES    [Toc]    [Back]
      To set the variable, execute the following command on the target
      system:

           kctune nfs_portmon=1

      To unset the variable, execute the following command on the target
      system:

           kctune nfs_portmon=0

 WARNINGS    [Toc]    [Back]
      The privileged port notion is not universally supported.  In addition,
      not all NFS client implementations bind their transport endpoints to a
      port number in the reserved range.  Therefore, interoperability
      problems may result if the tunable is set to 1.

 AUTHOR    [Toc]    [Back]
      nfs_portmon was developed by Sun Microsystems.

 SEE ALSO    [Toc]    [Back]
      nfsd(1M).


 Hewlett-Packard Company            - 1 -      HP-UX 11i Version 2: Sep 2004