Idea ID: 2767426

Remove all_squash NFS requirement to enhance security

Status : Waiting for Votes
over 1 year ago

The Micro Focus containerised solutions all require that the NFS exports be created with all_squash to 1999/1999.  This is an obvious security risk and, even though it is typically possible to lock down exports to a defined set of IP addresses, it is not ideal.

The squash requirement also makes it difficult to use many NAS solutions for NFS and many vendors do not support such options (NetAPP filer for example allows squashing of UID but not GID).

I would suggest that the pods be configured to use the correct user to access the NFS so that the squash requirement can be removed.

Marc

Tags: