Date: Thu, 04 Jan 2001 13:33:57 -0800 From: Doug Barton <DougB@gorean.org> To: cjclark@alum.mit.edu Cc: Daniel Leal <dleal@webvolution.net>, freebsd-questions@FreeBSD.ORG Subject: Re: nfs Message-ID: <3A54EC45.B5512E9D@gorean.org> References: <00122821175400.00794@farrusco.brabos.org> <3A5423DC.20C2812C@gorean.org> <20010103233110.I95729@rfx-64-6-211-149.users.reflexco>
next in thread | previous in thread | raw e-mail | index | archive | help
"Crist J. Clark" wrote: > > On Wed, Jan 03, 2001 at 11:18:52PM -0800, Doug Barton wrote: > > Daniel Leal wrote: > > > > > > Hi everyone ! > > > > > > I have two machines running FreeBSD 4.2 stable. The machines are "ethernet > > > connected". Because the hardisk of the second machine is not very large, I wish > > > to mount the /usr/ports, /usr/src and /home from my first machine. > > > > Very reasonable idea. > > > > > But I am not > > > understanding very well how can I tell it to /etc/exports. My problem is that > > > /usr/ports should be mounted read-only with root mapped to nobody (I think), > > > > Why? If you don't really need it to be read only, there is no reason > > for it to be. Additionally, you really want /usr/ports mounted r/w, > > unless you never plan to build ports from the machine that has it > > mounted. > > I guess being a security guy instills some paranoia. I look at this > from just the opposite point of view. There is no reason to mount it > read-write, so mount it read-only. I mentioned explicitly the "test" for whether to mount it read/write or not. He also wants to mount /usr/src and /usr/obj (with the implication that he's going to do some 'make installworld's) so he can't have them read only anyway. (Yes, it would be nice if read only installworld worked, but it is broken more often than it's fixed.) I am extremely security conscious, however that type of paranoia is on a sliding scale with convenience, and for this user's little home network there is no reason to set unnecessary hurdles up, especially for a new user. > > > but /usr/ports/distfiles should be mounted read-write (isn't it ?). And > > > /usr/src should stay read-only. > > > > See above, there is no real reason to do this. > > I wanted to point out that if /usr/ports, /usr/ports/distfiles, and > /usr/src all live on one filesystem, there is no way for each of those > file trees to be exported with different properties to the same > host. They all need to be the same. Yes, this is one of the reasons that I suggested he simply export /usr. Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A54EC45.B5512E9D>