From owner-freebsd-hackers  Wed Mar 25 09:44:44 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA21999
          for freebsd-hackers-outgoing; Wed, 25 Mar 1998 09:44:44 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from newserv.urc.ac.ru (newserv.urc.ac.ru [193.233.85.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA21902
          for <freebsd-hackers@freebsd.org>; Wed, 25 Mar 1998 09:44:18 -0800 (PST)
          (envelope-from joy@urc.ac.ru)
Received: from localhost.urc.ac.ru (y.RNOC-dialup.urc.ac.ru [193.233.85.127])
	by newserv.urc.ac.ru (8.8.8/8.8.8) with SMTP id WAA23266
	for <freebsd-hackers@freebsd.org>; Wed, 25 Mar 1998 22:43:21 +0500 (ES)
	(envelope-from joy@urc.ac.ru)
Date: Wed, 25 Mar 1998 22:42:51 +0500 (ES)
From: Konstantin Chuguev <joy@urc.ac.ru>
To: freebsd-hackers@FreeBSD.ORG
Subject: chflags on NFS
Message-ID: <Pine.BSF.3.96.980325222130.1866O-100000@localhost.urc.ac.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi all.

For security reasons I do not allow access to my build-server
(the one with cvsup-, current- and stable- source tree + /usr/obj) by
NFS. Instead, I mount (/,/usr,/var)-triples from other servers and
routers, and install fresh STABLEs to NFS-servers.

I decided to do so after I had discovered that read-only access to the
source tree is not enough to install the distribution.

As all goes through 100Mb full-duplex, it is not significantly slower
than install-from-NFS-server mode.

The only problem is I cannot chflags [no]schg through NFS :-(
So I have to know all the files with immutable flag set in the
distribution. It was easy to do:
find . -name Makefile | grep schg
	and
find . -name Makefile | grep PRECIOUSLIB

+ a bit of wildcarding work.

But I'd like to do all that automatically.

If you don't find that security reason serious, there is another
example:

My build-server and FTP-server are different machines, and now
I'm making 2.2.6-RELEASE. The same problem :-)

--
	Konstantin V. Chuguev.		System administrator of
					Ural Regional Center of FREEnet,
	Joy@urc.ac.ru			Chelyabinsk, Russia.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message