Subject: Re: exports nfs fstab mountd yadda yadda yadda
To: Greywolf <firstname.lastname@example.org>
From: Michael Richardson <email@example.com>
Date: 02/15/2000 20:29:05
>>>>> "Greywolf" == Greywolf <firstname.lastname@example.org> writes:
Greywolf> It just seems patently *absurd* that I should have to EXPLICITLY export
Greywolf> the parent of the directory I wish to export _as well as_ the directory
Greywolf> itself, with an -alldirs option! Say I don't WANT /var/spool/mqueue
Greywolf> exported, especially with -maproot=0. I sure don't want /var/mail
Greywolf> exported with -maproot=0, but I need /usr/share to be shared as such since
Greywolf> I may wish to build new sendmail.cf files and the like, and I may need
Greywolf> to do that from the client.
The way that NFS works is that if you have exported any directory in the
file system, then from a security point of view, you have exported all of them.
NFS is too closely mapped on BSD systems to FFS to make it easy to change
this. NetBSD is making this security issue explicit. I'm not sure I agree,
but I can see the argument.
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] email@example.com http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [