Subject: Re: exports nfs fstab mountd yadda yadda yadda
To: Greywolf <greywolf@starwolf.com>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: current-users
Date: 02/15/2000 20:29:05
>>>>> "Greywolf" == Greywolf  <greywolf@starwolf.com> writes:
    Greywolf> It just seems patently *absurd* that I should have to EXPLICITLY export
    Greywolf> the parent of the directory I wish to export _as well as_ the directory
    Greywolf> itself, with an -alldirs option!  Say I don't WANT /var/spool/mqueue
    Greywolf> exported, especially with -maproot=0.  I sure don't want /var/mail
    Greywolf> exported with -maproot=0, but I need /usr/share to be shared as such since
    Greywolf> I may wish to build new sendmail.cf files and the like, and I may need
    Greywolf> to do that from the client.

  The way that NFS works is that if you have exported any directory in the
file system, then from a security point of view, you have exported all of them.
  NFS is too closely mapped on BSD systems to FFS to make it easy to change
this. NetBSD is making this security issue explicit. I'm not sure I agree,
but I can see the argument.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [