> And you want files in /etc/ to NOT be group writable as a matter
> of course.  You leave yourself open to easy compromise.  all I
> have to do is get on as a user who happens to be in group wheel
> on your machine and I can export whatever I want, however I want.
> That's bad.

Also remember that, since not all systems follow the rules, for NFS over UDP:
- If you export part of a filesystem you allow acces to all of it [1].
- If you allow one system access you give everone access.
- If you give one system write access you give everyone write access.

	David

[1] This is true for TCP as well, but is made harder if the inode
generation numbers have been randomised - see fsirand(8).

-- 
David Laight: david@l8s.co.uk