On 10/27/2009 05:06 PM, Jason L Tibbitts III wrote:
>>>>> "SD" == Steve Dickson
<SteveD(a)redhat.com> writes:
SD> On the server (Which is suggested): Add the following entry to the
SD> /etc/exports file:
SD> / *(ro,fsid=0)
SD> Note: 'fsid=0' is explained in the exports(5) man pages.
Could someone comment on any potential security issues that exporting
the root in this way exposes?
Unfortunately this entry will expose your entire
root in a read-only
fashion...
If all of my exported filesystems happen to live under /export, can I
export that directory instead of '/' and have things work properly?
Only
by adding the above export entry would you be able to mount /export.
But since all your exports are under /export you might want to consider
making '/export' your pseudo root by doing something like:
/export *(ro,fsid=0)
/export/home *(rw)
Then the clients could do a 'mount /home' which would mount the
/export/home directory on the server... Plus if the client dose
a mount / the only directory they could 'see' would be 'home'
If, for whatever reason, I need to export a file system that
doesn't
live in /export, would I still be able to mount it?
With the '/
*(ro,fsid=0)' entry, Yes, you would be able to mount other
exported directories..
With the '/export *(ro,fsid=0)' entry, No, the client will only see
directories under '/export'. The rest of the filesystem would not be
seen...
I hope this helps...
steved.