Henri wrote:
Buchan Milne a �crit:
>Why, you're just duplicating everything. What motivation is there to >have to maintain two sets of software (including security updates etc)?
That is simple : - the risk to have something compromised on the NFS exported dir is decreased if the only thing you export is XFree and a set of 10 essential commands needed to boot the machine,
How so? The clients only have read-only access to everything AFAICR.
Ok, a simple example. I have a TX server + TX clients. someone unplug a TX and use his notebook instead, using his ip (fixed on the dhcp with mac adress).
As the NFS server does not verify if the IP was obtained from the dhcp server or not, the person can mount all the system from the TX server and, for example, see what is installed on it, who are the users...
If th NFS server exported only a small system, only person being able to LOG graphically onto the system could access the filesystem.
- if the NFS server is attacked, that won't be a big problem if it is chrooted. You can't chroot all your system hierarchy i think.
I don't see the relevance of this, if someone gets write access to the NFS server, that means they have local access as root on the server, in which case chrooting is of no value.
Unless I'm missing something.
You mean chrooted isn't useful ??! strange idea no ?
>The server can be used as a workstation with drakTerm. > >Anyway that's not the bigger pb. >What i would really like is drakTerm to be a complete remote X solution >: for the moment, it only provide one kind of the two ways to use remote >thin stations. > > >According to Stew, that is incorrect since about August last year.
I think that only tftp is chrooted, not the nfs server.
I was meaning two ways of diskless workstations, one thin (all apps run on the server), one thick (all apps run on the client, just loaded from the server). If this is not what you meant, please explain:
>What i would really like is drakTerm to be a complete remote X solution >: for the moment, it only provide one kind of the two ways to use remote >thin stations.
-- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
