civileme wrote:
> >
> > Well, if this is true under linux, its new (less than 2 years old, which
> > I suppose is not so new, eh?)
> >
> > I know that's how Solaris works, but linux treats, e.g. '/', as one big
> > filesystem WHEN VIEWED UNDER NFS, at least (as I say) a few
> > years ago (last time I tried it in other words).
> >
> > I'll have to go try it again and report back here...
> >
> > (And I'm not sure I understand why its a security issue)
The idea is simple. If I exported the ENTIRE filesystem, then I could
subvert the sysadmin's security by sharing those shares that may have
been limited to my machine. Also, ever shared a CD-ROM? try and eject
it while it's shared sometime. You'll notice the same issue with most
any OS including Win32 platforms (you can't share a share, or at least
you aren't supposed to.)
> >
> > rc
> >
> >
>
> It's a package issue. Linux has nfs (really slow) and knfs (quite snappy
> since it is _part_ of the kernel). We use knfs which is under heavy
> development, and one of its issues is that it will not navigate mount points
> through remote /etc/fstab. Another is that Reiserfs development folks aren't
> putting out patches for knfs as readily as for nfs; hence, reiserfs is easily
> broken when used as a remote mount and a high load write is sent.
>
I also use knfs, which combined with the books and documentation at my
disposal
indicate a limit to NFS at physical boundaries (maybe they're outdated
and I
haven't pushed hard enough on my NFS server.) Also, I believe that the
default
version of NFS installed on both RH and MDK is knfs.
Woody ([EMAIL PROTECTED])
---------------------------------------------------------------
Gatewood Green Web Developer
http://www.linux.org/ The first stop for Linux info on the Net
Email: [EMAIL PROTECTED]
---------------------------------------------------------------
All opinions expressed by me are my own and not necessarily
endorsed by Linux Online, Inc. or Linux Headquarters, Inc.
