On Tue, 23 Apr 2002, David O'Brien wrote:

> On Tue, Apr 23, 2002 at 03:38:59AM -0700, Terry Lambert wrote:
> > > > the 'original' solution is to make /etc writable is to mount a MD, then copy
> > > > all
> > > > /conf/default/etc to it.
> > > 
> > > The very original "solution" was to mount NFS / RW.  The move to
> > > /conf/default/etc was someone's special needs leaking into the FreeBSD
> > > repository.  If you want to special case, things be my guest -- add an
> > > elif test; but leave RW NFS mounted / alone.
> > 
> > This isn't just about NFS... it's also about Fash devices, which
> > are only warranteed for a limited number of writes, which mounting
> > R/W would really eat into, and it's for read-only media, like in
> > the "ClosedBSD" and "PicoBSD" FreeBSD based firewalls, I think.
> As I said Terry, change the patch to not take away RW /.  Add an elif
> check, add a `readonly_root' rc.conf knob, etc...  But people should
> stop assuming everyone wants their special needs and local weirdness. 

So personally I do use the read/only version, since it improves the
scalability (and sanity) of the diskless environment by preventing leakage
from workstations onto the server except in specifically supported ways. 
That said, I'd prefer a simpler "default" setting.  A series of rc.conf
settings would make the most sense to me--

diskless_root_readonly="NO"             # Make it "YES" for readonly
diskless_etc_localmd="NO"               # Make it "YES" to have the
  # diskless environment md-mount and replicate /etc from /conf
diskless_var_localmd="NO"               # Make it "YES" to have the
  # diskless environment md-mount /var and populate it from skeleton files

This would provide full compatibility with the current model for those
that want it (and I think it's more people than you think) at the same
time as changing the system to provide easy support for the environment
you're looking for.  If the default settings are changing, it should be a
"5.0 feature" not a "4.x feature".

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED]      NAI Labs, Safeport Network Services

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to