Uwe Thiem wrote:
On Monday 28 April 2008, Albert Hopkins wrote:
On Mon, 2008-04-28 at 12:03 -0500, Chris Frederick wrote:
Hi all,
I'm trying to set up the portage directory to be hosted over nfs.
Everything is working great but I would like to increase the
security a
little. I was wondering if there's an easy way to restrict
'emerge --sync' to only work on the server, while still letting
all the nfs client machines download sources and emerge packages.
Have clients only mount portage read-only and put distfiles in
another fs and make it read-write.
Yes, this should work. I have got just one question: How does
disabling "emerge --sync" from NFS clients improve security?
Uwe
I have a number of overlay ebuilds that I need in place that override
specific versions of packages, and I don't want various users to 'emerge
--sync' too often and break things by installing a non-patched package
that has an old overlay. This way I can also keep all the clients at
the same revs of everything and avoid various bugs with things like
pam/vmware/kernels/graphics drivers/etc... Plus there's the whole
bandwidth saving issue.
The biggest reason is so someone doesn't get a newer pam_usb or pam_ldap
than the overlay versions and then can't login anymore.
Chris Frederick
--
[email protected] mailing list
