On Fri, Jan 16, 2009 at 1:41 AM, Scott Rohling <[email protected]> wrote:
> That works too - but the down side is little individual PROFILE execs with > duplicated logic across them. I know disk space is cheap -- but I look at > every individual, unique EXEC as something that must be maintained and > worried about... So I tend to lean towards control files and common code > that uses those files. Again: <shrug> ;-) The downside of this flexibility is that you don't enforce or control it. Typically, when the virtual machine can issue the relevant commands during the PROFILE EXEC, it will also be able to issue a lot of other commands that you do not need (mistakes, misconduct, or maybe a compromised root account). If you want to be able to define the VDISK out of the PROFILE EXEC, you must set the USRLIM high enough to allow the largest requirement. That would allow any Linux server to acquire that amount; something you may not be prepared for. When the VDISK is defined by an MDISK statement in the directory, it bypasses that check and you can enforce a per-user maximum. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
