On Fri, 2007-05-04 at 09:18 -0500, Paul Krizak wrote: > There is a subdirectory (site-lib) that we have explicitly exported (and > properly locked down) that is read-write *as root* to the world. The > reasons that this directory structure were necessary is beyond the scope > of this e-mail. > > So with RHEL3 and RHEL4, this worked great. You could have both > /tool/site-config and /tool/site-lib mounted on a system and the correct > permissions would be set. > > But with RHEL5, if you mount /tool/site-lib *first*, then you get root > read/write permissions to /tool/site-config! And vice-versa, if you > mount /tool/site-config first, you *lose* root permissions on > /tool/site-lib!
Are you sure about this? If they are exported with permissions on the server, then nothing the client can do should be able to override that, RHEL5 and it's weird behavior or not. Sure, I can mount a ro export as rw on the client, but that doesn't mean it is rw, the server has to enforce those permissions. Now that doesn't mean that I think your points about this client behavior aren't valid, but I just don't see what you're saying here. If you're somehow saying that a RHEL5 system can somehow override server based restrictions then that is HUGE, but that would seem like it would have to be a bug in the NFS server as it has to be the server which enforces restrictions on exports. Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
