Re: [zones-discuss] Re: Re: zonepath
F.V.(Phil)Porcella wrote: Hi Jeff, Question for you, what happens when someone wipes out a filesystem in a non-global zone? That depends on how the file system was configured into the zone, and also on what you mean by "wipe out." If the file system was mounted into a zone with "add fs" in zonecfg, then the most damage that the root user of the zone can do is delete the files. Direct device access is not possible, so it's not possible to damage the file system structure itself (unless there's a bug, of course, but I don't know of one). If the global zone admin gave a zone block or raw device access to a disk slice, then the zone's root user can destroy a file system that has been created on the slice. "What happens" is "the same thing that happens in a non-zoned system." Does that help? -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Re: Re: zonepath
Hi Jeff, you said >If you continue to use LDAP, and don't give zone-root passwords to >students, and use LOFS mounts, you should be OK. The CIS zone will have student users with root (or most likely sudo) access. That kind of access is needed for the classwork. We felt that a zone would be a much better solution to this than just letting them have root access on a stand-alone machine in our computer center. Considering that a typical networking class has a maximum of 35 students, I think I will just byte the bullet and make them home directories. If I am careful about UID GID I should still be able to still use LDAP (I think). Question for you, what happens when someone wipes out a filesystem in a non-global zone? Thanks again, Phil This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: Re: zonepath
F.V.(Phil)Porcella wrote: Last question for you all, (maybe it should get its own thread), I would like to incorporate the /export/home directories from the global zone, into the non-global zone. Why do you want to do that? Each zone has its own namespace. Unless you are using a network-based directory service, this means that each zone has separate user accounts. If the zones are sharing one /export/home, you must ensure that the user names and userID's are unique among the zones. If you are trying to get the zones to share the global zone's /export/home partition, it would be safer to create multiple directories in /export/home, one for each zone, e.g. /export/home/zone1, and then LOFS-mount that directory into the appropriate zone. -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: Re: zonepath
F.V.(Phil)Porcella wrote: Last question for you all, (maybe it should get its own thread), I would like to incorporate the /export/home directories from the global zone, into the non-global zone. What is the best way to do this? Seems like I have 3 choices: 1 add inherit-pkg-dir, set dir=/export/home, end 2 add fs,set dir=/export/home, set special=/export/home,set type=lofs,add options [rw,nodevices], end OR 3 nfs mount /export/home from the global zone, to the NGS (CIS2) later on. Is there any prefered method to do this? Also, the passwords for the accounts, is there a recomended way to deal with that on the NGZ? No. 3 is definitely out. You can't have an NGZ nfs-mount something from the GZ on the same box. Bug. No. 1 is out if you want users in your NGZ to be able to write into those home dirs. inherit-pkg-dir is read-only. CT ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Re: Re: zonepath
Hi Edna, Jeff, Jerry, Thank you for all the good input. I've decided to go ahead with a mounpoint at /zones Since this is a small test box (sbv120) and I have one slice to play with it seemd to be a good spot. Last question for you all, (maybe it should get its own thread), I would like to incorporate the /export/home directories from the global zone, into the non-global zone. What is the best way to do this? Seems like I have 3 choices: 1 add inherit-pkg-dir, set dir=/export/home, end 2 add fs,set dir=/export/home, set special=/export/home,set type=lofs,add options [rw,nodevices], end OR 3 nfs mount /export/home from the global zone, to the NGS (CIS2) later on. Is there any prefered method to do this? Also, the passwords for the accounts, is there a recomended way to deal with that on the NGZ? thanks again Phil This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
