Max Lovius <[EMAIL PROTECTED]> skriver:
>Thanks for all the ideas and advice.
>
>Patrick J. LoPresti Wrote:
>> Harder. You need a way for the install.pl on the client machine to
>> indicate a state change back to the TFTP (or maybe DHCP) server.
>
>Brad Erdman Wrote:
>>This is what I do. It works very well, but as stated, there are security
>implications.
>>An additional step I take is to enforce quota's on the hard drive and
>give
>the install account a 1MB limit.
>>This makes it effectively useless for the unscrupulous person looking
>for a
>dump site.
>
>I thought about the different possibilities and it seems risky to give
>write
>access to a bunch of files in the pxe root, someone could write a config
>file and reinstall a computer you I don't want installing.
On the other hand someone could also reboot the computer and format the
harddisk from a floppy, etc. If the worst case that could happen is that
someone reinstalled a computer I'd be happy :)
Im thinking of using the same idea as Brad and I have modfied my share
on the samba server on only let the user write and delete files not read
them:
[pxe$]
path = /opt/bpbatch/tftpboot/pxelinux.cfg
writeable = yes
write list = userid
create mask = 0204
force create mode = 0204
preserve case = no
short preserve case = no
default case = upper
This with a:
chattr +i default
would protect the default configuration (which is boot from local)
------------------------
Another way would have the samba daemon create the file itself
when someone connects to the share: (untested)
[pxe$]
path = /opt/bpbatch/tftpboot/pxelinux.cfg
writeable = no
preexec = myscript.sh %I
myscript.sh would get the user IP %I and could create
the file in pxelinux.cfg.
This way you would probably need another way of removing
the file, perhaps another share which you only connect too?
Heck, I don't even know if this second idea of mine works :)
=====================================================
Janåke Rönnblom
SKERIA Utveckling AB (Teknous)
Assistentgatan 23
931 77 Skelleftea (Sweden)
-----------------------------------------------------
Phone : +46-910-58 54 24
Mobile : 070-397 07 43
Fax : +46-910-58 54 99
URL : http://skeria.skelleftea.se
-----------------------------------------------------
"Nemo enim fere saltat sobrius, nisi forte insanit"
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
unattended-info mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/unattended-info
