On 10/27/2009 05:06 PM, Jason L Tibbitts III wrote: >>>>>> "SD" == Steve Dickson <SteveD@xxxxxxxxxx> writes: > > SD> On the server (Which is suggested): Add the following entry to the > SD> /etc/exports file: > > SD> / *(ro,fsid=0) > > SD> Note: 'fsid=0' is explained in the exports(5) man pages. > > Could someone comment on any potential security issues that exporting > the root in this way exposes? Unfortunately this entry will expose your entire root in a read-only fashion... > If all of my exported filesystems happen to live under /export, can I > export that directory instead of '/' and have things work properly? Only by adding the above export entry would you be able to mount /export. But since all your exports are under /export you might want to consider making '/export' your pseudo root by doing something like: /export *(ro,fsid=0) /export/home *(rw) Then the clients could do a 'mount /home' which would mount the /export/home directory on the server... Plus if the client dose a mount / the only directory they could 'see' would be 'home' > If, for whatever reason, I need to export a file system that doesn't > live in /export, would I still be able to mount it? With the '/ *(ro,fsid=0)' entry, Yes, you would be able to mount other exported directories.. With the '/export *(ro,fsid=0)' entry, No, the client will only see directories under '/export'. The rest of the filesystem would not be seen... I hope this helps... steved. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
