Simo Sorce napsal(a): >> - NFS is automatically excluded by clients, so updatedb on clients >> does not walk the filesystem. >> - On the server: >> Add /srv/home to /etc/sysconfig/mlocate. If /srv/home is not a >> separate mount point, add LOCATE_PATH=:/srv/home/.mlocate/mlocate.db >> to the global environment. > I am deeply concerned about the security implications of this idea. > You are basically making it possible for everyone to get access to the > complete remote FS layout ??? No, only the layout of the specific NFS filesystem that can be mounted from the client. mlocate.db would be readable only by the slocate user, like the current /var/lib/mlocate/mlocate.db. Therefore, if a client can fake the UID and read the whole mlocate.db, it can fake the UID and traverse the whole NFS filesystem just the same. Mirek -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
