On Thu, Mar 11, 2004 at 11:50:18AM -0500, Steven Bonneville wrote: > Tom Mitchell <mitch48@xxxxxxxxx> wrote: > > > I might trust my dhcp server to give me an IP address but do I also > > want it to set the time of day. Then what else do I trust it to do? > > How do I manage the list of things that dhcp might update? > > > > For example if I have a well crafted /etc/ntp.conf file will that file > > be lost if I move to a different DHCP served net. > > I don't have FC2t1 handy at the moment, but on RHEL 3 I believe that you can > set the following options in /etc/sysconfig/network-scripts/ifcfg-* files: > > PEERDNS=no (/etc/resolv.conf) > PEERNTP=no (/etc/ntp.conf, /etc/ntp/step-tickers) > PEERNIS=no (/etc/yp.conf) > > If set to no, then those files won't get modified even if appropriate > DHCP options are sent. See /sbin/dhclient-script for details. I missed the PEER*=no flags when I first glanced at the script. This looks like the the correct place to manage the long list of DHCP-able config items. This permits a default "policy" configuration for the expected common situation of a responsible ISP or IT department. Individual DHCP decisions can be made and set without the complexity of editing policy. -- Cool -- My concern was the cyber cafe or hotel that a traveling businessman encounters. There have already been rumors of bad boys snooping bits and doing naughty things in the cyber cafes. DHCP smelled like a potential problem where time of day, DNS, SMTP and a list of other "important" administrative decisions could be silently co-opted. Since all these issues exist regardless of SELinux the common and correct place do address this is via /sbin/dhclient-scrip and the associated config tools. -- Excellent -- -- T o m M i t c h e l l /dev/null the ultimate in secure storage.
