Hi, I would like to do a rpm for secure nfs (client and server) http://www.math.ualberta.ca/imaging/snfs/ Briefly nfs is tunneled into a ssh connection, by the mean of a forwarding of the rpc connections. In order to achieve that I have some questions. - A user (snfs) has to be created, under which uid the ssh connection will be done. Thus it should be sure that no other user has the same uid/gid, he should have a home directory, but not in /home (maybe in /var) and it shouldn't be possible to log in as that user, even if it is possible for that user to create ssh connections. Is there an easy way to do that and should it be done in the makefile or within the .spec file, and, in that case, is there some macros to ease that process ? - on the server side, the sysadmin should modify by hand the /etc/exports file - but on the client side, things are a bit more complicated, and I think it should be fine to have an automated setup. To achieve that, my proposal would be to put in /etc/sysconfig/snfs a line per host:/directory which should be secured. For example to secure the mount of fstab entries resembling to host1:/dir/to/mount /mountpoint nfs defaults 0 0 host1:/dir2/to/mount /mountpoint2 nfs defaults,rsize=8192 0 0 host2:/other/dir /other/mountpoint nfs defaults,rw 0 0 one should put in /etc/sysconfig/snfs host1:/dir/to/mount host1:/dir2/to/mount host2:/other/dir Then a init.d script should set up config files needed by snfs and start the servers forwarding the nfs connections. But it should also modify /etc/fstab such that the lines above are modified that way (with an additionnal mountprog=201000, nfsprog=200003 for host1 and mountprog=201001,nfsprog=200003 for host2): host1:/dir/to/mount /mountpoint nfs defaults,mountprog=201000,nfsprog=200003 0 0 host1:/dir2/to/mount /mountpoint2 nfs defaults,rsize=8192,mountprog=201000,nfsprog=200003 0 0 host2:/other/dir /other/mountpoint nfs defaults,rw,mountprog=201001,nfsprog=200003 0 0 Is it something standard to modify /etc/fstab in such an automated way (even if it is done just one time for each /etc/fstab entry) ? And should these modifications be reversed (and how ?) when the rpm is uninstalled ? Hope I am clear enough, and thanks for your interest. Pat
