|
From: Eric H. <eha...@ma...> - 2001-08-11 03:07:01
|
On Fri, 10 Aug 2001, Markus Gutschke wrote: >If all of the files are read-only (it should be possible to mount "/usr" >read-only, although most distribution don't quite achieve that goal), >then I think they should go into "/usr/lib/ltsp" or possibly >"/usr/share/diskless" (if the files make sense for projects other than >just LTSP or for multiple versions that are supported in parallel). Currently the LTSP exports /tftpboot/lts/ltsroot with the "no_root_squash" parameter. NFS exports make me nervous, especially with no_root_squash. I also would like to see ~ltsroot to be easily ro mounted. Since NFS delegates both authentication and authorization to the client, a prudent security policy would dictate that the export partition be mounted read only. >Executables should go into "/usr/bin" (or "/usr/sbin" if there is no >conceivable reason why normal users would call the program), but they >might just be links or small wrappers referencing files in >"/usr/lib/ltsp". All configuration files should go into "/etc/ltsp" >(although it is OK to have symbolic links from other places that >reference these files, if that is necessary for technical reasons). Symbolic links are relative to the system's root. Root on the server is /. Currently root on the clients is the server's /tftpboot/lts/ltsroot/ directory. Thus a link to the server's /usr/bin placed somewhere in /tftpboot/lts/ltsroot/ would be a broken link to the client who had mounted /tftpboot/lts/ltsroot/ as its root. Hopefully that makes sense ;-) You could hard link specific executables, but that seems like a dangerous thing to do on a no_root_squash exported directory. Such a hard link config would also be difficult to package. >All files that can be written to during the normal course of operation >and that are not just configuration files, should go into >"/var/lib/ltsp" or possibly "/var/diskless" (the precedence would be web >servers putting the entire site into "/var/www"). See above. >If the project is also made available in a form that does not integrate >with the system's package management system (e.g. as a tar ball instead >of an RPM or DEB package), then it should default to "/usr/local/lib" in >preference over "/usr/lib". Two opinions on this one: 1) /usr/local does not seem to make sense, since the files in question are not local to the server - they are local to the client. 2) consistency is nice. I'd like to see the .tgz, .deb, & .rpm all have the same root. -Eric |
