|
From: Eric H. <eha...@ma...> - 2001-08-11 03:45:44
|
On Fri, 10 Aug 2001, Jim McQuillan wrote: >Eric, > >Maybe I don't understand your comment about mounting ltsroot 'ro'. > >It is exported Read-only. >> I also would like to see ~ltsroot to be easily ro mounted. Since NFS >> delegates both authentication and authorization to the client, a prudent >> security policy would dictate that the export partition be mounted read >> only. Oh, I see my mistake... this should have read "a prudent security policy would dictate that the EXPORTED partition be mounted read only". The theory is that although the client decides who is "root", that has minimal impact if there is NO write access to the files on the server. It's Friday 9:00pm PST, I think I'll go do something other than think about esoteric security stuff ;-) -Eric |
