Buyer Beware: A Major Change in NFS is about to happen
Steve Dickson
SteveD at redhat.com
Wed Sep 30 14:13:04 UTC 2009
On 09/30/2009 09:59 AM, Gregory Maxwell wrote:
> On Tue, Sep 29, 2009 at 9:42 PM, Chris Adams <cmadams at hiwaay.net> wrote:
>> Once upon a time, Steve Dickson <SteveD at redhat.com> said:
>>> On the server (Which is suggested):
>>> * Add the following entry to the /etc/exports file:
>>> / *(ro,fsid=0) Note: 'fsid=0' is explained in the exports(5) man pages.
>>
>> The "suggested solution" is to change your NFS servers (that work just
>> fine with other clients today) to export the root filesystem to
>> everybody?
>
> Yea— It would be ill-advised to actually recommend this to people.
> Someone might actually listen and be rather unhappy that your
> suggestion undermined their security assumptions. (Okay, you can say
> someone who doesn't understand what that line does shouldn't be adding
> it to their exports; but people will)
Unfortunately that's the only answer I have...
>
> If this change in default behavior doesn't go in to F12 does the
> correct handling of the pseudo-root go in? For all the arguments
> against accepting the behavior change at a late date, accepting the
> server fixes seems far less scary and getting them in ASAP will make
> the behavior change less disruptive in the future.
That server change went in in July which means F-12 servers will
handle pseudo roots correctly. That change is not in question....
The change in question is fact the mount command now asks for v4 mounts
first and then v3 mounts. Which is configurable via the /etc/nfsmount.conf
file... Meaning setting the vers=3 variable would change the default protocol
version back to v3.
steved.
More information about the fedora-devel-list
mailing list