fai-setup: (1) all_squash,anonuid=500,anongid=500 (2) exportfs -r

[Shaul Karl]

On Thu, Dec 23, 2004 at 12:43:44PM +0100, Thomas Lange wrote:
> >>>>> On Thu, 23 Dec 2004 01:02:28 +0200, Shaul Karl <shaulk at 013.net> said:
> 
>     >   Just wondering why not having fai-setup
>     > (1) use all_squash,anonuid=500,anongid=500, or some other uid and gid
>     >     both for $FAI_CONFIGDIR and $NFSROOT when exporting those
>     >     directories.
> Please explain in more detail why this makes sense.


  It restricts the possible misuse of fai slightly more, doesn't it? I
intended to run fai on a machine that provides other services because:
1. I do not want to set a dedicated fai server. 
2. The usage I have for fai is sparse. I install only occasionally,
   with large gaps between installations. I would also like to use fai
   in case of a client disk breakage.
Having one more small assurance that the security holes I have to make
for fai are of limited consequences is desirable, as far as I am 
concern. For example, I might mistakenly connect the eth interface that
I set up for fai for other purposes. Therefore, having root_squash for
that interface will slightly improve my position on such an error. 


> 
>     > (2) use exportfs -r instead of guessing which nfs server is running and
>     >     restarting it.
> The command exportfs is only available if you are using the nfs-kernel-server.
> 


  I didn't knew that. Still, why not using that when nfs-kernel-server
is available instead of restarting the service?