Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!ncar!gatech!prism!gt1111a From: gt1111a@prism.gatech.EDU (Vincent Fox) Newsgroups: comp.admin.policy Subject: Re: Policies concerning root privs Message-ID: <30724@hydra.gatech.EDU> Date: 6 Jun 91 04:55:37 GMT References: <30593@hydra.gatech.EDU> <24@tdatirv.UUCP> Organization: Georgia Institute of Technology Lines: 46 sarima@tdatirv.UUCP (Stanley Friesen) writes: >In article <30593@hydra.gatech.EDU> gt1111a@prism.gatech.EDU (Vincent Fox) writes: >>The new automount facilities kill the problem of needing root to do mounts. >>And other programs COULD be setuid'ed as needed. >Only if what I need mounted is in the automount lists. >On several occasions I have needed to mount a file system that was *not* >in any of the officially maintained automount lists. What I do is have a entry in my NIS map for /net with keyword hosts. What this says is that any reference to /net/hostname/dir is an attempt to mount and access directory dir from hostname. If the remote host has it's /etc/exports files set to allow your machine access, I don't see any real danger here. I sometimes leave an optical in the NeXT with X and GNU source code, exported to all the world. Then if I'm somewhere I need to get it, I just do cd /net/cadnext2/storage. In short I maintain a list for /home controlled only by me. But /net is free-form. >Would you consider arranging to mount a file system to be another SA service >like installing a software package? In a sense. Before automount, and when the villagers had root, they tended to mount all kinds of things the permanent way in fstab. Then when any one of these many remote machines went splat, so did theirs. Since automounts disengage after 5 minutes of non-use, if that remote machine goes down in the middle of the night and it's not mounted to you, when you come in next morning your station won't be hung. It may stall a minute or so before timing out when you type cd /net/fred/wilma, but it won't hang. The remote machine can still screw you by going down while you are still mounted off it, but let's be honest, even home directories for most machines in a distributed lab environment aren't continuously active very much of the 24 hours in a day. Automount makes things more fault-tolerant, let's say. In other words, static mounts I use as little as possible and don't let anyone else have root to do them. But automount lets them do their thing without me now. I prefer to stay in my castle but placate the villagers with a tax cut and a color TV :-) -- Vincent Fox (That's Mr. Bucko to you)|Georgia Tech, the only place where Friday Georgia Tech, Atlanta GA |is only two working days away from Monday. SR-71: gt1111a@prism.gatech.edu | -- Uttered by David Sonnier during Pony Express:...!gatech!prism!gt1111a| CS3602 lab 5/10/1991 ~ 1730 EDT