| 1 |
Uwe Thiem wrote: |
| 2 |
> On Monday 28 April 2008, Albert Hopkins wrote: |
| 3 |
>> On Mon, 2008-04-28 at 12:03 -0500, Chris Frederick wrote: |
| 4 |
>>> Hi all, |
| 5 |
>>> |
| 6 |
>>> I'm trying to set up the portage directory to be hosted over nfs. |
| 7 |
>>> Everything is working great but I would like to increase the |
| 8 |
>>> security a |
| 9 |
>>> little. I was wondering if there's an easy way to restrict |
| 10 |
>>> 'emerge --sync' to only work on the server, while still letting |
| 11 |
>>> all the nfs client machines download sources and emerge packages. |
| 12 |
>> Have clients only mount portage read-only and put distfiles in |
| 13 |
>> another fs and make it read-write. |
| 14 |
> |
| 15 |
> Yes, this should work. I have got just one question: How does |
| 16 |
> disabling "emerge --sync" from NFS clients improve security? |
| 17 |
> |
| 18 |
> Uwe |
| 19 |
> |
| 20 |
|
| 21 |
I have a number of overlay ebuilds that I need in place that override |
| 22 |
specific versions of packages, and I don't want various users to 'emerge |
| 23 |
--sync' too often and break things by installing a non-patched package |
| 24 |
that has an old overlay. This way I can also keep all the clients at |
| 25 |
the same revs of everything and avoid various bugs with things like |
| 26 |
pam/vmware/kernels/graphics drivers/etc... Plus there's the whole |
| 27 |
bandwidth saving issue. |
| 28 |
|
| 29 |
The biggest reason is so someone doesn't get a newer pam_usb or pam_ldap |
| 30 |
than the overlay versions and then can't login anymore. |
| 31 |
|
| 32 |
Chris Frederick |
| 33 |
-- |
| 34 |
gentoo-user@l.g.o mailing list |
Archives