1 |
Uwe Thiem wrote: |
2 |
> On Monday 28 April 2008, Albert Hopkins wrote: |
3 |
>> On Mon, 2008-04-28 at 12:03 -0500, Chris Frederick wrote: |
4 |
>>> Hi all, |
5 |
>>> |
6 |
>>> I'm trying to set up the portage directory to be hosted over nfs. |
7 |
>>> Everything is working great but I would like to increase the |
8 |
>>> security a |
9 |
>>> little. I was wondering if there's an easy way to restrict |
10 |
>>> 'emerge --sync' to only work on the server, while still letting |
11 |
>>> all the nfs client machines download sources and emerge packages. |
12 |
>> Have clients only mount portage read-only and put distfiles in |
13 |
>> another fs and make it read-write. |
14 |
> |
15 |
> Yes, this should work. I have got just one question: How does |
16 |
> disabling "emerge --sync" from NFS clients improve security? |
17 |
> |
18 |
> Uwe |
19 |
> |
20 |
|
21 |
I have a number of overlay ebuilds that I need in place that override |
22 |
specific versions of packages, and I don't want various users to 'emerge |
23 |
--sync' too often and break things by installing a non-patched package |
24 |
that has an old overlay. This way I can also keep all the clients at |
25 |
the same revs of everything and avoid various bugs with things like |
26 |
pam/vmware/kernels/graphics drivers/etc... Plus there's the whole |
27 |
bandwidth saving issue. |
28 |
|
29 |
The biggest reason is so someone doesn't get a newer pam_usb or pam_ldap |
30 |
than the overlay versions and then can't login anymore. |
31 |
|
32 |
Chris Frederick |
33 |
-- |
34 |
gentoo-user@l.g.o mailing list |