[1791] in NetBSD-Development
Re: NetBSD installation from sipb-nfs
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Sep 20 14:31:47 1998
To: mhpower@MIT.EDU
Cc: ghudson@MIT.EDU, rtfm-maintainers@MIT.EDU, netbsd-dev@MIT.EDU
In-Reply-To: Your message of "Sun, 20 Sep 1998 14:09:30 EDT."
<199809201809.AA20743@stan.mit.edu>
Date: Sun, 20 Sep 1998 14:31:31 EDT
From: Greg Hudson <ghudson@MIT.EDU>
Oops, I just realized that another 50MB is required for the install
volume. So it's more like 365MB. Hopefully that doesn't make a big
difference.
> Is it especially convenient to have file ownerships and permissions
> (e.g., the presence of setuid-root files) exactly the same in the
> NFS copy as in AFS?
I think we can definitely strip the setuid bits in the NFS mirror.
Most of the setuid files installed onto the hard drive come from the
tarfiles in the install volume, and the rest are tracked in from the
srvd--track should just use the status bits from the statfile.
I'm a little more worried about whether it's safe to change the
ownerships of the files--it shouldn't have any greater effect, but it
might. But I can do a little experimentation to make sure it doesn't
have any effect on the installed image.
If it turns out we need to keep the ownership and group but not the
setuid bits, then we'll have a bit of a technical issue since synctree
doesn't have a strip-setuid-bits option. But I'll come back to that
if necessary.
> I think it'd be best to have it run with tokens for
> rcmd.bloom-picayune.
This is so people can't modify files in transit from AFS? The last
time I visited the AFS source base, I determined that having tokens
doesn't actually provide any integrity checking. :/
