From: Donovan, Jeffrey (Jeff), ALABS (jmd@att.com)
Date: Wed Dec 17 2003 - 10:55:10 EST
Summary to:
"I am getting security flags on my jumpstart server for having the following
share:
share -F nfs -o ro,anon=0 /opt/jumpstart/install
It's complaining about anon=0 and the fact that there is no server specified.
Does anyone know why you need anon=0? How can I change it to make my security
audit happy? Has anyone done jumpstarts with a server specified as a -o
option?"
Thanks to these folks for responding:
Jim Vandevegt
Jay Lessert
Nelson Arzola
Matthew Stier
Casper Dik
All basically said the anon=0 allows the client to read root owned files on
the mounted file system which in this case is the OS image and jumpstart needs
this. The fact that its shared as read only and there is no proprietary info
being shared it should be safe per a security perspective. If there are any
proprietary files or this isn't sufficient for a security audit, it can be
locked down ie;
1) add some machines to the ro=
2) change anon=0 to root=<machines>.
Thanks to all of you for getting back to me so quickly and giving me some ammo
to use against my security group.
-----Original Message-----
From: Donovan, Jeffrey (Jeff), ALABS
Sent: Monday, December 15, 2003 5:20 PM
To: sunmanagers@sunmanagers.org
Subject: anon=0
Hi all,
I am getting security flags on my jumpstart server for having the following
share:
share -F nfs -o ro,anon=0 /opt/jumpstart/install
It's complaining about anon=0 and the fact that there is no server specified.
Does anyone know why you need anon=0? How can I change it to make my security
audit happy? Has anyone done jumpstarts with a server specified as a -o
option?
Thanks
* Jeff
* AT&T LABS-IP SERVICES Infrastructure Team
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:43 EDT