[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Poor Man's XT doc (pre-releace)



>>I am confused... How do you intend to run X as non-root? I think it
>>might be better just to make mount the NFS partitions as read-only,
>>for normal use.
>
>Normally you have an Xserver that's SUID root (or a SUID root wrapper for it)
>so that regular users can run it and access the hardware (which currently
>requires root access).  This is not desired on an Xterm as all processes run
>as root user.
>If you have the NFS server setup as root_squash then the client computer (the
>X server) will have read access to all files (give them all world-read
>access) but no write access apart from /tmp.  I believe that Stephen's latest
>idea of exporting read-only and then using a RAM disk for /tmp is a better
>idea though.
>I wouldn't be inclined to skip the ext2 file system though.  I believe that
>ideally an X terminal will use kmod and have a whole range of modules
>including sound drivers and drivers for all floppy disks.  Basically IMHO you
>want your X server to have drivers for every IO device you're likely to want
>to connect to it.

Does X allow sharing of floppy disks and audio?????

>>The real problem I see, security wise, is that /etc cannot be read-only
>>as it contains files that must be writable (I think), like /etc/mtab. This
>>is really annoying. It also means that the root filesystem cannot
>>be shared. The root filesystem must contain /etc, /bin, /sbin, so I seperate
>>copy of all these files must be kept.
>
>AFAIK /etc does not need write access.  /etc/mtab is not written if you use
>the -n option of mount (you can have a pre-made version that says that
>everything's mounted).  This is a problem for umounting (there is no -n flag
>for umount), but you don't REALLY need to umount an NFS partition -
>especially a read-only one.

Question: Why is /etc/mtab required? Why not just have a symlink
from /etc/fstab to /proc/mounts? Although on my computer, the entry
in /proc/mounts for the root partition looks wrong:
/dev/root / ext2 rw 0 0

The correct device should be /dev/hda2 not /dev/root.

/etc requires write access in order to allow local-logins (I think),
as libc6 creates a file called /etc/.pwd.lock (YUCK!). (I am not
absolutely certain that this is still the case, however I did see
a bug reported against libc6 that this file is never deleted).

>>Of course, it may be possible to remount /etc as another writable
>>filesystem during boot, but this approach still makes me nervous (any
>>changes made to /etc will come out as errors before /etc is re-mounted).
>
>I've been thinking of this.  There are some files such as /etc/hostname which
>need to be different.  I was thinking of having them be sym-links to files
>under /tmp and then generate the files on /tmp at boot time.

I was thinking a good solution might be to mount a host specific
configuration directory early during boot, eg in a file
pointed to by a symlink /etc/rcS.d/S00*. This could do something like
mount server:/etc/ip-address /etc/local, and
have symlinks from files in /etc to /etc/local

Note:
1. /etc/local could be mounted read-only,
2. As /etc/local is mounted early in the boot process, you could
even have different versions of files like /etc/fstab for each
computer (this could be important if the computers aren't dedicated
to diskless Linux).

>>Otherwise, it might just be possible to mount the entire root filesystem
>>as read-only except for /tmp and /var. I have heard of schemes where
>>the /tmp partition is a local harddisk that is formatted on start-up,
>>removing any long-term security implications. A seperate copy
>>of /var would be required for each diskless computer.
>
>What do you need /var for?  No mail, no squid cache, no logs needed...

In my setup, I have a fully operational Linux computer via NFS-Root
which requires log files, lock files, etc.


Reply to: