Re: Poor Man's XT doc (pre-releace)
>>Normally you have an Xserver that's SUID root (or a SUID root wrapper for it)
>>so that regular users can run it and access the hardware (which currently
>>requires root access). This is not desired on an Xterm as all processes run
>>as root user.
>>If you have the NFS server setup as root_squash then the client computer (the
>>X server) will have read access to all files (give them all world-read
>>access) but no write access apart from /tmp. I believe that Stephen's latest
>>idea of exporting read-only and then using a RAM disk for /tmp is a better
>>idea though.
>>I wouldn't be inclined to skip the ext2 file system though. I believe that
>>ideally an X terminal will use kmod and have a whole range of modules
>>including sound drivers and drivers for all floppy disks. Basically IMHO you
>>want your X server to have drivers for every IO device you're likely to want
>>to connect to it.
>
>Does X allow sharing of floppy disks and audio?????
The X protocol does Audio. For floppy disks you need to have some sort of
setup for mounting them. Maybe NBD would help for this...
>>>The real problem I see, security wise, is that /etc cannot be read-only
>>>as it contains files that must be writable (I think), like /etc/mtab. This
>>>is really annoying. It also means that the root filesystem cannot
>>>be shared. The root filesystem must contain /etc, /bin, /sbin, so I seperate
>>>copy of all these files must be kept.
>>
>>AFAIK /etc does not need write access. /etc/mtab is not written if you use
>>the -n option of mount (you can have a pre-made version that says that
>>everything's mounted). This is a problem for umounting (there is no -n flag
>>for umount), but you don't REALLY need to umount an NFS partition -
>>especially a read-only one.
>
>Question: Why is /etc/mtab required? Why not just have a symlink
>from /etc/fstab to /proc/mounts? Although on my computer, the entry
>in /proc/mounts for the root partition looks wrong:
>/dev/root / ext2 rw 0 0
I'm not sure. Try making it a sym-link and see what happens. Make sure you
mount with "-n".
>The correct device should be /dev/hda2 not /dev/root.
ln -s /dev/hda2 /dev/root
>/etc requires write access in order to allow local-logins (I think),
>as libc6 creates a file called /etc/.pwd.lock (YUCK!). (I am not
>absolutely certain that this is still the case, however I did see
>a bug reported against libc6 that this file is never deleted).
On my system /etc/.pwd.lock is dated the 11th of July. I guess it doesn't
need to be writable.
>>>Of course, it may be possible to remount /etc as another writable
>>>filesystem during boot, but this approach still makes me nervous (any
>>>changes made to /etc will come out as errors before /etc is re-mounted).
>>
>>I've been thinking of this. There are some files such as /etc/hostname which
>>need to be different. I was thinking of having them be sym-links to files
>>under /tmp and then generate the files on /tmp at boot time.
>
>I was thinking a good solution might be to mount a host specific
>configuration directory early during boot, eg in a file
>pointed to by a symlink /etc/rcS.d/S00*. This could do something like
>mount server:/etc/ip-address /etc/local, and
>have symlinks from files in /etc to /etc/local
I've had similar thoughts.
>>What do you need /var for? No mail, no squid cache, no logs needed...
>
>In my setup, I have a fully operational Linux computer via NFS-Root
>which requires log files, lock files, etc.
Same here. But a fully operational Linux box is very different to an X term.
--
This is what they pay me for.
Reply to: