SUMMARY: /usr mounted ro for Diskless Workstations

From: Gregory Higgins (higgins@math.niu.edu)
Date: Mon Jan 27 1992 - 16:06:51 CST


My original question:
  From: Gregory Higgins <higgins@math.niu.edu>
  
  When creating /export/root/WORKSTATION/etc/fstab, add_client makes
  /usr an ro mount. This breaks /usr/games/fortune on the diskless
  workstations. The fix is trivial, but the rational needs explanation.
  
  Does anyone know why /usr for diskless workstations needs (or should)
  be ro? If I am the networks only root, would that make a difference
  in your answer?
  
In general, the opinion of the group was that if others were
root on the Diskless Workstations then mounting /usr rw is an invitation
to disaster. While you can prevent the Workstation roots from
doing things in the partition as root, you really can't prevent them
from being bin, etc.

Opinions were mixed if I'm the only root; under this consideration
some people (including some which may be considered 'authoritative')
thought it would be OK to mount the filesystem rw, while others
felt that "The system should be able to tolerate /usr mounted ro."
For those that felt /usr should always be ro, the following comment
I thought insightful:

        " We generally mount /usr read-only on ALL hosts
          (diskful, too); it means fsck doesn't have to run, makes
          filesystem corruption less likely, and also speeds access
          (since inode access times don't have to be updated). "
 
Several people commented on /usr/games/fortune. This response
politely (and authoritatively) sums it up:

        " This is one of the few programs that have a problem
          with the diskless configuration. Should be fixed,
          but it's probably not gonna happen anytime soon. "

For a workaround without mounting /usr rw, a few people suggested
copying /usr/games/lib/fortune.dat to a filesystem which can safely
be mounted rw and installing a symbolic link to that file in
/usr/games/lib. This is suggestion I implemented. At the same time
I observed that I should probably do this with most of the files in
/usr/games/lib. I will do this in the near future, but most of my
users access fortune only.

One person suggested the following:

        " chmod 000 /usr/games on the server saves you a lot of
          time and embarassement. The games are not supported,
          buggy and not running well for diskless clients. For a
          test : double-click the monopoly game in the file manager.
          I had to reboot my clients so often due to games running
          wild, driving the lockd crazy or continue running after
          user logout that I dismissed them. "

I won't be doing this; I serve and protect, but I'm not a cop and
my users aren't children. It's their network. I may disable
games (or pgms) which are buggy; but not the ability to use
those which aren't.

One final comment which expresses an opinion a few people gave:

        " You can hack root from the console of a workstation.
          Mounting /usr rw makes it easier to modify/replace
          system software without having to worry about root
          being trusted going from the client to the server. "

This is generally true, but doesn't have to be.
I took over this system last Feb, and recently reconfigured it
from top to bottom. One of the things I do differently from the
previous administrators is that I never install non-os software in /usr;
a practice they did a lot.

I do have a fair number of symlinks in /usr/local, but thats mainly
to keep the old software from breaking until I replace it with
newer versions. If I had one thing to do differently, I would have
made /usr/local its own partition [ as was suggested or implied
by several responders] ; This would allow me to mount
it rw on the servers, and ro everywhere else and mount /usr ro
on my servers even during the shakeout phase. As it is, I may
try to implement this in the near future (actually 1 /usr/local
per architecture), but as soon as the shakeout is completed,
I'm switching my servers to mount /usr ro.

I have found I generally need to be root on the
Workstations only to actually run certain software. (mount or
unmount disks, reboot, and a few others). I'm reasonably well
set in that I have both Sun3 and Sun4 servers, and all of my
Sun4's have the same architecture. When installing patches,
however, a fair amount of work goes into installing the patch
correctly for the diskless workstations from the server, and it
would be nice is Sun included pre-thoughtout instructions for
this. [ Is the program/file in /export/root/WORKSTATION/etc/x,
or is it in /export/exec/sun4.sunos.4.1.1/etc/y ? ]

Many thanks to:

        dan@breeze.bellcore.com (Daniel Strick)
        David Fetrow <fetrow@orac.biostat.washington.edu>
        mike@fionn.lbl.gov (Michael Helm)
        eckhard@ikarus.ts.go.dlr.de (Eckhard Rueggeberg)
        jones@hermes.chpc.utexas.edu (Bill Jones)
        Neil W Rickert <rickert@cs.niu.edu>
        "Anthony A. Datri" <datri@concave.convex.com>
        poffen@sj.ate.slb.com (Russ Poffenberger)
        David.Miner@East.Sun.COM (Dave Miner - SNAG)
        Robert L Krawitz <rlk@Think.COM>
        dit <@aberdeen.ac.uk:dit@abel> "David Tock"
        phil@pex.eecs.nwu.edu (William LeFebvre)
        Debbie McGlade <debbie@cs.odu.edu>
        Mike Raffety <miker@sbcoc.com>

 -Gregory Higgins, Systems Manager, math.niu.edu



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:35 CDT