RE: anon=0 summary

From: Donovan, Jeffrey (Jeff), ALABS (jmd_at_att.com)
Date: 12/17/03

  • Next message: Bhavesh Shah: "RE: RM Problem on Solaris 8" 
    Date: Wed, 17 Dec 2003 09:55:10 -0600
To: <sunmanagers@sunmanagers.org>

    Summary to:
    "I am getting security flags on my jumpstart server for having the following
    share:

    share -F nfs -o ro,anon=0 /opt/jumpstart/install

    It's complaining about anon=0 and the fact that there is no server specified.
    Does anyone know why you need anon=0? How can I change it to make my security
    audit happy? Has anyone done jumpstarts with a server specified as a -o
    option?"

    Thanks to these folks for responding:

    Jim Vandevegt
    Jay Lessert
    Nelson Arzola
    Matthew Stier
    Casper ***

    All basically said the anon=0 allows the client to read root owned files on
    the mounted file system which in this case is the OS image and jumpstart needs
    this. The fact that its shared as read only and there is no proprietary info
    being shared it should be safe per a security perspective. If there are any
    proprietary files or this isn't sufficient for a security audit, it can be
    locked down ie;
    1) add some machines to the ro=
    2) change anon=0 to root=<machines>.

    Thanks to all of you for getting back to me so quickly and giving me some ammo
    to use against my security group.

     -----Original Message-----
    From: Donovan, Jeffrey (Jeff), ALABS
    Sent: Monday, December 15, 2003 5:20 PM
    To: sunmanagers@sunmanagers.org
    Subject: anon=0

    Hi all,

    I am getting security flags on my jumpstart server for having the following
    share:

    share -F nfs -o ro,anon=0 /opt/jumpstart/install

    It's complaining about anon=0 and the fact that there is no server specified.
    Does anyone know why you need anon=0? How can I change it to make my security
    audit happy? Has anyone done jumpstarts with a server specified as a -o
    option?

    Thanks

    * Jeff
    * AT&T LABS-IP SERVICES Infrastructure Team
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Bhavesh Shah: "RE: RM Problem on Solaris 8"