anon=0 summary
2007-12-25 2:33:00
"I am getting security flags on my jumpstart server for having the following
share:
share -F nfs -o ro,anon=0 /opt/jumpstart/install
It's complaining about anon=0 and the fact that there is no server specified.
Does anyone know why you need anon=0? How can I change it to make my security
audit happy? Has anyone done jumpstarts with a server specified as a -o
option?"
Thanks to these folks for responding:
Jim Vandevegt
Jay Lessert
Nelson Arzola
Matthew Stier
Casper Dik
All basically said the anon=0 allows the client to read root owned files on
the mounted file system which in this case is the OS image and jumpstart needs
this. The fact that its shared as read only and there is no proprietary info
being shared it should be safe per a security perspective. If there are any
proprietary files or this isn't sufficient for a security audit, it can be
locked down ie;
1) add some machines to the ro=
2) change anon=0 to root=<machines>.
Thanks to all of you for getting back to me so quickly and giving me some ammo
to use against my security group.
-----Original Message-----
From: Donovan, Jeffrey (Jeff), ALABS
Sent: Monday, December 15, 2003 5:20 PM
To: codeprof at codeprof.com
Subject: anon=0
Hi all,
I am getting security flags on my jumpstart server for having the following
share:
share -F nfs -o ro,anon=0 /opt/jumpstart/install
It's complaining about anon=0 and the fact that there is no server specified.
Does anyone know why you need anon=0? How can I change it to make my security
audit happy? Has anyone done jumpstarts with a server specified as a -o
option?
Thanks
* Jeff
* AT&T LABS-IP SERVICES Infrastructure Team
Comments
Got something to say?
You must be logged in to post a comment.
