Hi Vagrant,
we are interested in that "unmark the writeability on some dirs by manually
editing
the tmpfs layer to not allow writes to certain directories".
How can that be done?
And some feedback regarding the stability of Diskless LTSP clients used as
servers:
rstumbaum@wmc01-a.dc1:~$ uptime
10:23:19 up 286 days, 18:42, 1 user, load average: 0.08, 0.03, 0.00
rstumbaum@wmc01-a.dc1:~$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:8e:01:00
...
eth1 Link encap:Ethernet HWaddr 00:50:56:8e:01:0b
...
RX bytes:3560672905317 (3.2 TiB) TX bytes:903992309416 (841.9 GiB)
....
rstumbaum@wmc01-a.dc1:~$ df /
Filesystem 1K-blocks Used Available Use% Mounted on
10.20.57.3:/vol/rootfs64_6-00067
61341696 39956160 21385536 66% /
rstumbaum@wmc01-a.dc1:~$
With squeeze the load average of a diskless server is somehow broken - that
looks very different now with the wheezy systems - actually quite scary in the
beginning.
We are very happy with our LTSP setup here!!!
Thanks
Rainer
Vagrant Cascadian <vagr...@debian.org> schrieb am 0:34 Mittwoch, 2.April 2014:
On Tue, Apr 01, 2014 at 10:58:33PM +0100, stumba...@yahoo.de wrote:
> we use LTSP as the base for our Diskless Server environment. We only install
> ltsp-client-core and manage the machines with scripts being called using /etc/
> lts.conf.
> We do like the new way with aufs - it makes modifying configuration files so
> much easier - but it also introduces problems since an attacker now can as
> well
> easily replace the sshd and we might not notice...
> Is there a way to exclude directories or to just only include some directories
> to be writeable in aufs?
Not currently. Maintaining the whitelist with the old approach (bind mounts)
became rather burdensome as various applications write to all sorts of crazy
places, but implementing a blacklist would be an interesting idea.
You might be able to unmark the writeability on some dirs by manually editing
the tmpfs layer to not allow writes to certain directories...
That said, the permissions should be such that only root can write to the files
anyways, and if they have root access, they could mount their own writeable
overlay on top of it anyways...
live well,
vagrant
------------------------------------------------------------------------------
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
------------------------------------------------------------------------------
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
