Hi Kostas,
> I wonder how people plan to secure such a setup. AFAIK you need to
> export /pnfs to your workers|dcache pools and since pnfsd trusts
> connections from insecure ports a user can cause a lot of damage.
if this is true, isn't it true for any dcache installation? I've just
learned that applications need /pnfs exported to read data from dcache in
any case.
What is $nfs? I'd like to try it myself but my farm will be down for a
while. What is the difference between a trusted or untrusted port in what
you have described?
cheers
alessandra
> For example someone can do the following from any machine that has
> pnfs exported to it.
> $nfs
> nfs> host dcacheadmin.domain
> nfs> mount /fs/usr
> nfs> cd data/cms
> nfs> ls -l
> drwxr-xr-x 1 11410 1399 512 Oct 18 12:08 .
> nfs> uid 11410
> nfs> gid 1399
> nfs> put file0
> nfs> rm file1
>
> Cheers,
> Kostas
>
--
********************************************
* Dr Alessandra Forti *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
********************************************
|