Re: [tlug] NFS-mounting /home

[Bruno Raoult <br@example.com>]

Matt Doughty wrote:

>On Sat, May 18, 2002 at 12:09:46AM +0900, Bruno Raoult wrote:
>  
>
>>Matt,
>>
>>Just 2 questions: What is a "computer lab" for you? It sounds for me 
>>(this name -
>>computer lab)  like an university or research domain. This is nice, but not
>>where most people are working, AFAIK.
>>    
>>
>
>You would be surprised how many unix workstation environments are in 
>Universities.  I have actually seen far fewer unix workstation environments
>outside of higher education. Either way I was pointing out an example 
>environment that exists in the real world where a strait mount makes more
>sense.  It is a situational decision.  I know you are in love with the
>automount solution but it doesn't make sense in all real world situations.
>
This is where we don't agree, I guess... A ratio of 2 PCs + 2 WS per 
user is probably
not what we find in "labs". I strongly think the "enterprise" 
environment uses more Unix
(I don't say Linux here - Linux is part of the Unix park) than 
universities. And the
enterprise environment is probably more diversified than the University 
one (in which
one student equals another one).

>>Second question: I don't understand how automount is less secure than mount,
>>if the same mount points -&servers- are used: The server decides to share a
>>directory, and the client decides to mount it, in both cases. The access 
>>rights
>>are the same, and the protocol is the same. If a client uses automount, the
>>server will not be able to notice the difference with a "real" mount. We 
>>are
>>    
>>
>
> There have been various security holes due to buffer 
>overflows in the AMD daemon code.  Is AMD safe now? It could be but
>the question is why would you run software you don't need?  
>
In an internal network, this is not a main problem. The main target is 
to make the system
suit the different needs  - as I said, the secretary & the trader. Users 
are not "interchangeable"
as they are in school. The business give its needs, and the IT tries to 
do its best to do it
within the allowed costs.
The words "software you don't need"  is a subjective opinion, as the 
needs come from the
business, not from IT. For instance, I could choose between:
1) automount is bad [tm] - let's have /home for 50% users, and 
/home-important for others.
    Maybe a /home-local. This will maybe cost one more headcount per 100 
stations - long
    discussions with business to come!
2) Let go for automount: Cheap, easy, and fitting the needs. And 
coherent naming (/home) for
    all users. Maybe security issues for some systems - to be noticed 
and accepted by business
    lines & risk managers.
3) users dirs are local. This is the best solution in the real world 
(users *never* exchange stations,
     and they don't have crucial/volatile data there).
    We obviously need 1 more admin for 20-50 WS in this case - to be 
discussed and agreed with
     business (I won't ever try!).
4) Use another system (??).

As an IT guy, I would follow you. But IT is not living for IT, 
unfortunately :-)

br.

PS. When I said "2 WS per user", it was in my case globally. The real 
number is more "5 WS
  per user" if we limit the scope to some clients (for instance 
front-office).

-- 
Computers are like air-conditions. They don't properly work, if you open
Windows.