Diskless mounts

Although the file system of a diskless workstation is mounted from a server /exports directory, to the diskless machine, the file system looks just like the file system on a standalone machine.

The following shows the relationship between server exports, and the diskless workstation mount points:

For more information about the /export directory, see /export directory.

In general, users on a server do not have any access to the /export directory.

Exporting the /export/root Directory

The /export/root directory must be exported with read/write permissions, and the root user on the server must have access. However, you might want to mount this directory with the following options of the mount command:

Item	Description
nosuid	Prevents a user on the server from running the setuid programs of the client
nodev	Prevents a user from accessing the server devices using a device-special file of the client.

An alternative to mounting the /export/root directory with these options is to avoid giving users running on the server any access to the /export/root directory.

Exporting the /export/exec Directory

The /export/exec directory is exported with read-only permissions and must provide root access. However, you might want to mount this directory with the following options of the mount command:

Item	Description
nosuid	Prevents a user on the server from running the setuid programs of the client. If you are exporting the server /usr directory, you cannot use the nousid option.
nodev	Prevents a user from accessing the server devices using a device-special file of the client.

Exporting the /export/share Directory

The /export/share directory is exported with read-only permissions and must provide root access. Because this directory generally contains only data (no executables or devices), you do not need to use the mount security options.

Exporting the /export/home Directory

There are several ways to mount a user /home directory:

• You can mount the /export/home/Clienthostname directory over the client /home directory. In this case, the client has read/write permissions and the root user has access. To ensure system security, mount the /export/home directory with the following options to the mount command:

  Item	Description
  nosuid	Prevents a user on the server from running the setuid programs of the client.
  nodev	Prevents a user from accessing the server devices using a device-special file of the client.

• You can mount the /home directory on the server over the /home directory of the client. In this case, the /home directory is exported with read/write permissions and without root access. To ensure system security, mount the /home directory on both the server and client with the nosuid and nodev options of the mount command.
• Alternatively, you can mount on the client each /home/UserName directory on the server over the /home/Username directory on the client so users can log in to different machines and still have access to their home directories. In this case, the /home/Username directories on the server and clients are both mounted with the nousid and nodev options of the mount command.

Exporting the /export/dump Directory

Export the /export/dump/Clienthostname directory with read/write permissions and root access. Users on the server do not have any access to the /export/dump/Clienthostname files.

Exporting the /export/swap Directory

Export the /export/swap/Clienthostname file with read/write permissions and root access. No security measures are necessary. Users on the server do not have any access to the /export/swap/Clienthostname files.