On Mon, 17 May 2010, Stephen Harris wrote: > On Mon, May 17, 2010 at 04:04:45PM -0400, Phil Schaffner wrote: >> Stephen Harris wrote on 05/17/2010 12:15 PM: >>> Don't do NFS localhost mounts from fstab >> >> Why would you want to do localhost: NFS mounts anyway? > > 'cos the current kernel doesn't allow read-only bind mounts and I > need to present information in a locked down read-only area. +1. On one server, we provide a read-write CVS tree accessible to developers -- but we nfs-mount a read-only view of the same filesystem into the cvsd chroot environment for anonymous users. If cvsd is found to have a vulnerability, the chroot and nfs layers are likely to limit the damage. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/