Greetings,
Does anyone know if tmpwatch is capable of removing files mounted via
nfs ?
example: A system admin decides to mount a his home directory on a
different server on /tmp/tmp_servername/UnixAccount
I know it sounds not likely to happen but it did. The mount point had
read write access as root.
Has anyone seen this before?
Thanks
Ihab

Ihab Khoury wrote:

> Greetings,
> Does anyone know if tmpwatch is capable of removing files mounted via
> nfs ?
> example: A system admin decides to mount a his home directory on a
> different server on /tmp/tmp_servername/UnixAccount
> I know it sounds not likely to happen but it did. The mount point had
> read write access as root.
> Has anyone seen this before?

Why not solve the problem at the source? Prevent this specific user from
doing this, using permissions if necessary. For example, IMHO if he can
contemplate this setup, he needs to have his sysadmin privileges revoked.

--
Paul Lutus
http://www.arachnoid.com

"Paul Lutus" <nospam@nosite.zzz> wrote in message
news:10ieqt85v651h9e@corp.supernews.com...
> Ihab Khoury wrote:
>
> > Greetings,
> > Does anyone know if tmpwatch is capable of removing files mounted via
> > nfs ?
> > example: A system admin decides to mount a his home directory on a
> > different server on /tmp/tmp_servername/UnixAccount
> > I know it sounds not likely to happen but it did. The mount point had
> > read write access as root.
> > Has anyone seen this before?
>
> Why not solve the problem at the source? Prevent this specific user from
> doing this, using permissions if necessary. For example, IMHO if he can
> contemplate this setup, he needs to have his sysadmin privileges revoked.

tmpwatch is normally configured *not* to do this, to avoid exactly this sort
of problem. Look at the associated configuration files with the tmpwatch
software.

Of course, if you run a tmpwatch by hand or without checking your options,
then you may blow things sky high.

Nico Kadel-Garcia wrote:

>
> "Paul Lutus" <nospam@nosite.zzz> wrote in message
> news:10ieqt85v651h9e@corp.supernews.com...
>> Ihab Khoury wrote:
>>
>> > Greetings,
>> > Does anyone know if tmpwatch is capable of removing files mounted via
>> > nfs ?
>> > example: A system admin decides to mount a his home directory on a
>> > different server on /tmp/tmp_servername/UnixAccount
>> > I know it sounds not likely to happen but it did. The mount point had
>> > read write access as root.
>> > Has anyone seen this before?
>>
>> Why not solve the problem at the source? Prevent this specific user from
>> doing this, using permissions if necessary. For example, IMHO if he can
>> contemplate this setup, he needs to have his sysadmin privileges revoked.
>
> tmpwatch is normally configured *not* to do this, to avoid exactly this
> sort of problem. Look at the associated configuration files with the
> tmpwatch software.

Complete agreement, but someone who mounts a network system under /tmp
should not be an admin, against even the possibility of a purge. In my
ever-most-humble opinion, as I'm sure you know.

--
Paul Lutus
http://www.arachnoid.com

"Paul Lutus" <nospam@nosite.zzz> wrote in message
news:10ig7cr1imtv638@corp.supernews.com...

> Complete agreement, but someone who mounts a network system under /tmp
> should not be an admin, against even the possibility of a purge. In my
> ever-most-humble opinion, as I'm sure you know.

Hmm. I've done it for a matter of minutes, rather than creating a permanent
directory elsewhere, in order to test an NFS or SMB mountable directory
before putting it in autofs or in a local /etc/fstab for regular mounting.
It's particularly useful if your home directories are already NFS mounted
and thus unsuitable for putting another NFS mount point on top of.

Nico Kadel-Garcia wrote:

>
> "Paul Lutus" <nospam@nosite.zzz> wrote in message
> news:10ig7cr1imtv638@corp.supernews.com...
>
>> Complete agreement, but someone who mounts a network system under /tmp
>> should not be an admin, against even the possibility of a purge. In my
>> ever-most-humble opinion, as I'm sure you know.
>
> Hmm. I've done it for a matter of minutes, rather than creating a
> permanent directory elsewhere, in order to test an NFS or SMB mountable
> directory before putting it in autofs or in a local /etc/fstab for regular
> mounting. It's particularly useful if your home directories are already
> NFS mounted and thus unsuitable for putting another NFS mount point on top
> of.

Well, that sounds like a matter of convenience, not policy. For myself,
instead of using /tmp, I create various temp directories under the root
directory for this sort of thing, because they have no status with the OS
and are not likely to be toyed with by a well-meaning daemon.

--
Paul Lutus
http://www.arachnoid.com

Appreciate all the responses and advice. I will check more on the
configuration files for tmpwatch.
I am still curious to know if anyone else on this planet has
experienced such an incident were tmpwatch removed files mounted via
NFS in /tmp.?

Thanks,
Ihab
Paul Lutus <nospam@nosite.zzz> wrote in message news:<10ihgtfmr3need@corp.supernews.com>...
> Nico Kadel-Garcia wrote:
>
> >
> > "Paul Lutus" <nospam@nosite.zzz> wrote in message
> > news:10ig7cr1imtv638@corp.supernews.com...
> >
> >> Complete agreement, but someone who mounts a network system under /tmp
> >> should not be an admin, against even the possibility of a purge. In my
> >> ever-most-humble opinion, as I'm sure you know.
> >
> > Hmm. I've done it for a matter of minutes, rather than creating a
> > permanent directory elsewhere, in order to test an NFS or SMB mountable
> > directory before putting it in autofs or in a local /etc/fstab for regular
> > mounting. It's particularly useful if your home directories are already
> > NFS mounted and thus unsuitable for putting another NFS mount point on top
> > of.
>
> Well, that sounds like a matter of convenience, not policy. For myself,
> instead of using /tmp, I create various temp directories under the root
> directory for this sort of thing, because they have no status with the OS
> and are not likely to be toyed with by a well-meaning daemon.