On 5/21/25 5:06 AM, Sebastian Feld wrote: > On Tue, May 13, 2025 at 3:50 PM Jeff Layton <jlayton@xxxxxxxxxx> wrote: >> >> Back in the 80's someone thought it was a good idea to carve out a set >> of ports that only privileged users could use. When NFS was originally >> conceived, Sun made its server require that clients use low ports. >> Since Linux was following suit with Sun in those days, exportfs has >> always defaulted to requiring connections from low ports. >> >> These days, anyone can be root on their laptop, so limiting connections >> to low source ports is of little value. >> >> Make the default be "insecure" when creating exports. > > I made a poll webpage for our sysadmins about what they think about this change. Who are "our sysadmins" and what did you do to compensate for various cognitive biases? > Out of 26 people allowed to vote 24 voted "BAD idea, keep the secure > option the default", and two didn't vote. > > So this is a change which is virtually 100% hated by the people > primarily affected by such a change. I'm interested in understanding why changing the default behavior is a problem. Is explicitly adding the "secure" export option on the exports where it matters a heavy lift? If so, why? -- Chuck Lever
