# Run FBSD with config files from a remote server



## triumdh (Feb 11, 2010)

I am trying to run a standard install FBSD server but have config files load from a remote server instead of /usr/local/etc at boot.
I do not want to scp the files. I am hoping to have the files load into memory without residing on the local server.
The remote server is at a different location/subnet.
Thanks in advance.

FreeBSD keep up the great work.ï¿½e


----------



## SirDice (Feb 11, 2010)

Is there a reason why you want this?

If you just want some centralized configuration management, I'd use a cronjob with cvs to pull in config files. The config files are stored in a central CVS server. The biggest benefit would be having version control on those files.


----------



## randi@ (Feb 11, 2010)

NFS mounts.


----------



## triumdh (Feb 12, 2010)

Thank you randi@
NFS mount with the /net switch will work.

SirDice
When your config files hold sensitive data you may not want them residing locally although I did look at encryption also.


----------



## SirDice (Feb 12, 2010)

triumdh said:
			
		

> Thank you randi@
> NFS mount with the /net switch will work.
> 
> SirDice
> When your config files hold sensitive data you may not want them residing locally although I did look at encryption also.



Then NFS isn't going to help you either. Somebody could just mount the exported filesystem and have a look at your files.

The real question is.. What do you consider sensitive data and why is it stored in configuration files?


----------



## triumdh (Feb 13, 2010)

The mac and ip addresses would not match for access to the NFS server.
Where else would you put configuration data?


----------



## SirDice (Feb 15, 2010)

triumdh said:
			
		

> The mac and ip addresses would not match for access to the NFS server.


Both are easily set by anyone and it won't stop people from accessing the data.


> Where else would you put configuration data?



I'm more interested in what you deem to be 'sensitive' configuration data. 
If we understood what you're trying to protect we may have better solutions.


----------



## triumdh (Feb 15, 2010)

Sorry, I can't really post information on our sensitive data.
We are evaluating several OS's and the spec requires that certain configuration data not reside on the hard drive.

Thanks for all your help.


----------



## SirDice (Feb 16, 2010)

Of course I don't need to know the exact details. But some hints would be nice. 
I can't remember ever having to put 'sensitive' data into a config file. That's why I'm wondering what could be so important.

If the data is that important only encryption will help. Everything else is basically useless as a security measure.


----------



## triumdh (Feb 17, 2010)

That's a good point.
I think the main concern is that someone takes the machine off site and slaves the hard drive then unencrypts the data.


----------



## SirDice (Feb 17, 2010)

triumdh said:
			
		

> That's a good point.
> I think the main concern is that someone takes the machine off site and slaves the hard drive then unencrypts the data.



If the encryption is good and you've chosen a proper password it will take several hundred years before they're able to read it 

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html


----------

