NAME    [Toc]    [Back]

     fsirand - randomize inode generation numbers

SYNOPSIS    [Toc]    [Back]

     fsirand [-b] [-f] [-p] special [...]

DESCRIPTION    [Toc]    [Back]

     The fsirand command installs random  generation  numbers  on
all the inodes
     for  each  filesystem  specified  on  the  command  line  by
special.  This increases
 the security of NFS-exported filesystems  by  making
it difficult
     to ``guess'' filehandles.

     Note:  newfs(8) now does the equivalent of fsirand itself so
it is no
     longer necessary to run fsirand by hand on a new filesystem.
It is only
     used to re-randomize or report on an existing filesystem.

     fsirand  should only be used on an unmounted filesystem that
has been
     checked with fsck(8) or a filesystem that is  mounted  readonly.  fsirand
     may  be  used on the root filesystem in single-user mode but
the system
     should be rebooted via ``reboot -n'' afterwards.

     The options are as follows:

     -b      Use the default block size (usually 512  bytes)  instead of the
             value gleaned from the disklabel.

     -f       Force  fsirand  to  run  even  if the filesystem on
special is not
             marked as clean.

     -p      Print the current generation numbers for all  inodes
instead of
             generating new ones.

SEE ALSO    [Toc]    [Back]

     fs(5), fsck(8), newfs(8), reboot(8)

HISTORY    [Toc]    [Back]

     The  fsirand command appeared in SunOS 3.x.  This version of
fsirand first
     appeared in OpenBSD 2.1.

AUTHORS    [Toc]    [Back]

     Todd C. Miller

CAVEATS    [Toc]    [Back]

     Since fsirand allocates enough memory to hold all the inodes
in a given
     cylinder  group,  it  may  use  a large amount of memory for
large disks with
     few cylinder groups.

OpenBSD     3.6                        January      25,      1997