FSIRAND(8) - System Manager's Manual

FSIRAND(8) - System Manager’s Manual #

FSIRAND(8) - System Manager’s Manual

NAME #

fsirand - randomize inode generation numbers

SYNOPSIS #

fsirand [-bfp] specialĀ …

DESCRIPTION #

The fsirand command installs random generation numbers on all the inodes for each filesystem specified on the command line by special. This increases the security of NFS-exported filesystems by making it difficult to “guess” filehandles.

Note: newfs(8) now does the equivalent of fsirand itself so it is no longer necessary to run fsirand by hand on a new filesystem. It is only used to re-randomize or report on an existing filesystem.

fsirand should only be used on an unmounted filesystem that has been checked with fsck(8) or a filesystem that is mounted read-only. fsirand may be used on the root filesystem in single-user mode but the system should be rebooted via “reboot -n” afterwards.

The options are as follows:

-b

Use the default block size (usually 512 bytes) instead of the value gleaned from the disklabel.

-f

Force fsirand to run even if the filesystem on special is not marked as clean.

-p

Print the current generation numbers for all inodes instead of generating new ones.

SEE ALSO #

fs(5), fsck(8), newfs(8), reboot(8)

HISTORY #

The fsirand command appeared in SunOS 3.x. This version of fsirand first appeared in OpenBSD 2.1.

AUTHORS #

Todd C. Miller

CAVEATS #

Since fsirand allocates enough memory to hold all the inodes in a given cylinder group, it may use a large amount of memory for large disks with few cylinder groups.

OpenBSD 7.5 - January 25, 2019