NAME

fsirand — randomize inode generation numbers

SYNOPSIS

DESCRIPTION

The fsirand command installs random generation numbers on all the inodes for each filesystem specified on the command line by special. This increases the security of NFS-exported filesystems by making it difficult to “guess” filehandles.

Note: newfs(8) now does the equivalent of fsirand itself so it is no longer necessary to run fsirand by hand on a new filesystem. It is only used to re-randomize or report on an existing filesystem.

fsirand should only be used on an unmounted filesystem that has been checked with fsck(8) or a filesystem that is mounted read-only. fsirand may be used on the root filesystem in single-user mode but the system should be rebooted via “reboot -n” afterwards.

The options are as follows:

-b

Use the default block size (usually 512 bytes) instead of the value gleaned from the disklabel.

-f

Force fsirand to run even if the filesystem on special is not marked as clean.

-p

Print the current generation numbers for all inodes instead of generating new ones.

SEE ALSO

fs(5), fsck(8), newfs(8), reboot(8)

HISTORY

The fsirand command appeared in SunOS 3.x. This version of fsirand first appeared in OpenBSD 2.1.

AUTHORS

Todd C. Miller

CAVEATS

Since fsirand allocates enough memory to hold all the inodes in a given cylinder group, it may use a large amount of memory for large disks with few cylinder groups.