[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[OT] fhs and multiple partitions (was: Installing Debian using ...)

On 23/02/2004 at 00:05, s. keeling wrote:
> This is ridiculous advice and I wish people like you would stop
> offering it.  Multiple partitions make the system far more robust and
> usable in many ways, from backing it up through system stability.
> This is just as true for a laptop as it is for servers.

Completely agree.

> The single partition way is simpler to install; that's its only saving
> grace.  Multiple partitions make it far less fragile.

Well, that's not 100% true. Having all the system in a single root
partition makes easier not only installing, but also hd space
management: imagine you save 3 GB for /usr and you install more packages
than you initially thougt and run out of free space. Solving this
problem is a pain in the ass.

I mean: you have to choose *very* carefully your partition sizes (unless
you have plenty of hd).

One other advantage in separating partitions is security: you can mount
/boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev,
etc. (http://www.seifried.org/lasg/installation/).

On 23/02/2004 at 00:40, s. keeling wrote:
> /boot and /tmp shouldn't be separate.  On that, we can agree.

/boot and /tmp *should* be separate.

On 23/02/2004 at 09:24, Klaus Ita wrote:
> and then tmp should definitely have a noexec tag and not share the
> same as /boot (ro).

/tmp in debian cannot be noexec (at least so it was last time I
checked). IIRC, package management system extracts things and runs them

What is a *very big* security gain is to mount *all* partitions *except*
/usr nosuid.


Reply to: