[OT] fhs and multiple partitions (was: Installing Debian using ...)
On 23/02/2004 at 00:05, s. keeling wrote:
> This is ridiculous advice and I wish people like you would stop
> offering it. Multiple partitions make the system far more robust and
> usable in many ways, from backing it up through system stability.
> This is just as true for a laptop as it is for servers.
Completely agree.
> The single partition way is simpler to install; that's its only saving
> grace. Multiple partitions make it far less fragile.
Well, that's not 100% true. Having all the system in a single root
partition makes easier not only installing, but also hd space
management: imagine you save 3 GB for /usr and you install more packages
than you initially thougt and run out of free space. Solving this
problem is a pain in the ass.
I mean: you have to choose *very* carefully your partition sizes (unless
you have plenty of hd).
One other advantage in separating partitions is security: you can mount
/boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev,
etc. (http://www.seifried.org/lasg/installation/).
On 23/02/2004 at 00:40, s. keeling wrote:
> /boot and /tmp shouldn't be separate. On that, we can agree.
/boot and /tmp *should* be separate.
On 23/02/2004 at 09:24, Klaus Ita wrote:
> and then tmp should definitely have a noexec tag and not share the
> same as /boot (ro).
/tmp in debian cannot be noexec (at least so it was last time I
checked). IIRC, package management system extracts things and runs them
there.
What is a *very big* security gain is to mount *all* partitions *except*
/usr nosuid.
--
Kiko
Reply to: