Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
On Mon, 2004-02-23 at 10:25, Kiko Piris wrote:
> On 23/02/2004 at 07:52, Albert Cahalan wrote:
> > Nope. This is Linux, which kicks ass. On your
> > single-partition Linux 2.6 system, do this:
> >
> > mount --bind /home /home
> > mount --bind -o remount,nosuid /home /home
>
> Oh!, nice thing. I discovered mount -bind some days ago and I didn't
> realize this utility. Very nice!.
>
> However, some of the servers I admin run 2.4 (and I do not plan to move
> them to 2.6, so...).
Everybody should run 2.6 now. :-)
Here's an even better trick. Mount all your partitions
with nosuid, then use file-on-file bind mounts to
enable setuid on a per-executable basis. Like this:
mount --bind /home/albert/su /home/albert/su
mount -o remount,suid /home/albert/su /home/albert/su
With that, /proc/mounts lists this single file
as a mount point:
/dev/root /home/albert/su ext2 rw 0 0
WARNING: this might not play nice with apt-get;
you can't move or hard-link across mount points.
Maybe this is a desirable "problem" though.
Another neat trick would be to somehow make use
of the CLONE_NEWNS flag. This isn't so easy though.
You could have getty+login use it, then bind mount
a user's ~/tmp over /tmp for a private /tmp. You
could use it to unmount or overmount filesystems
as seen from processes that are children of the
web server.
> > Problem solved, without the disk management issues.
>
> Yes, but: What if some dumb|malicious user|program fills /home ?
> Or a daemon goes crazy and fills /var/log ?
Doesn't the XFS filesystem offer directory quotas?
I fear your concern leads to one partition per user
and one partition per daemon, excepting mail service
which gets many partitions for itself.
Reply to: