Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)

To: Kiko Piris <debian@pirispons.net>
Cc: debian-powerpc@lists.debian.org
Subject: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
From: Albert Cahalan <albert@users.sf.net>
Date: 23 Feb 2004 07:52:41 -0500
Message-id: <[🔎] 1077540761.8120.147.camel@cube>
In-reply-to: <[🔎] 20040223114653.GA10459@fpirisp.portsdebalears.com>
References: <[🔎] 246D7B7C-64EE-11D8-AFB0-00039392CAFA@smolny.plus.com> <[🔎] 4039A183.1030705@dsdk12.net> <[🔎] 20040223070551.GB27336@infidel.spots.ab.ca> <[🔎] 20040223074046.GA28069@infidel.spots.ab.ca> <[🔎] 20040223114653.GA10459@fpirisp.portsdebalears.com>

On Mon, 2004-02-23 at 06:46, Kiko Piris wrote:
> On 23/02/2004 at 00:05, s. keeling wrote:
> > This is ridiculous advice and I wish people like you would stop
> > offering it.  Multiple partitions make the system far more robust and
> > usable in many ways, from backing it up through system stability.
> > This is just as true for a laptop as it is for servers.

I hope you don't use the "dump" command on a
live filesystem ever. This is very unsafe.
All the other tools are happy to handle things
by directory, so I don't see your problem.

If stability were an issue, we'd need to fix that
instead of using a gross work-around.

> One other advantage in separating partitions is security: you can mount
> /boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev,
> etc. (http://www.seifried.org/lasg/installation/).

Nope. This is Linux, which kicks ass. On your
single-partition Linux 2.6 system, do this:

mount --bind /home /home
mount --bind -o remount,nosuid /home /home

In /proc/mounts I now see this:

rootfs / rootfs rw 0 0
/dev/root / ext2 rw 0 0
proc /proc proc rw 0 0
devpts /dev/pts devpts rw 0 0
usb /proc/bus/usb usbdevfs rw 0 0
sysfs /sys sysfs rw 0 0
/dev/root /home ext2 rw,nosuid 0 0

Notice that /dev/root is mounted twice.
You can't tell, but the second mount is
from below the root of the filesystem.
In NFS notation, /dev/root:/home is mounted.

I can also relocate directories this way
and use file-on-file mounts to replace files.

> On 23/02/2004 at 00:40, s. keeling wrote:
> > /boot and /tmp shouldn't be separate.  On that, we can agree.
> 
> /boot and /tmp *should* be separate.

Not really.

For /boot, you just need to satisfy the boot loader.
Share /boot with /bin if you can.

For /tmp, you can get a performance advantage by
using tmpfs. Doing so would make disk management
a bit worse, lead to hidden files under the mount
point, and slow down "mv /tmp/foo ~/foo" operations.
In nearly all cases, a separate /tmp isn't worth
the trouble.

> What is a *very big* security gain is to mount *all* partitions *except*
> /usr nosuid.

**AHEM**

mount --bind

Problem solved, without the disk management issues.

Reply to:

Follow-Ups:
- Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
  - From: Kiko Piris <debian@pirispons.net>

References:
- Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: sebyte <sebyte@smolny.plus.com>
- Re: Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: Derrik Pates <dpates@dsdk12.net>
- Re: Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: "s. keeling" <keeling@spots.ab.ca>
- [OT] fhs and multiple partitions (was: Installing Debian using ...)
  - From: Kiko Piris <debian@pirispons.net>

Prev by Date: Re: Installing Debian using debian-sarge-netinst.iso (powerpc)
Next by Date: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
Previous by thread: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
Next by thread: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
Index(es):
- Date
- Thread