On Sat, Sep 09, 2000 at 01:16:19PM +1100, CaT wrote: > > For my system: > > [13:09:22] root@nessie:/root>> find /var -perm +o+w -mount > [13:09:26] root@nessie:/root>> > > I've not had problems. :) you have removed /var/lock? and i presume made /var/tmp its own partition. > Still, why does /var/lib/texmf/* need to be publically writeable? design flaws in tetex. see the BTS for a long discussion about it. its not trivial to fix unfortunatly. > That's a package I don't have installed. most people do since its priority standard. > > if your worried about users messing with /var put quotas on /var. > > If that's the only solution then yes, but why do we need global > write access to /var in the first place? /var/lock i am not sure about, i don't usually see anything in there, though right now i see a -rw-r--r-- 1 root root 11 Sep 8 18:10 LCK..ttyS0 which belongs to pppd, but it runs as root. /var/lock is cleaned on boot. > > more headaches for /tmp cleaners and it does not solve any of the > > above problems. to solve the above problems enforce quotas on /var > > Well it does... Logging will go on etc. As for /tmp cleaners, somehting > like tmpwatch is a good start, but it'd be nice if it had an exclusion > list to the global timeout. It'd make it much more useful. :) like this (from /etc/cron.daily/tmpreaper): # ! Important ! Please read the manual regarding the --protect option. # The pattern *MUST* be surrounded by single quotes. nice -n10 tmpreaper --mtime-dir --symlinks 7d \ --protect '/tmp/.X*-{lock,unix,unix/*}' \ --protect '/tmp/.ICE-{unix,unix/*}' \ --protect '/tmp/.iroha_{unix,unix/*}' \ --protect '/tmp/.ki2-{unix,unix/*}' \ --protect '/tmp/.font-unix' \ --protect '/tmp/lost+found' \ --protect '/tmp/quota.user' \ --protect '/tmp/quota.group' \ /tmp still i don't think its good to overload /tmp with this kind of garbage more then necessary or that list could get rediculous. FHS may answer some of these questions too. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp3QoZztasZZ.pgp
Description: PGP signature