on Wed, Nov 05, 2003 at 09:30:37AM +0100, Andreas Janssen (andreas.janssen@bigfoot.com) wrote: > Hello > > Chema (<chema.news.gmane@zarco.cjb.net>) wrote: > > > But there is also another view that I have not seen mentioned: in > > serious servers, you can also "freeze" the most static parts of your > > system, namely /bin, /sbin and /usr. This means mounting them > > read-only. > > That sounds like you want to put /bin and /sbin on it's own partition. > How exactly are you going to do that, if even the mount command itself > is in /bin? By keeping local copies in the /bin directory on the / > partition? Or do you mount / ro (which is also somehow problematic > because some files there are regularly written to, for example mtab)? There's been a periodic discussion of this issue in d-d. Note specifically: bootable CDROM distributions solve this problem by a number of means. One is to use a RAM filesystem for root, another is to use an immutable root but symlink /etc and parts of /dev elsewhere. The problem is addressable, but not entirely cleanly. Working implementations exist. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Geek for hire: http://kmself.home.netcom.com/resume.html
Attachment:
signature.asc
Description: Digital signature