on Sun, Nov 30, 2003 at 06:14:26PM -0500, Paul Morgan (paulswm@earthlink.net) wrote:
> Elementary System Administration and Security
> ---------------------------------------------
>
> Lesson #1: Don't mount things not needed for the operation of the system
>
> Lesson #2: Mount things with the minimum permissions necessary for the
> operation of the system.
>
> Lesson #3: don't overcomplicate system administration by unnecessary
> duplication
>
> re. Lesson #1:
> /boot is not needed for the normal operation of the system, and not
> mounting it provides two security benefits:
> - it can't get accidentally or maliciously damaged
The most hazardous user on my systems, in theory and practice, is
generally me. More as a matter of opportunity than malicious intent.
OTOH, I *have* survived an "rm -rf /" (case of an inadvertent inserted
space in an issued command), _without_ system loss, through appropriate
use of mount options.
> re, Lesson #3:
> - An example: I run more than one Linux instance, each with its own /.
> I also have several kernels. If I put /boot on its own filesystem, I
> don't have to duplicate it.
I keep both a standard system, and a maintenance/recover "system2"
installed. /boot seperated makes for slightly easier management of
this.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
"Life," said Marvin, "don't talk to me about life."
-- HHGTG
Attachment:
pgp130MnZK7ee.pgp
Description: PGP signature