On Saturday 31 July 2010 04:37:27 Boyd Stephen Smith Jr. wrote: > For a multi-user system, all user-writable locations should be separate > file systems from "system" file systems. At the least, /var/tmp, /tmp, > and /home should be separate file systems. /dev/shm may be user writable, > but in modern system /dev is already a tmpfs file system, so no worries. > This is mainly to prevent users of filling up system disks and making > trouble for the administrator. In the past, the also prevent a specific > type of hardlink attack, but dpkg now prevents that attack independent of > file system layout. If you run a daemon that allows users to store data > which is put in /var, it should also be separate. Here's the o+wt directories on my laptop. These are good candidates for separating: /var/lib/php5 /var/log/postgresql /var/lock /var/tmp /var/spool/cron/crontabs /var/spool/cron/atjobs /var/spool/cron/atspool /var/spool/cups/tmp /var/spool/cups-pdf/ANONYMOUS /usr/share/ppd/custom /dev/shm /tmp -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.