On 23/02/2004 at 00:05, s. keeling wrote: > This is ridiculous advice and I wish people like you would stop > offering it. Multiple partitions make the system far more robust and > usable in many ways, from backing it up through system stability. > This is just as true for a laptop as it is for servers.
Completely agree. > The single partition way is simpler to install; that's its only saving > grace. Multiple partitions make it far less fragile. Well, that's not 100% true. Having all the system in a single root partition makes easier not only installing, but also hd space management: imagine you save 3 GB for /usr and you install more packages than you initially thougt and run out of free space. Solving this problem is a pain in the ass. I mean: you have to choose *very* carefully your partition sizes (unless you have plenty of hd). One other advantage in separating partitions is security: you can mount /boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev, etc. (http://www.seifried.org/lasg/installation/). On 23/02/2004 at 00:40, s. keeling wrote: > /boot and /tmp shouldn't be separate. On that, we can agree. /boot and /tmp *should* be separate. On 23/02/2004 at 09:24, Klaus Ita wrote: > and then tmp should definitely have a noexec tag and not share the > same as /boot (ro). /tmp in debian cannot be noexec (at least so it was last time I checked). IIRC, package management system extracts things and runs them there. What is a *very big* security gain is to mount *all* partitions *except* /usr nosuid. -- Kiko
