On Mon, 2004-02-23 at 06:46, Kiko Piris wrote: > On 23/02/2004 at 00:05, s. keeling wrote: > > This is ridiculous advice and I wish people like you would stop > > offering it. Multiple partitions make the system far more robust and > > usable in many ways, from backing it up through system stability. > > This is just as true for a laptop as it is for servers.
I hope you don't use the "dump" command on a live filesystem ever. This is very unsafe. All the other tools are happy to handle things by directory, so I don't see your problem. If stability were an issue, we'd need to fix that instead of using a gross work-around. > One other advantage in separating partitions is security: you can mount > /boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev, > etc. (http://www.seifried.org/lasg/installation/). Nope. This is Linux, which kicks ass. On your single-partition Linux 2.6 system, do this: mount --bind /home /home mount --bind -o remount,nosuid /home /home In /proc/mounts I now see this: rootfs / rootfs rw 0 0 /dev/root / ext2 rw 0 0 proc /proc proc rw 0 0 devpts /dev/pts devpts rw 0 0 usb /proc/bus/usb usbdevfs rw 0 0 sysfs /sys sysfs rw 0 0 /dev/root /home ext2 rw,nosuid 0 0 Notice that /dev/root is mounted twice. You can't tell, but the second mount is from below the root of the filesystem. In NFS notation, /dev/root:/home is mounted. I can also relocate directories this way and use file-on-file mounts to replace files. > On 23/02/2004 at 00:40, s. keeling wrote: > > /boot and /tmp shouldn't be separate. On that, we can agree. > > /boot and /tmp *should* be separate. Not really. For /boot, you just need to satisfy the boot loader. Share /boot with /bin if you can. For /tmp, you can get a performance advantage by using tmpfs. Doing so would make disk management a bit worse, lead to hidden files under the mount point, and slow down "mv /tmp/foo ~/foo" operations. In nearly all cases, a separate /tmp isn't worth the trouble. > What is a *very big* security gain is to mount *all* partitions *except* > /usr nosuid. **AHEM** mount --bind Problem solved, without the disk management issues.
