on Sun, Nov 30, 2003 at 06:14:26PM -0500, Paul Morgan ([EMAIL PROTECTED]) wrote:
> Elementary System Administration and Security > --------------------------------------------- > > Lesson #1: Don't mount things not needed for the operation of the system > > Lesson #2: Mount things with the minimum permissions necessary for the > operation of the system. > > Lesson #3: don't overcomplicate system administration by unnecessary > duplication > > re. Lesson #1: > /boot is not needed for the normal operation of the system, and not > mounting it provides two security benefits: > - it can't get accidentally or maliciously damaged The most hazardous user on my systems, in theory and practice, is generally me. More as a matter of opportunity than malicious intent. OTOH, I *have* survived an "rm -rf /" (case of an inadvertent inserted space in an issued command), _without_ system loss, through appropriate use of mount options. > re, Lesson #3: > - An example: I run more than one Linux instance, each with its own /. > I also have several kernels. If I put /boot on its own filesystem, I > don't have to duplicate it. I keep both a standard system, and a maintenance/recover "system2" installed. /boot seperated makes for slightly easier management of this. Peace. -- Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? "Life," said Marvin, "don't talk to me about life." -- HHGTG
pgp00000.pgp
Description: PGP signature
