Freminlins wrote: > On 01/08/06, *Erik Norgaard* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > you may > even want to mount it read-only for security. (I think these are good > advises on any system). > > > I used to agree with this (specifically the mantra was "mount /usr read > only") - until I tried to patch anything! Then it's useless.
You usually don't patch up your system everyday. Remount rw do the patching and remount ro. The problem is more that some 3rd party applications assume that /usr is writeable. I found the problem more annoying with / whenever I need to change some system file. However, most important is to have /tmp on a separate partition. Then there will only be few writes on /. > What you end up with is a machine which in which the base install is > more secure, but all your data isn't. The base install is the one thing > I know I can get back (i.e. reinstall) in 5 minutes. The data I cannot. I think it is very valuable to get the system up so I can rescue my data. Having base system go down along with my data doesn't seem to have any clear advantages. Mounting / and/or /usr ro will get your systems up faster and that seemed to be the issue. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
smime.p7s
Description: S/MIME Cryptographic Signature
