On Wed, Mar 12, 2008 at 12:27 AM, Paul Armstrong <opensolaris at otoh.org> wrote: > These should also be strongly considered: > /var/crash > /var/core (a common place to put core files using coreadm)
Using the name "core" as a directory name makes it so that anything with a cwd of /var (or /var/share) cannot do per-process core dumps. I currently configure systems so that they *try* to core dump to /var/cores/core.<some complex string>. Under most circumstances /var/cores does not exist - else it would be easy for users to accidentally fill up the file system in such a way that only the system administrator can fix it. This has the nice side effect that I get a syslog message saying that the system could not write a core file to /var/cores - in other words I get a message indicating that programs are crashing. This shortens the time to answer things like "which system administrator keeps killing processes on my server?" I think, and Sun's best practices agree, that having such a directory for catching all core dumps is problematic because of the space consumption issue. I am happy to have people do it if it brings more value than harm to them, but I don' t think it is right as a default. I agree that /var/crash belongs there. And several other things probably do too. See http://mail.opensolaris.org/pipermail/caiman-discuss/2007-August/000737.html for a somewhat comprehensive list of /var directories that are not controlled by the package database and as such should be considered as to whether you really want a copy that is private to a boot environment. -- Mike Gerdts http://mgerdts.blogspot.com/
