On Thursday 16 February 2006 20:40, Alexander Skwar wrote: > Hemmann, Volker Armin wrote: > > On Thursday 16 February 2006 17:18, Alexander Skwar wrote: > >> Hemmann, Volker Armin wrote: > >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote: > >> >> Hemmann, Volker Armin wrote: > >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote: > >> >> >> Izar Ilun wrote: > >> > > >> > Why should he make /tmp noexec, > >> > >> Security precaution. > > > > if you have 10+ users with access to the box. But a workstation, without > > even sshd running, it is not needed. > > "needed" - What's "needed", anyway? > > > And hey, why should /tmp noexec save you from anything? > > Because it does.
so? how? how does it save you from anything? Please tell me. With examples. > > If someone is able to break into your box, he can build his tools in > > /home or /var/tmp or somewhere else. No need for /tmp. > > Wrong again. If tmp is the only place somebody can write, then > it might save you (and it DID save my ass more than once now). since /tmp is not the only place where someone can write (/var/tmp anyone?) it won't help you much. > >> Ah. Please explain how you mount /tmp noexec and /usr > >> readonly. > > > > I don't because it is wasted effort. > > Of course it's not. yes it is. > So, how do you do that? I don't want to, because it is pointless. > > > If someone has the right to write to a rw /usr/ partition, > > Why should he have that right? if he has enough rights, that you have to worry about rw /usr, he has enough rights, to circumvent ro mounting by remounting. > > > he has the rights > > to remount a ro /usr as rw > > That's of couse wrong again. no, that is correct. > > > and can go on.. It just makes maintance harder. > > Not really. yes really, you have to remount /usr everytime you update something. > > >> Please also explain, how you seperate data areas (like > >> /var and /usr). > > > > I have /var and /usr? > > That's not the question. yes it is. > > Please answer it. *YOU* are the one saying that a grossly > oversized filesystem offers more flexibility. I do, because they never fill up. But, hey, what are YOU doing, when your box does not boot anymore, because /tmp or /var/tmp are 100% full? > > >> I see. Strange thing is, that about every server and workstation > >> I've seen more or less contradicts what you say. > > > > if you have 20+ users on each of them, and every single one is a little > > cracker in disguisse, it may make sense, but for a single user box? > > Why are you asking? because you are the one starting with 'server' and 'workstations' and the OP never talked about one or the other. > > > > If every partition takes a second, it will be very noticable. > > Hardly. (Notice that I'm not saying "No".) if mounting becomes the major 'hold up' in your booting process, it becomes VERY noticable. > > While what you're saying is true in theory, you're > exaggerating enourmously. And because of that, you're > wrong. no, I am right. I have been there, I have done lots of partitions for all and everything and I did it for a long time. It is just a waste of effort. > >> If you're *SO* low on hard disk space, I'd advice to buy > >> more harddisks. > > > > more harddisks = higher chance that one of them dies. > > Yep. Time to stop those bad backups. You're funny. > More of this, please! 8=) no, it is pure math. More harddisks=bigger chance that one of them dies. And it does not matter how often you are doing backups, there will always be something that gets lost. Plus it takes time to restore. > > > It is simple math. > > *LOL* _You_ should not talk about maths :) you obviously don't understand simple statistics. Sad. Again: if every harddrive has a chance to die in 1:100 000 hours, every disk you add increases the chance that ONE of them dies. That is very simple. Ask your teacher. > > > I haven't seen any good reason for a bazillion small partitions, > > That's of course not what I wrote. BTW: What's a "bazillion"? > More than you can count? More than 5? :) And *YOU* are talking > about maths? a bazillion is just more than needed. And more than needed on a single home computer is anything above 4 for the system (boot, /, /home, swap). > > *G* You are really making me laugh - thanks! > you too. > > that only > > increase your work > > Not really. yes, really, remount this, remount that, check that there is enough space in /var, check that there is enough space in /usr, check this, check that = more work. > > > and have to be monitored constantly (f* /var is full, > > f* /tmp is full f* I have to remount /usr). > > What are you talking about? "constantly"? almost everyday, if you want to be sure, that none of your partitions does not get full. > Well, you know, if "df" is too hard for you - sorry, pal, > tough luck. But you just cannot expect to be taken seriously. you forgot 'cp', 'mv' and, in the worst case 'tar everything up and change partition layout, because /usr became to small' You are the one, who does not understand simple math, I am laughing about you all evening now. And as I said, I know what I am talking about. I did the 'put everything on a dedicated partition', I even put them on different disks (/usr on one, /usr/lib on another for speeding up starting processes), and it hurts more than it gives you in the long run. -- gentoo-user@gentoo.org mailing list
