Francesco Talamona wrote: > On Saturday 09 May 2009, Dale wrote: > >> I was talking about with just a plain file system. I read in a >> install guide somewhere when I was installing ages ago that having >> /boot on a separate partition, and not always mounted, was a good >> security practice. That way no one could alter the kernel since it >> was not mounted. >> >> I do agree that if a person was on the system and able to get root >> access, they could them mount the /boot partition as well. I never >> was really sure why this was thought to work. I used a separate >> /boot because for a while I was dual booting Mandrake and Gentoo. >> Old habit now I guess. >> > > It's a suggestion for security against user errors; I'm pretty sure it > was there long before genkernel came out, when there > wasn't "automation" in kernel building. > > Furthermore you can use a non journalled filesystem for /boot. > > Ciao > Francesco > >
That's true about the file system. I think it was only recently, as in a couple years or so, that grub could read things like reiserfs and some other file systems. If it can't read it, it can't boot it either. After all, it has to read the config file on /boot for sure. I'm not sure about a user error tho. I always have mine mounted and I don't recall ever making a error. Of course, I always keep a couple extra kernels around just in case. I will most likely hold onto my 2.6.23 for a long while. It has been working REALLY well for me for quite some time now. I don't want to even start on 2.6.29. That could have been a gcc issue but it wasn't any fun. Dale :-) :-)
