John Summerfield wrote:
>
[]
> Chris Abbey:
> > there are a few chunks of the file space you need to have writable,
> > from memory the list is:
> >
> > /etc
> > /var
> > /tmp (can always be a symlink to /var/tmp)
> > /home (unless you don't have any users... i.e. kiosk machines)
> >
> > beyond that everything *should* be able to be ro, iirc.
> >
> > personally I'd like to get /etc out of that list, mtab is just one place
> > I ran into when I tried this a long time ago.
>
> /etc has lots of stuff particular to the running machine (I discovered
> this when booting 'diskless' workstations), so it can't usefully be shared.
It definitely should _not_ be shared. But it may be mounted readonly.
Reasons for this are trivial -- security. If I run, say, internet
firewall/router machine, I want it to be mounted r/o, so, for example,
/etc/password etc (this files are constant for this config) will be
far more protected. For this (r/o mounting), probably only mtab is
a trouble. All other files seemed to be ok.
(and also initscripts -- them should be hacked a bit for this).
>
> The other reason I see (avoiding hackers) could probably he handled with
> initrd & by creating a small ram disk. It would be read/write, but then it
> would get refreshed after boot.
It is probably unnecessary for this purpose.
> Come to think of it, there's probably no reason mtab can't be a symlink to
> somewhere in /var.
This is an idea! So simply... :)
But the question remains -- is it possible to avoid this file entirely,
since it is already in /proc/mounts, and the last is more accurately,
or at least should be so (it is _actual_ kernel mounts, but mtab
can be edited).
>
> --
> Cheers
> John Summerfield
> http://os2.ami.com.au/os2/ for OS/2 support.
> Configuration, networking, combined IBM ftpsites index.
>
Regards,
Michael.
P.S. Seemed to me that no people from RedHat watched this list...
Can anybody knows some "rules" about it, and it's purposes?
Maybe this sort of things (and some others, like that I post here
this/last week) should come to cartman-list, or something more
"user-friendly" than -devel-list ?
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
