Am 02.07.2012 19:35, schrieb Bill Davidsen: > Reindl Harald wrote: >> >> >> Am 01.07.2012 19:32, schrieb Joe Zeff: >>> On 07/01/2012 10:23 AM, John Wendel wrote: >>>> Extra security is certainly a plus. My main reason for wanting to run a >>>> read-only root it to avoid wearing out the consumer grade compact flash >>>> card that I'm using as my root device (yes, I'm cheap). >>> >>> I'd suggest, then, using a distro that doesn't update as frequently as >>> Fedora. /sbin is on the root device and >>> you'd need to set it to rw every time one of its programs gets updated. >>> Also, if you're using Fedora, have a >>> separate /boot that's not on that card to make kernel updates easier. >> >> i do it the other direction >> >> /var/cache, /var/lib, /boot, /var/tmp, /var/log and /tmp on own partitions >> or in case of virtual machines even on drives because i can have rootfs as >> small as possible without fearing it gets full >> > What does that buy? If /tmp fills many things stop working even if it is on a > non-root filesystem. And to the > extent that applications and services depend on the other trees you mention > breakage will occur, although far fewer > things will be broken filling anythig other than /tmp
what this does buy? if a disk gets too small it is much easier stp the vm and make the /tmp-drive larger than resize rootfs and if /var/log fills the rootfs nor /tmp are filled if /tmp fills you have a change to see it in any log i am not speaking about workstations here these are server-configurations working fine since many years on some of them there is a larger extra virtual-disk and the list above is BIND-mounted there which has the same effect: less writes to rootfs and a much smaller rootfs
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
