Hello Darren, Tuesday, April 24, 2007, 3:33:47 PM, you wrote:
DJM> With reference to Lori's blog posting[1] I'd like to throw out a few of DJM> my thoughts on spliting up the namespace. DJM> This is quite timely because only yesterday when I was updating the ZFS DJM> crypto document I was thinking about this. I knew I needed ephemeral DJM> key support for ZVOLs so we could swap on an encrypted ZVOL. However I DJM> chose not to make that option specific to ZVOLs but made it available to DJM> all datasets. The rationale for this was having directories like DJM> /var/tmp as separate encrypted datasets with an ephemeral key. DJM> So yes Lori I completely agree /var should be a separate data set, whats DJM> more I think we can identify certain points of the /var namespace that DJM> should almost always be a separate dataset. DJM> Other than /var/tmp my short list for being separate ZFS datasets are: DJM> /var/crash - because can be big and we might want quotas. I agree - I've been doing this for some time (/ on UFS, rest of a disk on zfs for zones and crash + core file systems with quota set). DJM> /var/core [ which we don't yet have by default but I'm considering DJM> submitting an ARC case for this. ] - as above. Definitely - we're doing this in a jumpstart but frankly it should have been for years by default (even without zfs). DJM> /var/tm Similar to the /var/log rationale. DJM> There are obvious other places that would really benefit but I think DJM> having them as separate datasets really depends on what the machine is DJM> doing. For example /var/apache if you really are a webserver, but then DJM> why not go one better and split out cgi-bin and htdocs into separate DJM> datasets too - that way you have set noexec in htdocs. DJM> I think we have lots of options but it might be nice to come up with a DJM> short list of special/important directories that would should always DJM> recommend be separate datasets - lets not hardcode that into the DJM> installer though (heck we still think /usr/openwin is special !) Definitely. We could scare people with dozen or more file systems mounted after fresh install on their laptop. However some time ago here was a discussion on 'zfs split|merge' functionality. Is it going to happen? If it does then maybe only minimum number of datasets should be created by default (/ /var /opt) and later admin can just 'zfs split root/var/log'? While having lot of datasets is really nice please do not over use it, at least not in a default configs when probably it would introduce more confusion to most users than do any good. I would also consider disabling or changing default config for autofs so local users would go to /home as most people expect by default and then also create /home as separate file system. So my short list is: / /var /opt /home -- Best regards, Robert mailto:[EMAIL PROTECTED] http://milek.blogspot.com _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
