On Mon, 2003-04-28 at 00:01, Sam Hartman wrote: > 1) Why are people mounting root read-only?
"Frank" (Not his real name) has a machine with a local read-only boot medium and a network connection but no local hard disk. "Jane" finds it nice that her /etc/ hierarchy changes only when she administers her machine, not during normal use, and that /run/ contains information only relevant to the current boot session. This makes it easier for her to make and keep track of her backups. "George" mounts /etc/ read-only because it seems like this ought to increase the security of his system. > 2) When root is read-only, what information is variable > and what information should be immutable? The distinction between variable and non-variable is drawn by the FHS. It was the basis for splitting /var out of /usr. > Why is this a reasonable categorization? It is reasonable to distinguish between variable and non-variable files because the distinction makes it possible to segregate the different sorts of files into different filesystems which may be then be handled differently -- e.g., stored on different sorts of media. > 3) What information needs to go in /var vs /run? Because /var can be an NFS mount, some programs (e.g., networking daemons) necessarily run before /var is available. Those that need to store state in a "run" directory will use /run/. All others must use /var/run/. > I will follow any related changes to policy to the best > of my ability. OK, but we should not wait for policy to change before implementing this. -- Thomas Hood <[EMAIL PROTECTED]>