Ben Reser wrote on Wed, Oct 09, 2002 at 12:40:45PM -0700 : > > /usr locally, read-only, which can make things a > > little more secure, you can know that things aren't > > being modified 100 different in /usr that you don't > > know about, and you don't have to back up /usr. > So much for security: > mount -o remout,rw /usr > If they get root access to you box they probably know how to remount a > partition rw.
That only works if your export from the server allows it:
[todd@fiji ~]$ cat /etc/exports
/usr 192.168.3.0/24(ro,root_squash,sync)
What he's asking for seems to be common in some places, but I've never
implemented it myself, mostly due to the fact that so many things seem
to want to write to /usr. Those things that are being written to /usr
seemingly should be written to /var. Then again, there's nothing
preventing us from making those directories be symlinks to someplace in
/var on the local machine. Maybe that's a plausible road to take.
Blue skies... Todd
--
MandrakeSoft USA http://www.mandrakesoft.com
Easy things should be easy, and hard things should be possible.
--Larry Wall
Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.19-16mdk
msg78629/pgp00000.pgp
Description: PGP signature
