On 23/02/2004 at 07:52, Albert Cahalan wrote: > If stability were an issue, we'd need to fix that > instead of using a gross work-around.
Yes, you're right. > Nope. This is Linux, which kicks ass. On your > single-partition Linux 2.6 system, do this: > > mount --bind /home /home > mount --bind -o remount,nosuid /home /home Oh!, nice thing. I discovered mount -bind some days ago and I didn't realize this utility. Very nice!. However, some of the servers I admin run 2.4 (and I do not plan to move them to 2.6, so...). > > What is a *very big* security gain is to mount *all* partitions *except* > > /usr nosuid. > > **AHEM** > > mount --bind You're right (with 2.6) :-) > Problem solved, without the disk management issues. Yes, but: What if some dumb|malicious user|program fills /home ? Or a daemon goes crazy and fills /var/log ? IMHO, having separate partitions for system and data is mandatory in any decently administered OS. Anyway, I feel more comfortable having my system split in half a dozen partitons than a single huge one. Given that a 40 Gb hard disk lets me partition them generously. That "feeling" is due to having had some "freights" when I used reiserfs (losing /home due to fs corruption is a bad thing, losing the entire system is worse). Anyway; I generally agree with you, just wanted to comment some points. Thanks. -- Kiko
