On Tue, Feb 11, 2003 at 02:48:17PM +1300, Nick Rout wrote:
> Some good things about separate filesystems:
> 1. some can be mounted readonly, giving better security
Not only rdonly, but also noexec, nodev, and nosuid. OpenBSD even
defaults to using these flags for the appropriate mount points, e.g.:
/dev/sd0a on / type ffs (local)
/dev/sd0d on /usr type ffs (local, nodev)
/dev/sd0e on /var type ffs (local, nodev, noexec)
/dev/sd0g on /tmp type ffs (local, nodev, noexec, nosuid)
/dev/sd0h on /home type ffs (local, nodev, nosuid)
Cheers,
-mjg
--
Matthew Gregan |/
/| [EMAIL PROTECTED]
