On Sun, Aug 16, 2009 at 6:46 PM, Nick Holland<n...@holland-consulting.net> wrote: > Okai Mood wrote: >> OpenBSD Misc, >> >> I have installed OpenBSD 4.5 and applied the patches that have been >> issued, as per FAQ "10.15 - Applying patches in OpenBSD". My only >> question is, is there anything I need to do to clean up /usr/src after >> the patching and compiling is over? > > nope. Any needed cleanup will be taken care of at the start of the > next build cycle. > (possible exception: the patch files themselves, but I really don't > think they will be big enough to cause you any problems, and leaving > them in place might help remind you what patches have been applied > and which haven't.) > >> Also, is it recommended to keep >> /usr/src on a separate partition? > > Certainly not a bad thing. > > If you look at the default install on a "big" disk for 4.6, you see > the following partitions and how they are mounted: > /dev/wd0a on / type ffs (rw, local) > /dev/wd0k on /home type ffs (rw, local, nodev, nosuid) > /dev/wd0d on /tmp type ffs (rw, local, nodev, nosuid) > /dev/wd0f on /usr type ffs (rw, local, nodev) > /dev/wd0g on /usr/X11R6 type ffs (rw, local, nodev) > /dev/wd0h on /usr/local type ffs (rw, local, nodev) > /dev/wd0j on /usr/obj type ffs (rw, local, nodev, nosuid) > /dev/wd0i on /usr/src type ffs (rw, local, nodev, nosuid) > /dev/wd0e on /var type ffs (rw, local, nodev, nosuid) > > In addition to some logistical benefit, there is a security benefit > here. Only root has write access to anything in most of /usr, with the > exceptions of /usr/src, /usr/obj. Those two directories can, by > default, be written by anyone in the wsrc group. Note that those two > directories are "nosuid", which reduces some of the mischief someone > in the wsrc group could get into. This keeps with the general theme > of, "directories where users can write should be nosuid, nodev, areas > that have to be mounted to permit devices and setuid apps need to be > not writable by non-root users".
Good points. This brings up a question I have meant to ask. Since we are giving "sources" their own mount point, wouldn't it makes sense to have a different name for this mount point (other than /usrc/src) so that both /usr/ports and /usr/xenocara can also reside there? As is, with the layout the installer suggests/offers, you are left with /usr/{ports,xenocara} in the /usr. What I've done on my -current system, I have a /usr/osrc mount point and soft-links for /usr/{ports,src,xenocara} into that mount point. Same with object directories: $ ls -l /usr/{obj,ports,src,xenocara,xobj} lrwxr-xr-x 1 root wheel 9 Jul 4 13:05 /usr/obj -> oobj/obj/ lrwxr-xr-x 1 root wheel 11 Jul 4 13:05 /usr/ports -> osrc/ports/ lrwxr-xr-x 1 root wheel 9 Jul 4 13:04 /usr/src -> osrc/src/ lrwxr-xr-x 1 root wheel 14 Jul 4 13:05 /usr/xenocara -> osrc/xenocara/ lrwxr-xr-x 1 root wheel 10 Jul 4 13:05 /usr/xobj -> oobj/xobj/ The only draw back with this scheme seems to be a daily security warning about /usr/src being a link and having a different gid. I suppose, one could have different mount points for each of the five directories mentioned above, but that could be a bit overkill if the soft-links accomplish the same goal(s). --patrick