Re: /boot at beginning of drive
On 2006-04-17 17:18, David J Brooks [EMAIL PROTECTED] wrote: http://users.rcn.com/rneswold/fbsd-init.html#AEN258 I stand corrected. I can still envision problems if tmp files use enough space to prevent a memory swap. Running out of swap space is not healthy. That's why swap-backed /tmp filesystems have a `size'. To make sure they can't exceed it :) If, knowing all this, you still plan for a very small swap space, then you are right that problems will start creeping up very fast. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: /boot at beginning of drive
On 2006-04-17 06:21, Brendan Grossman wrote: Beech Rintoul [mailto:[EMAIL PROTECTED] wrote: On Sunday 16 April 2006 12:38, Brendan Grossman wrote: It's not a good idea to put everything on the / filesystem. At a minimum I would have: / swap /var /usr Your users will not fill up /var unless you allow them unlimited mail, databases or access to root. They will have unlimited access up until their quota has been reached. Where they use that quota is anyone's guess. User's tempfiles will go to /usr/tmp. How does that work? I just checked /tmp, and it's not a symlink. Copy the contents of /tmp to /usr/tmp then remove /tmp and symlink /usr/tmp to /tmp. Yes, may I ask what the point is though? Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 You should also take a look at the following rc.conf options then: tmpmfs=AUTO # Set to YES to always create an mfs /tmp, NO to never tmpsize=20m # Size of mfs /tmp if created tmpmfs_flags=-S -M# Extra mdmfs options for the mfs /tmp If you have enough swap space, there's no need to worry too much about making a separate /tmp partition. Just set: tmpmfs=YES tmpsize=100m tmpmfs_flags=-S -M -o noexec,nosuid Note the -o option in `tmpmfs_flags'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Mon, Apr 17, 2006 at 01:43:49PM +0300, Giorgos Keramidas wrote: You should also take a look at the following rc.conf options then: tmpmfs=AUTO # Set to YES to always create an mfs /tmp, NO to never tmpsize=20m # Size of mfs /tmp if created tmpmfs_flags=-S -M# Extra mdmfs options for the mfs /tmp If you have enough swap space, there's no need to worry too much about making a separate /tmp partition. Just set: tmpmfs=YES tmpsize=100m tmpmfs_flags=-S -M -o noexec,nosuid Note the -o option in `tmpmfs_flags'. I hav something like this in my /etc/fstab: md/tmp mfs rw,-s64m 2 0 Is the above similar and the more modern way? Greetings -- Karsten Rothemund [EMAIL PROTECTED] /\ PGP-Key: 0x7019CAA5 \ / Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign 50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News pgpQHg71dKjou.pgp Description: PGP signature
RE: /boot at beginning of drive
Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap4gb /var4gb /usr4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql and /tmp on swap Any possible issues with this? Cheers Brendan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Monday 17 April 2006 16:29, Brendan Grossman wrote: Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap 4gb /var 4gb /usr 4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql and /tmp on swap Any possible issues with this? I think it unlikely that mounting /tmp on the swap partition will work, because swap isn't a filesystem in the usual sense of the word. David -- Sure God created the world in only six days, but He didn't have an established user-base. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: /boot at beginning of drive
Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap4gb /var4gb /usr4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql and /tmp on swap Any possible issues with this? I think it unlikely that mounting /tmp on the swap partition will work, because swap isn't a filesystem in the usual sense of the word. http://users.rcn.com/rneswold/fbsd-init.html#AEN258 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap 4gb /var 4gb /usr 4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql and /tmp on swap Any possible issues with this? That is just fine, except I would make a small partition for /tmp maybe 512 MB rather than trying to do the /tmp on swap thing. It will be easier to work with if some problem comes up and you want to go fishing around. jerry Cheers Brendan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Monday 17 April 2006 16:59, Brendan Grossman wrote: Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap 4gb /var 4gb /usr 4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql and /tmp on swap Any possible issues with this? I think it unlikely that mounting /tmp on the swap partition will work, because swap isn't a filesystem in the usual sense of the word. http://users.rcn.com/rneswold/fbsd-init.html#AEN258 I stand corrected. I can still envision problems if tmp files use enough space to prevent a memory swap. Running out of swap space is not healthy. David -- Sure God created the world in only six days, but He didn't have an established user-base. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Monday 17 April 2006 13:59, Brendan Grossman wrote: Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap 4gb /var 4gb /usr 4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql You can safely leave /home as part of the /usr filesystem i.e. it will be /usr/home. That will gain you 4gb overall. I usually only define /home if I'm using a separate drive or network filesystem. If you're going to symlink mysql you probibly don't need 4GB in var. My webserver is running @500MB on /var with 10 databases. 1 or 2GB will be plenty. and /tmp on swap Any possible issues with this? I think it unlikely that mounting /tmp on the swap partition will work, because swap isn't a filesystem in the usual sense of the word. http://users.rcn.com/rneswold/fbsd-init.html#AEN258 -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Mangohealth \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - XanGo - http://www.mangohealth.org --- pgpuiRI8l1I2p.pgp Description: PGP signature
RE: /boot at beginning of drive
Date: Mon, 17 Apr 2006 06:21:55 +0930 From: Brendan Grossman [EMAIL PROTECTED] Subject: RE: /boot at beginning of drive To: freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Where they use that quota is anyone's guess. User's tempfiles will go to /usr/tmp. How does that work? I just checked /tmp, and it's not a symlink. Copy the contents of /tmp to /usr/tmp then remove /tmp and symlink /usr/tmp to /tmp. Yes, may I ask what the point is though? Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 Please pardon my question out of ignorance, but isn't nosuid redundant when the part. is already noexec? When else does the setuid bit come into play except on executable files? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: /boot at beginning of drive
Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap4gb /var4gb /usr4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql You can safely leave /home as part of the /usr filesystem i.e. it will be /usr/home. That will gain you 4gb overall. I usually only define /home if I'm using a separate drive or network filesystem. If you're going to symlink mysql you probibly don't need 4GB in var. My webserver is running @500MB on /var with 10 databases. 1 or 2GB will be plenty. Hmm is there much point then in having /var separate? I have 300 users that need 200mb max space each. That's 60gb of user data if maxed out. The data will generally be in /var/db/mysql and /home Now if I was to have a 2gb /var, if it gets filled up by say half the users' databases, then there's half left whom will be unable to create databases since /var is full. That's why I want to put all if not most user data on one partition. If I put /home on /usr, I might as well just do the following and save any headaches... / 500mb swap4gb /usrremainder Then /home - /usr/home And /var - /usr/var ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Monday 17 April 2006 14:38, Brendan Grossman wrote: Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap 4gb /var 4gb /usr 4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql You can safely leave /home as part of the /usr filesystem i.e. it will be /usr/home. That will gain you 4gb overall. I usually only define /home if I'm using a separate drive or network filesystem. If you're going to symlink mysql you probibly don't need 4GB in var. My webserver is running @500MB on /var with 10 databases. 1 or 2GB will be plenty. Hmm is there much point then in having /var separate? I have 300 users that need 200mb max space each. That's 60gb of user data if maxed out. The data will generally be in /var/db/mysql and /home Now if I was to have a 2gb /var, if it gets filled up by say half the users' databases, then there's half left whom will be unable to create databases since /var is full. That's why I want to put all if not most user data on one partition. If I put /home on /usr, I might as well just do the following and save any headaches... / 500mb swap 4gb /usr remainder Then /home - /usr/home And /var - /usr/var You could do that but, the main reason to separate /var is because it contains package databases, log files, password and group backup, etc... critical for a system restore. If you have to pull those files out of /usr it could make for a very long restore not to mention the headaches of securing it from your regular users. Without mysql, var is not a big slice and well worth the diskspace and added security. Building a system without the basic /, /var and /usr is not an advantage unless you have a very diskspace limited situation, which you don't. Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Mangohealth \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - XanGo - http://www.mangohealth.org --- pgpEzNfws8ga1.pgp Description: PGP signature
RE: /boot at beginning of drive
On Monday 17 April 2006 14:38, Brendan Grossman wrote: Databases are stored in /var/db for security reasons Just curious... What are the security reasons? After some thought, here's what I'm planning on doing... Disk is 73gb scsi... / 500mb swap4gb /var4gb /usr4gb /home remainder (about 60gb) then /var/db/mysql - /home/mysql You can safely leave /home as part of the /usr filesystem i.e. it will be /usr/home. That will gain you 4gb overall. I usually only define /home if I'm using a separate drive or network filesystem. If you're going to symlink mysql you probibly don't need 4GB in var. My webserver is running @500MB on /var with 10 databases. 1 or 2GB will be plenty. Hmm is there much point then in having /var separate? I have 300 users that need 200mb max space each. That's 60gb of user data if maxed out. The data will generally be in /var/db/mysql and /home Now if I was to have a 2gb /var, if it gets filled up by say half the users' databases, then there's half left whom will be unable to create databases since /var is full. That's why I want to put all if not most user data on one partition. If I put /home on /usr, I might as well just do the following and save any headaches... / 500mb swap4gb /usrremainder Then /home - /usr/home And /var - /usr/var You could do that but, the main reason to separate /var is because it contains package databases, log files, password and group backup, etc... critical for a system restore. If you have to pull those files out of /usr it could make for a very long restore not to mention the headaches of securing it from your regular users. Without mysql, var is not a big slice and well worth the diskspace and added security. Building a system without the basic /, /var and /usr is not an advantage unless you have a very diskspace limited situation, which you don't. Hmm, I might as well go with my original plan then? The only different to what you propose, is mysql being on /home, which with my situation, I think is an advantage. Or unless I do this... / 500mb swap4gb /var4gb /usrremainder /home - /usr/home /var/lib/mysql - /usr/mysql Something like this? How is having /var on a separate partition more secure than having it in /usr ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
At 12:40 PM 4/16/2006, Brendan Grossman wrote: Hello I'm trying to install FreeBSD with the following partition scheme... /boot 100mb (50mb too small? Install fails with filesystem full error) swap 1gb /tmp 100mb / remainder However after I install and boot, it says it can't find /boot/kernel/kernel The version is 6.0. Am I missing sometihng obvious? Does it need to mount / first? If so, how? /boot has to be in the / file system. There's a rather lengthy thread about this a few months back if you search the archives. -Glenn Cheers Brendan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: /boot at beginning of drive
-Original Message- From: Glenn Dawson [mailto:[EMAIL PROTECTED] Sent: Monday, 17 April 2006 5:16 AM To: Brendan Grossman; freebsd-questions@freebsd.org Subject: Re: /boot at beginning of drive /boot has to be in the / file system. There's a rather lengthy thread about this a few months back if you search the archives. Think I found it... http://lists.freebsd.org/mailman/htdig/freebsd-questions/2005-July/092614.ht ml That's not good then. I'm setting up a system with many users, who will need access to /var and their /home. They will have quotas, so data in /var + data in /home must be less than their quota. Obviously it's not a good idea to create separate /var and /home partitions as for example, if say /var filled up, the user won't be able to write to it, even though they are allowed to since their quota hasn't been reached. Hmmm... Does /boot have to be in the first 1024 cylinders still? I could adjust my scheme as such: swap 1gb /tmp 500mb (mounted noexec,nosuid) / remainder Will this cause any dramas? Cheers Brendan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Sunday 16 April 2006 11:59, Brendan Grossman wrote: -Original Message- From: Glenn Dawson [mailto:[EMAIL PROTECTED] Sent: Monday, 17 April 2006 5:16 AM To: Brendan Grossman; freebsd-questions@freebsd.org Subject: Re: /boot at beginning of drive /boot has to be in the / file system. There's a rather lengthy thread about this a few months back if you search the archives. Think I found it... http://lists.freebsd.org/mailman/htdig/freebsd-questions/2005-July/092614.h t ml That's not good then. I'm setting up a system with many users, who will need access to /var and their /home. They will have quotas, so data in /var + data in /home must be less than their quota. Obviously it's not a good idea to create separate /var and /home partitions as for example, if say /var filled up, the user won't be able to write to it, even though they are allowed to since their quota hasn't been reached. Hmmm... Does /boot have to be in the first 1024 cylinders still? I could adjust my scheme as such: swap 1gb /tmp 500mb (mounted noexec,nosuid) / remainder It's not a good idea to put everything on the / filesystem. At a minimum I would have: / swap /var /usr Your users will not fill up /var unless you allow them unlimited mail, databases or access to root. User's tempfiles will go to /usr/tmp. On a system with many users, you should consider a /home slice with quotas on that and your mailserver set to deliver mail to the users file. Remember not everyone is going to max out their filesystem so quotas can be set to reasonable values. There are many good reasons to separate those filesystems, disk performance and crashdumps being just two. Having many users is NOT a good reason to combine filesystems. You need to rethink your diskspace or add another drive for /home or /usr. The handbook has a good section on this. Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Mangohealth \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - XanGo - http://www.mangohealth.org --- pgpSnO0Ddb3Dq.pgp Description: PGP signature
RE: /boot at beginning of drive
It's not a good idea to put everything on the / filesystem. At a minimum I would have: / swap /var /usr Your users will not fill up /var unless you allow them unlimited mail, databases or access to root. They will have unlimited access up until their quota has been reached. Where they use that quota is anyone's guess. User's tempfiles will go to /usr/tmp. How does that work? I just checked /tmp, and it's not a symlink. On a system with many users, you should consider a /home slice with quotas on that and your mailserver set to deliver mail to the users file. Remember not everyone is going to max out their filesystem so quotas can be set to reasonable values. There are many good reasons to separate those filesystems, disk performance and crashdumps being just two. Having many users is NOT a good reason to combine filesystems. You need to rethink your diskspace or add another drive for /home or /usr. The handbook has a good section on this. I agree that it's not a great idea, but considering the software I'm using, user files are stored in /var and /home. I don't know what percentage of quotas users will use for emails, databases, or home dirs, and I don't want to take a guess. If say they were to use a lot of their quota for databases, then down the track I don't want to have the problem with /var full but users still under their quota. By the way just did an install, and it boots fine with the swap, /tmp, / structure. Cheers Brendan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Sunday 16 April 2006 12:38, Brendan Grossman wrote: It's not a good idea to put everything on the / filesystem. At a minimum I would have: / swap /var /usr Your users will not fill up /var unless you allow them unlimited mail, databases or access to root. They will have unlimited access up until their quota has been reached. Where they use that quota is anyone's guess. User's tempfiles will go to /usr/tmp. How does that work? I just checked /tmp, and it's not a symlink. Copy the contents of /tmp to /usr/tmp then remove /tmp and symlink /usr/tmp to /tmp. On a system with many users, you should consider a /home slice with quotas on that and your mailserver set to deliver mail to the users file. Remember not everyone is going to max out their filesystem so quotas can be set to reasonable values. There are many good reasons to separate those filesystems, disk performance and crashdumps being just two. Having many users is NOT a good reason to combine filesystems. You need to rethink your diskspace or add another drive for /home or /usr. The handbook has a good section on this. I agree that it's not a great idea, but considering the software I'm using, user files are stored in /var and /home. I don't know what percentage of quotas users will use for emails, databases, or home dirs, and I don't want to take a guess. If say they were to use a lot of their quota for databases, then down the track I don't want to have the problem with /var full but users still under their quota. By the way just did an install, and it boots fine with the swap, /tmp, / structure. Cheers Brendan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Mangohealth \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - XanGo - http://www.mangohealth.org --- pgpBocgwSgvEK.pgp Description: PGP signature
RE: /boot at beginning of drive
-Original Message- From: Beech Rintoul [mailto:[EMAIL PROTECTED] Sent: Monday, 17 April 2006 6:19 AM To: freebsd-questions@freebsd.org Cc: Brendan Grossman Subject: Re: /boot at beginning of drive On Sunday 16 April 2006 12:38, Brendan Grossman wrote: It's not a good idea to put everything on the / filesystem. At a minimum I would have: / swap /var /usr Your users will not fill up /var unless you allow them unlimited mail, databases or access to root. They will have unlimited access up until their quota has been reached. Where they use that quota is anyone's guess. User's tempfiles will go to /usr/tmp. How does that work? I just checked /tmp, and it's not a symlink. Copy the contents of /tmp to /usr/tmp then remove /tmp and symlink /usr/tmp to /tmp. Yes, may I ask what the point is though? Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Sunday 16 April 2006 21:38, Brendan Grossman wrote: I agree that it's not a great idea, but considering the software I'm using, user files are stored in /var and /home. I don't know what percentage of quotas users will use for emails, databases, or home dirs, and I don't want to take a guess. If say they were to use a lot of their quota for databases, then down the track I don't want to have the problem with /var full but users still under their quota. By the way just did an install, and it boots fine with the swap, /tmp, / structure. The default is to put most of the space under /usr and symlink /home to /usr/home. There's no reason why you can't extend this, and if you really must, put and /var and /tmp under /usr too. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Sunday 16 April 2006 12:51, Brendan Grossman wrote: -Original Message- From: Beech Rintoul [mailto:[EMAIL PROTECTED] Sent: Monday, 17 April 2006 6:19 AM To: freebsd-questions@freebsd.org Cc: Brendan Grossman Subject: Re: /boot at beginning of drive On Sunday 16 April 2006 12:38, Brendan Grossman wrote: It's not a good idea to put everything on the / filesystem. At a minimum I would have: / swap /var /usr Your users will not fill up /var unless you allow them unlimited mail, databases or access to root. They will have unlimited access up until their quota has been reached. Where they use that quota is anyone's guess. User's tempfiles will go to /usr/tmp. How does that work? I just checked /tmp, and it's not a symlink. Copy the contents of /tmp to /usr/tmp then remove /tmp and symlink /usr/tmp to /tmp. Yes, may I ask what the point is though? Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 Having a separate /tmp slice is not a bad idea, combining /, /usr, and /var is unless you're doing a very minimal install. Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Mangohealth \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - XanGo - http://www.mangohealth.org --- pgpDHxI1ZkyoC.pgp Description: PGP signature
Re: /boot at beginning of drive
On Sunday 16 April 2006 21:51, Brendan Grossman wrote: -Original Message- From: Beech Rintoul [mailto:[EMAIL PROTECTED] Sent: Monday, 17 April 2006 6:19 AM To: freebsd-questions@freebsd.org Cc: Brendan Grossman Subject: Re: /boot at beginning of drive On Sunday 16 April 2006 12:38, Brendan Grossman wrote: It's not a good idea to put everything on the / filesystem. At a minimum I would have: / swap /var /usr Your users will not fill up /var unless you allow them unlimited mail, databases or access to root. They will have unlimited access up until their quota has been reached. Where they use that quota is anyone's guess. User's tempfiles will go to /usr/tmp. How does that work? I just checked /tmp, and it's not a symlink. Copy the contents of /tmp to /usr/tmp then remove /tmp and symlink /usr/tmp to /tmp. Yes, may I ask what the point is though? Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 Then have it as a separate partition, this has no relevance to your situation at all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
Brendan Grossman wrote: Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 Quoth mount(8): noexec Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. Note: This option was not designed as a security feature and no guarantee is made that it will prevent malicious code execution; for example, it is still possible to execute scripts which reside on a noexec mounted partition. Mounting /tmp as noexec causes perfectly good code to gratuitously fail, while providing no real security improvement. Colin Percival FreeBSD Security Officer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: /boot at beginning of drive
Having a separate /tmp slice is not a bad idea, combining /, /usr, and /var is unless you're doing a very minimal install. I can separate /usr, but my goal is to combine /home and /var, or at least where mail and databases are stored, for reasons already mentioned. I suppose I could do this... / 5gb swap4gb /tmp1gb /usr70gb Then /home - /usr/home, /var - /usr/var Or create a 60gb partition and call it /users Then /var/mail - /users/mail, /var/dbdir - /users/dbdir The drive is 80gb (effectively 74ish), and 60gb of it must be for users (using either /var or /home) I suppose it is a bit better. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Sunday 16 April 2006 22:30, Brendan Grossman wrote: Having a separate /tmp slice is not a bad idea, combining /, /usr, and /var is unless you're doing a very minimal install. I can separate /usr, but my goal is to combine /home and /var, or at least where mail and databases are stored, for reasons already mentioned. I suppose I could do this... / 5gb That's far too big, my / has 166MB on it, including a substantial amount of cruft. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Sunday 16 April 2006 14:19, Colin Percival wrote: Brendan Grossman wrote: Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 Quoth mount(8): noexec Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. Note: This option was not designed as a security feature and no guarantee is made that it will prevent malicious code execution; for example, it is still possible to execute scripts which reside on a noexec mounted partition. Mounting /tmp as noexec causes perfectly good code to gratuitously fail, while providing no real security improvement. Including weird system or port update failures. Kent -- Kent Stewart Richland, WA http://www.soyandina.com/ I am Andean project. http://users.owt.com/kstewart/index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
On Sunday 16 April 2006 13:30, Brendan Grossman wrote: Having a separate /tmp slice is not a bad idea, combining /, /usr, and /var is unless you're doing a very minimal install. I can separate /usr, but my goal is to combine /home and /var, or at least where mail and databases are stored, for reasons already mentioned. I suppose I could do this... / 5gb swap 4gb /tmp 1gb /usr 70gb Then /home - /usr/home, /var - /usr/var Or create a 60gb partition and call it /users Then /var/mail - /users/mail, /var/dbdir - /users/dbdir The drive is 80gb (effectively 74ish), and 60gb of it must be for users (using either /var or /home) I suppose it is a bit better. If /home is symlinked to /usr/home, then use a MTA that will deliver mail to /home/user/mail. Databases are stored in /var/db for security reasons, but there's no reason you can't configure whatever db you're using to store database files in /usr. The reason for having a separate /var partition is in the event of a filesystem crash or you get hacked it's much easier to restore important files. The same holds true for /etc (which is part of /). Doing a restore of /usr just to get the system going again could take quite a while and trying to restore to non-standard locations is guaranteed to give you some grief. While there is no standard filesystem layout on *nix systems, the recommended layout is tried and true and will be much easier to troubleshoot without having to translate help documents to your custom setup. Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Mangohealth \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - XanGo - http://www.mangohealth.org --- pgpcH3ONtHJgQ.pgp Description: PGP signature
