Quoting Bill Broadley (b...@cse.ucdavis.edu): > [...] I think it's a particularly bad idea to as Karsten's page says > make the basic recommendation for 6 partitions. If you read his page > it looks like he's pretty strong on /boot and swap partitions as well. ^^^^^
This is factually incorrect. As Karsten said, you seem to be imputing rather than reading. [skipping most:] > The flip side is that it requires specialized knowledge (quick, what's > the optimal /var, /usr, /usr/local for a particular distribution? ) > that's often basically unknowable. And yet a trained monkey can do "df -h" on a similar installed system, to guesstimate the target requirement for the system's projected life. > So what use case adds security by using noexec if /tmp is world > readable and mounted with exec? Karsten answered this question, as did I -- and neither of us indulged the overinflated expectations that the phrase "add security" (your phrase) tends to introduce into a conversation. > The page also makes a few mentioned of ro, seems a bit silly. So if > only root can write to /usr, and root can remount rw what are you > protection from? In short: yourself. It's saved me from shooting myself in the foot quite a number of times. Once again, both Karsten and I already addressed this point, so your posing the question yet again seems to be solely polemics. > Sure things like putting /tmp on a ram disk sounds like a great idea, Again this was _not_ among Karsten's recommendations. > > You'd rather provide an explicit and laundry list of directories (that > > must then be maintained), when just adding "-x" (don't cross filesystem > > boundaries) to your rsync command solves that problem entirely? Really? > > Er, yes. Good luck with that. I think my point is self-explanatory. > In any case, by crude partition based backups I meant things like dump > restore vs [...] More straw-man argumentation, as Karsten made no such recommendation. I really will skip the rest. _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech