Sorry if I provided too little information. I thought about partitions as a manner of security, like separate partition for log-files, separate partition for web-server document root and mail-spool, etc. I just wanted to collect some ideas to ensure that i don't overlook something when I set up the partitions.
Nikolai
Another hint, following the other postings: Change the mount options for your partitions to the bare minimum needed. /usr doesn't contain devices, but if it does anyway, nodev inhibits the interpretation of a device file. / doesn't need to be writeable for users if you have a seperate /var filesystem (you needn't have a directory writeable for users). Make sure that you remove /tmp and create a link /tmp -> var/tmp. (It would be advisory to create /var/tmp on the root filesystem as well!) On some machines, where I can't symlink /tmp, I have / mounted nosuid. This requires that the path contains /usr/bin before /bin, and that all needed suid binaries from /bin have an equivalent in /usr (copied, not moved!). This is how it can look like: /dev/sda2 on / type ext2 (rw,nosuid) /dev/sda3 on /var type ext2 (rw,nosuid,nodev,usrquota) /dev/sdb1 on /usr type ext2 (rw,nodev) /dev/sdc1 on /home type ext2 (rw,nosuid,nodev,noatime,usrquota) /dev/sda1 on /boot type ext2 (rw) "noatime" has performance reasons. Be careful with that, it might break things (Currently, I don't know of any...). Roman. -- _ _ | Roman Drahtmüller "The best way to pay for a | CC University of Freiburg lovely moment is to enjoy it." | email: draht@uni-freiburg.de - Richard Bach | - -