13 Jul
2004
13 Jul
'04
21:33
John Richard Moser wrote: > I don't see the need for 7 partitions, if you use journaling. The reason for using several partitions is not that they can be checked faster. This is done for increased security through special mount options and to prevent local DoS attacks. But read on. > For /tmp, use a tmpfs: [...] > I use a 2G tmpfs with a 2G swap and 768M physical ram. Which will make it easy to overload your machine if you don't use quotas + a specifically hardened kernel. A local attacker can fill up your 2GB of /tmp, which means your RAM is full and 1.5GB of swap in use. This is going to be _really_ bad for your perfomance (=DoS). This is no concern for your dev-box at home, but for a webserver this is can be a serious issue. > /usr and /usr/local I'd think could be the same; if you break the > system, you have to do a full reinstall anyway to rewrite the binaries > even though you could keep your configuration. I think the point behind putting /usr/local/ on a seperate partition is that you can mount /usr as read only (maybe even mount it from a remote host if you have many boxes!). As most files are located there, yet they hardly ever need to be changed, this is a good idea. Stuff that is specific for this box can then be placed in /usr/local. In addition to using several partitions, /etc, /var, /home and /tmp should be mounted with "nodev" and "nosuid" options. /usr/local should at least have the "nodev" option set nordi