From owner-freebsd-security Tue Feb 26 12:56:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id F1E8E37B402 for ; Tue, 26 Feb 2002 12:56:50 -0800 (PST) Received: from dali.cs.wm.edu (dali [128.239.26.26]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id g1QKum821144 for ; Tue, 26 Feb 2002 15:56:48 -0500 (EST) Received: (from zvezdan@localhost) by dali.cs.wm.edu (8.11.6/8.9.1) id g1QKunR22399 for security@FreeBSD.ORG; Tue, 26 Feb 2002 15:56:49 -0500 Date: Tue, 26 Feb 2002 15:56:49 -0500 From: Zvezdan Petkovic To: security@FreeBSD.ORG Subject: Re: Third /tmp location ? (and maybe a fourth too) Message-ID: <20020226155649.A22293@dali.cs.wm.edu> Mail-Followup-To: security@FreeBSD.ORG References: <20020226095708.Y20347-100000@roble.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020226095708.Y20347-100000@roble.com>; from marquis@roble.com on Tue, Feb 26, 2002 at 10:12:04AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Feb 26, 2002 at 10:12:04AM -0800, Roger Marquis wrote: > Bill Vermillion wrote: > > > From: Dag-Erling Smorgrav > > > > > Bill Vermillion writes: > > > > > Is the /usr/tmp really used for somethink usefull ? > > > > I would think man 7 hier will answer that for you in a hurry. > > > > Yes it really is usefull. > > > > > Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects > > > /usr/tmp has been changed to use /var/tmp instead. > > > > And I set /usr/tmp for many things because there is no reason that > > I can see to have var so big that it will hold large files I may > > have to edit. I put /usr/tmp in almost all my .exrc files > > as too many times I've gotten 'file system full'. > > File system full errors are typically caused by unnecessary > partitioning. You rarely see them on single-partition systems. But on a single-partition systems you can't make /usr read-only and File System Hierarchy Standard is made exactly because of that. Multiple partitions enable a clear distinctions between _shareable_ and _unshareable_ data, as well as between _static_ and _variable_. Consider this example (from FSH standard): +---------+--------------------+-----------------+ | | shareable | unshareable | +---------+--------------------+-----------------+ | static | /usr | /etc | | | /opt | /boot | +---------+--------------------+-----------------+ | variable| /var/mail | /var/run | | | /var/spool/news | /var/lock | +---------+--------------------+-----------------+ In the above example if you use multiple partitions you can: * share /usr across the network * mount /usr read-only * mount /usr from read-only media such as CD-ROM * have to mount /var and / as read-write but if /var/mail is a separate partition you can share it across the network. * /etc, /boot, /var/run and /var/lock must be local to each machine. There are obvious security advantages as well as flexibility in the networked environment that cannot be achieved with a single-partition systems. For the very simple environments though having a single partition makes a lot of sense. There are two schools of thought related to partitioning. Both are right for there respective intentions. Notice that on a read-only /usr one can't make /usr/tmp either. :-) Best regards, -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message