Date: Wed, 17 Mar 1999 20:00:17 -0500 (EST) From: "David H. Brierley" <dave@galaxia.com> To: James Wyatt <jwyatt@RWSystems.net> Cc: Fernando Schapachnik <fpscha@ns1.sminter.com.ar>, Dmitry Valdov <dv@dv.ru>, freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: disk quota overriding Message-ID: <Pine.BSF.4.05.9903171951270.297-100000@aurora.galaxia.com> In-Reply-To: <Pine.BSF.4.05.9903171055010.24395-100000@kasie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Mar 1999, James Wyatt wrote:
> Now a small amount of anything multiplied by a large number can amount to
> something. If you have a small root, I can see where you could overwhelm
> it. It will also take longer and longer to ann the links and lookups in
> /tmp will take forever.
On any machine which allows general users to log in, I strongly
recommend making separate file systems for /, /usr, /tmp, and /home,
plus any other areas you expect to grow large. Keeping / and /usr
separate prevents people from playing "ln" tricks to gain root
access. Keeping /tmp separate helps prevent /tmp from breaking
your system when it fills up (note that I say "when" and not "if").
Keeping the users on a separate partition helps keep them under
control because you can do things like mount the partition with
the "nosuid" attribute. The only time I ever create a machine with
a single large partition is when I am creating a dedicated server
machine that will only allow logins from trusted staff members.
--
David H. Brierley
dave@galaxia.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903171951270.297-100000>