From owner-freebsd-security Wed Mar 17 17: 1:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from aurora.galaxia.com (trantor.galaxia.com [209.213.94.97]) by hub.freebsd.org (Postfix) with ESMTP id D20C9152A6; Wed, 17 Mar 1999 17:01:33 -0800 (PST) (envelope-from dave@galaxia.com) Received: from localhost (dave@localhost) by aurora.galaxia.com (8.8.8/8.8.7) with ESMTP id UAA11484; Wed, 17 Mar 1999 20:00:17 -0500 (EST) (envelope-from dave@galaxia.com) Date: Wed, 17 Mar 1999 20:00:17 -0500 (EST) From: "David H. Brierley" To: James Wyatt Cc: Fernando Schapachnik , Dmitry Valdov , freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: disk quota overriding In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 Mar 1999, James Wyatt wrote: > Now a small amount of anything multiplied by a large number can amount to > something. If you have a small root, I can see where you could overwhelm > it. It will also take longer and longer to ann the links and lookups in > /tmp will take forever. On any machine which allows general users to log in, I strongly recommend making separate file systems for /, /usr, /tmp, and /home, plus any other areas you expect to grow large. Keeping / and /usr separate prevents people from playing "ln" tricks to gain root access. Keeping /tmp separate helps prevent /tmp from breaking your system when it fills up (note that I say "when" and not "if"). Keeping the users on a separate partition helps keep them under control because you can do things like mount the partition with the "nosuid" attribute. The only time I ever create a machine with a single large partition is when I am creating a dedicated server machine that will only allow logins from trusted staff members. -- David H. Brierley dave@galaxia.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message