From owner-freebsd-questions@FreeBSD.ORG Sat Aug 2 04:07:30 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4E6B37B401 for ; Sat, 2 Aug 2003 04:07:30 -0700 (PDT) Received: from ns.pro.sk (proxy.pro.sk [195.80.161.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C6C843F93 for ; Sat, 2 Aug 2003 04:07:28 -0700 (PDT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.11.3/8.11.3) with SMTP id h72B7QE30915 for ; Sat, 2 Aug 2003 13:07:26 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <00c501c358e6$2dcdf2e0$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD Questions" Date: Sat, 2 Aug 2003 13:06:52 +0200 Organization: PRO, s.r.o. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Subject: HDDs dividing rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 11:07:31 -0000 Hi all, please, could you explain for those of us, who are new to Unix, are there some rules for partitioning of HDDs in accordance to security needs ? I know, I can set nosuid+noexec on whole partition (slice ?), I can mount something as read-only... It's everything fine, but what exactly should we do ? Everywhere I looked, I found only words as "make your own choice of partitioning schema" etc., but I think, there must be some rules. And what if I have an HW RAID controller. Are there some difficulties or differences from "normal" dividing ? Tell us, please, something like "Divide your HDD as follows: 1. create slices for /, /home, /etc ...... It's good because.... 2. mount / as RO.............. 3. mount /user as noexec+nosuid..........." I think & hope these rules are well-known, but one must know where to look for.... I also hope, this list could be such kind of brainstorming :-)) One of the best things on Unixes is they are opened. But one of the worst thing on Unixes is they are opened and it is not simple to get very clear information. Sorry for the trying a philosophy here :-)) Best regards and many thanks. Peter Rosa