From owner-freebsd-doc@FreeBSD.ORG  Sat May 31 19:00:32 2003
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 13FF737B401
	for <freebsd-doc@hub.freebsd.org>;
	Sat, 31 May 2003 19:00:32 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D817F43F93
	for <freebsd-doc@hub.freebsd.org>;
	Sat, 31 May 2003 19:00:29 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h5120TUp057736
	for <freebsd-doc@freefall.freebsd.org>;
	Sat, 31 May 2003 19:00:29 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h5120T0A057734;
	Sat, 31 May 2003 19:00:29 -0700 (PDT)
Resent-Date: Sat, 31 May 2003 19:00:29 -0700 (PDT)
Resent-Message-Id: <200306010200.h5120T0A057734@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-doc@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Brian Minard <bminard@flatfoot.ca>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F365537B401
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 31 May 2003 18:54:31 -0700 (PDT)
Received: from gozer.look.ca (gozer.look.ca [207.136.80.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 48D1343F3F
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 31 May 2003 18:54:31 -0700 (PDT)
	(envelope-from bminard@flatfoot.ca)
Received: from on-tor-blr-a58-01-56.look.ca ([216.154.0.56] helo=flatfoot.ca)
	by gozer.look.ca with esmtp (Exim 4.05)
	id 19MI3I-0005OC-00
	for FreeBSD-gnats-submit@freebsd.org; Sun, 01 Jun 2003 01:54:28 +0000
Received: from spud.flatfoot.ca (localhost [127.0.0.1])
	by flatfoot.ca (8.12.9/8.12.9) with ESMTP id h511pdgf001651
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 31 May 2003 21:51:39 -0400 (EDT)
	(envelope-from bminard@spud.flatfoot.ca)
Received: (from bminard@localhost)
	by spud.flatfoot.ca (8.12.9/8.12.9/Submit) id h511p3MG001650;
	Sat, 31 May 2003 21:51:03 -0400 (EDT)
	(envelope-from bminard)
Message-Id: <200306010151.h511p3MG001650@spud.flatfoot.ca>
Date: Sat, 31 May 2003 21:51:03 -0400 (EDT)
From: Brian Minard <bminard@flatfoot.ca>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: docs/52829: [PATCH] Installing FreeBSD: Benefits of multiple
	filesystems
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Brian Minard <bminard@flatfoot.ca>
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2003 02:00:32 -0000


>Number:         52829
>Category:       docs
>Synopsis:       [PATCH] Installing FreeBSD: Benefits of multiple filesystems
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 31 19:00:29 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Brian Minard
>Release:        FreeBSD 4.8-STABLE i386
>Organization:
>Environment:
System: FreeBSD spud.flatfoot.ca 4.8-STABLE FreeBSD 4.8-STABLE #0: Mon May 19 21:28:08 EDT 2003 root@spud.flatfoot.ca:/usr/obj/usr/src/sys/SPUD i386


>Description:
	The installation chapter lists several benefits for creating multiple
	filesystems.  An important consideration which might not be apparent
	to new users until after they complete the installation is that you
	cannot mount user-writable file systems nosuid if you don't put them
	in a separate filesystem.  This is worth emphasizing, as security(7)
	makes this recommendation.
>How-To-Repeat:
	Follow the installation instructions for allocating disk space--they
	are (strongly) biased towards leading users to create /home under /usr.
>Fix:
--- chapter.sgml.orig	Sat May 31 12:30:21 2003
+++ chapter.sgml	Sat May 31 21:43:40 2003
@@ -1747,7 +1747,13 @@
 	  <para>Different filesystems can have different <firstterm>mount
 	      options</firstterm>.  For example, with careful planning, the
 	    root filesystem can be mounted read-only, making it impossible for
-	    you to inadvertently delete or edit a critical file.</para>
+	    you to inadvertently delete or edit a critical file.  As well,
+	    separating the filesystem containing <filename>/home<filename>,
+	    from other filesystems means that user-writable filesystems can be
+	    mounted <firstterm>nosuid</firstterm>.  This will prevent the
+	    <firstterm>suid/guid<firstterm> bits on executables stored in
+	    <filename>/home</filename> from taking effect, possibly improving
+	    security.</para>
 	</listitem>
 
 	<listitem>
>Release-Note:
>Audit-Trail:
>Unformatted: