From owner-freebsd-chat Thu Jan 24 19:24:17 2002 Delivered-To: freebsd-chat@freebsd.org Received: from guru.mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 69E1B37B417 for ; Thu, 24 Jan 2002 19:24:10 -0800 (PST) Received: (qmail 40221 invoked by uid 100); 25 Jan 2002 03:24:03 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15440.53202.747536.126815@guru.mired.org> Date: Thu, 24 Jan 2002 21:24:02 -0600 To: Brad Knowles Cc: "Mike Meyer" , chip , freebsd-chat@freebsd.org Subject: Re: Bad disk partitioning policies (was: "Re: FreeBSD Intaller (was "Re: ... RedHat ...")") In-Reply-To: References: <20020123114658.A514@lpt.ens.fr> <20020123124025.A60889@HAL9000.wox.org> <3C4F5BEE.294FDCF5@mindspring.com> <20020123223104.SM01952@there> <15440.35155.637495.417404@guru.mired.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: "Mike Meyer" X-Delivery-Agent: TMDA/0.44 (Python 2.2; freebsd-4.4-STABLE-i386) Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brad Knowles types: > At 4:23 PM -0600 2002/01/24, Mike Meyer wrote: > > So instead of causing a serious DoS by running /usr out of space, you > > cause a serious DoS by running /var out of space. That will shut down > > all the daemons that log to /var/log; anything trying to update things > > in /var/db, which is most of the databases; mail and the printers will > > quit working; and so on. > That's assuming that you don't have a separate /var/tmp > and/or a separate /var/log, which I always do. Moreover, IMO a full > /var is less dangerous than a full everything-but-the-root-filesystem > (including /var, /usr, and everything else). Instead of having one moderate-sized thing that will create havoc on your system if it runs out of space, you now have two smaller things that can separately run out of space and create havoc. In other words, you've just doubled your chances of something creating havoc. > In addition, with separate filesystems available for /var > (and various subdirectories under it), you can now mount them nosuid > and make them much, much less dangerous, and you should be able to > mount /usr read-only (assuming a separate /usr/local), which will > make it more difficult for people/skript k1dd13s/programs to take a > user-level security compromise and turn it into a root-level security > compromise. Actually, you don't need a separate /usr/local to mount /usr read-only. If you read my description carefully, you'll see that I do that. All you need is a fixed set of things in /usr/local. Mounting things with different permissions - or exporting them with different permissions - is a perfectly reasonable reason to put them in different partitions. > > Unless you've got user home directories on /usr, it's relatively > > static. Leaving /var on it just means you get that much more space to > > run out of before things break. > When programs run amok, they run amok fast enough that *no* > amount of disk space is likely to give you enough additional time to > notice what's going on and to fix it. I've blown disk space > partitions that were in the tens of GB as a result of programs > running amok, and if I hadn't segregated them onto separate > filesystems, the entire machine would have been hosed. Tell me, what didn't quit working that putting /var and / on the same fs would have made quit working? Or possibly these were user programs, and were segregated from the system file, which I do believe is a good thing? > > The same thing applies to /. So the > > end result of leaving /, /usr and /var on one file system - so long as > > users home directories aren't on it - is that /var has lots of free > > space. > Why not just put everything on a single filesystem and be > done with it? I mean, if you're going to be silly, we might as well > be really silly. Because, instead of blindly parroting advice that was correct 30 years ago when most Unix systems were large multi-user machines with much more fragile file systems, I actually thought about what I was doing. > No, there are very good reasons why we create separate > partitions for separate parts of the directory tree, and now that we > have individual disk drives that easily measure 100GB or more, there > should be no problem with having too much space in partition A and > not enough in partition B. Yes, there are good reasons to create separate partitions. Trying to protect system processes from other system processes is not one of them. Doing that just creates more things that can run out of space and hose the system. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message