From owner-freebsd-chat Fri Jan 25 2:46:56 2002 Delivered-To: freebsd-chat@freebsd.org Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by hub.freebsd.org (Postfix) with ESMTP id BDC6737B402 for ; Fri, 25 Jan 2002 02:46:51 -0800 (PST) Received: from [10.0.1.3] (ip-27.shub-internet.org [194.78.144.27] (may be forged)) by riker.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.16) with ESMTP id g0PAka529530; Fri, 25 Jan 2002 11:46:36 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <15440.53202.747536.126815@guru.mired.org> References: <20020123114658.A514@lpt.ens.fr> <20020123124025.A60889@HAL9000.wox.org> <3C4F5BEE.294FDCF5@mindspring.com> <20020123223104.SM01952@there> <15440.35155.637495.417404@guru.mired.org> <15440.53202.747536.126815@guru.mired.org> Date: Fri, 25 Jan 2002 11:35:09 +0100 To: "Mike Meyer" , Brad Knowles From: Brad Knowles Subject: Re: Bad disk partitioning policies (was: "Re: FreeBSD Intaller (was "Re: ... RedHat ...")") Cc: "Mike Meyer" , chip , freebsd-chat@freebsd.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 9:24 PM -0600 2002/01/24, Mike Meyer wrote: > Instead of having one moderate-sized thing that will create havoc on > your system if it runs out of space, you now have two smaller things > that can separately run out of space and create havoc. In other words, > you've just doubled your chances of something creating havoc. I disagree. There is no change in the probability of programs running amok, what I have done is to partition the types of amok-ness that can happen, and keep /var/tmp-filling amok-ness from interfering with programs that may need to write to /var/log, and to keep /var/log-filling amok-ness from interfering with programs that may need to write to /var/tmp. If anything, by putting them on separate filesystems, I think I've reduced the probability that the system will be seriously hosed if a program runs amok, and if a program does run amok the damage will be contained to a smaller portion of the directory structure. > Actually, you don't need a separate /usr/local to mount /usr > read-only. If you read my description carefully, you'll see that I do > that. All you need is a fixed set of things in /usr/local. True enough. And maybe once you've gotten systems stable into production with no further changes planned for a long time, you can do that. In my experience, things frequently change in /usr/local on the systems I've managed recently, and while /usr could be mounted read-only, it would not have been feasible to mount /usr/local as read-only. > Tell me, what didn't quit working that putting /var and / on the same > fs would have made quit working? Or possibly these were user programs, > and were segregated from the system file, which I do believe is a good > thing? I try to run everything I possibly can as an unprivileged user account, preferably in a chroot() jail. Logging output either goes to syslog, or is otherwise directed to a suitable place in the logging filesystem. Either way, the log filesystem filling up will only prevent other programs from writing to the log filesystem and not interfere with anything else. -- Brad Knowles, H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7 Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/ uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message