Date: Tue, 27 Sep 2011 09:39:32 +0000 From: h h <aakuusta@gmail.com> To: Holger Kipp <Holger.Kipp@alogis.com> Cc: Thomas Mueller <mueller6727@bellsouth.net>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: Experiences with FreeBSD 9.0-BETA2 Message-ID: <868vpa5nor.fsf@gmail.com> In-Reply-To: <891DD4D9-7138-4D4B-8108-C0C731694A59@alogis.com> (Holger Kipp's message of "Tue, 27 Sep 2011 09:16:30 %2B0000") References: <201109262035.OAA17199@lariat.net> <20110927085332.A43681065672@hub.freebsd.org> <891DD4D9-7138-4D4B-8108-C0C731694A59@alogis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Holger Kipp <Holger.Kipp@alogis.com> writes: > Am 27.09.2011 um 10:48 schrieb Thomas Mueller: > >>> From Brett Glass <brett@lariat.net>: >> >>> Unfortunately, due to past history, /usr is mixed-use. It normally >>> contains both configuration information -- e.g. /usr/local/etc -- >>> and more volatile data such as users' home directories. This >>> prevents /usr/local/etc, which also contains mission-critical >>> configuration information, from being protected if you just protect >>> /. Some proprietary Unices have fixed this historical flaw in the >>> traditional hierarchy by moving /usr/local/etc to another location >>> and them symlinking it back to where seasoned administrators expect >>> it to be, thus honoring POLA. The three open source, old school >>> BSDs (Free, Net, Open) have not done this to date, but it's >>> something that should be considered in the long run. It would >>> certainly make the creation of embedded systems easier, as well as >>> enhancing security in multi-user systems! >> >> You mean users' home directories are under /usr/home rather than /home? >> >> I believe /home is more traditional, and decidedly my preference: >> good to put on a separate partition so it won't be touched by a >> system upgrade. > > Afaik /home has always been a symlink to /usr/home (unless you created a > separate /home-partition within FreeBSD). So it is up to the admin what > he chooses to do. Interesting, there is no mention of /home in hier(7). I guess it can be anything (without symlink) unlike, say, /compat stuff which needs at least symlink for `emulation tree' to work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?868vpa5nor.fsf>