From owner-freebsd-current  Fri Oct  8  5:51:41 1999
Delivered-To: freebsd-current@freebsd.org
Received: from out1.mx.skynet.be (out1.mx.skynet.be [195.238.2.36])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8F82014C0B; Fri,  8 Oct 1999 05:51:35 -0700 (PDT)
	(envelope-from root@foxbert.skynet.be)
Received: from foxbert.skynet.be (foxbert.skynet.be [195.238.1.45])
	by out1.mx.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id OAA17267;
	Fri, 8 Oct 1999 14:51:36 +0200 (MET DST)
Received: (from root@localhost)
	by foxbert.skynet.be (8.9.1/jovi-pop-2.1) id OAA09291;
	Fri, 8 Oct 1999 14:51:33 +0200 (MET DST)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v04205504b423884a4694@[195.238.21.204]>
In-Reply-To: <19991007152132.F68920@dragon.nuxi.com>
References: <Pine.BSF.4.05.9910051831180.6368-100000@fw.wintelcom.net>
 <v04205500b420d230e6ff@[195.238.21.204]>
 <19991007152132.F68920@dragon.nuxi.com>
Date: Fri, 8 Oct 1999 13:42:44 +0200
To: obrien@FreeBSD.ORG
From: Brad Knowles <blk@skynet.be>
Subject: Re: make install trick
Cc: freebsd-current@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 3:21 PM -0700 1999/10/7, David O'Brien wrote:

>               HP and SGI workstations have a single huge /.  Why do you
> need /usr seperate from / when you aren't diskless (or /usr'less)?

	If you've done your job right, it can be mounted read-only.  This 
makes it harder for someone to break into the machine and obtain root 
access, because now they have to be root to unmount /usr and remount 
it read-write, so that they can put their trojan script on there that 
they're hoping you'll execute.

	I've admin'ed my share of HP and SGI machines in the past, and 
I've never used the standard partition configuration, just like I 
don't use the standard partition configuration for Solaris.  IMO, 
none of them are right, and they're wrong for the wrong reasons.


	You're right that this is a somewhat religious issue, however, if 
you're going to run a huge root filesystem, then you are more likely 
to get what you deserve if /usr or one of the other directories on 
the root filesystem get trashed or fill up.

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message