Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 25 Jan 2002 11:35:09 +0100
From:      Brad Knowles <brad.knowles@skynet.be>
To:        "Mike Meyer" <mwm-dated-1012361043.102db0@mired.org>, Brad Knowles <brad.knowles@skynet.be>
Cc:        "Mike Meyer" <mwm-dated-1012342995.0fa084@mired.org>, chip <chip@wiegand.org>, freebsd-chat@freebsd.org
Subject:   Re: Bad disk partitioning policies (was: "Re: FreeBSD Intaller  (was  "Re: ... RedHat ...")")
Message-ID:  <p05101242b876db6cd5d7@[10.0.1.3]>
In-Reply-To: <15440.53202.747536.126815@guru.mired.org>
References:  <20020123114658.A514@lpt.ens.fr> <20020123124025.A60889@HAL9000.wox.org> <3C4F5BEE.294FDCF5@mindspring.com>	<20020123223104.SM01952@there> <p0510122eb875d9456cf4@[10.0.1.3]> <15440.35155.637495.417404@guru.mired.org> <p0510123fb876493753e0@[10.0.1.3]> <15440.53202.747536.126815@guru.mired.org>

next in thread | previous in thread | raw e-mail | index | archive | help
At 9:24 PM -0600 2002/01/24, Mike Meyer wrote:

>  Instead of having one moderate-sized thing that will create havoc on
>  your system if it runs out of space, you now have two smaller things
>  that can separately run out of space and create havoc. In other words,
>  you've just doubled your chances of something creating havoc.

	I disagree.  There is no change in the probability of 
programs running amok, what I have done is to partition the types of 
amok-ness that can happen, and keep /var/tmp-filling amok-ness from 
interfering with programs that may need to write to /var/log, and to 
keep /var/log-filling amok-ness from interfering with programs that 
may need to write to /var/tmp.

	If anything, by putting them on separate filesystems, I think 
I've reduced the probability that the system will be seriously hosed 
if a program runs amok, and if a program does run amok the damage 
will be contained to a smaller portion of the directory structure.

>  Actually, you don't need a separate /usr/local to mount /usr
>  read-only. If you read my description carefully, you'll see that I do
>  that.  All you need is a fixed set of things in /usr/local.

	True enough.  And maybe once you've gotten systems stable 
into production with no further changes planned for a long time, you 
can do that.  In my experience, things frequently change in 
/usr/local on the systems I've managed recently, and while /usr could 
be mounted read-only, it would not have been feasible to mount 
/usr/local as read-only.

>  Tell me, what didn't quit working that putting /var and / on the same
>  fs would have made quit working? Or possibly these were user programs,
>  and were segregated from the system file, which I do believe is a good
>  thing?

	I try to run everything I possibly can as an unprivileged 
user account, preferably in a chroot() jail.  Logging output either 
goes to syslog, or is otherwise directed to a suitable place in the 
logging filesystem.  Either way, the log filesystem filling up will 
only prevent other programs from writing to the log filesystem and 
not interfere with anything else.

-- 
Brad Knowles, <brad.knowles@skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05101242b876db6cd5d7>