From owner-freebsd-questions@FreeBSD.ORG  Tue Aug  1 15:26:42 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9366E16A4EA
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Aug 2006 15:26:42 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4FC4843DBC
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Aug 2006 15:25:52 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [192.168.0.253] (unknown [192.168.0.253])
	by strange.daemonsecurity.com (Postfix) with ESMTP id A75EB2E024;
	Tue,  1 Aug 2006 17:25:51 +0200 (CEST)
Message-ID: <44CF7279.5040504@locolomo.org>
Date: Tue, 01 Aug 2006 17:25:45 +0200
From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org>
Organization: Locolomo.ORG
User-Agent: Thunderbird 1.5.0.4 (X11/20060721)
MIME-Version: 1.0
To: Freminlins <freminlins@gmail.com>
References: <20060801053719.GA6735@fast> <44CEF9EB.3080807@locolomo.org>
	<eeef1a4c0608010518x28f5d82bw416dff78a99a603f@mail.gmail.com>
In-Reply-To: <eeef1a4c0608010518x28f5d82bw416dff78a99a603f@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
	micalg=sha1; boundary="------------ms050307040007090800040206"
Cc: freebsd-questions@freebsd.org, Tyler Spivey <tspivey@pcdesk.net>
Subject: Re: switching from linux to freebsd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2006 15:26:42 -0000

This is a cryptographically signed message in MIME format.

--------------ms050307040007090800040206
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Freminlins wrote:
> On 01/08/06, *Erik Norgaard* <norgaard@locolomo.org
> <mailto:norgaard@locolomo.org>> wrote:
>  
> 
>     you may
>     even want to mount it read-only for security. (I think these are good
>     advises on any system).
> 
> 
> I used to agree with this (specifically the mantra was "mount /usr read
> only") - until I tried to patch anything! Then it's useless.

You usually don't patch up your system everyday. Remount rw do the
patching and remount ro. The problem is more that some 3rd party
applications assume that /usr is writeable. I found the problem more
annoying with / whenever I need to change some system file.

However, most important is to have /tmp on a separate partition. Then
there will only be few writes on /.

> What you end up with is a machine which in which the base install is
> more secure, but all your data isn't. The base install is the one thing
> I know I can get back (i.e. reinstall) in 5 minutes. The data I cannot.

I think it is very valuable to get the system up so I can rescue my
data. Having base system go down along with my data doesn't seem to have
any clear advantages.

Mounting / and/or /usr ro will get your systems up faster and that
seemed to be the issue.

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9

--------------ms050307040007090800040206
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIL5jCC
Be8wggPXoAMCAQICCQCNA1Uf/OBPDDANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCRVMx
GDAWBgNVBAoTD0RhZW1vbiBTZWN1cml0eTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNh
QGRhZW1vbnNlY3VyaXR5LmNvbTEKMAgGA1UEBRMBMDAeFw0wNjA0MjAxMzE2NTBaFw0wNzA0
MjAxMzE2NTBaMGIxCzAJBgNVBAYTAkVTMRUwEwYDVQQKEwxMb2NvTG9tby5PcmcxFjAUBgNV
BAMTDUVyaWsgTm9yZ2FhcmQxJDAiBgkqhkiG9w0BCQEWFW5vcmdhYXJkQGxvY29sb21vLm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPmPk5QnkyvR4ZNS/jYCYEk6/x/
mqSIqM7XXmikYX4AmbS4AbgJg7tY150ti87oYIjH4pnt1ReYWV4P2lDE2w0Db73Fk3TGpYcq
XNUu4uRl8eoMX6Mh5I34tzJc+ZJqXW0pQtzP7JDgPvLddh0roY/ongaqpnrA6dDh0QfEC+ky
z1abx9xmp776RPfRnbzjUht9VGPohiZFLyNfLgw5x4Q5/efDtx3tKDMJP67UnVd1tbclKbOs
+HaqxYXNr1TJ9HIpRpfb4IhBFCvBDiiHUjbGtpi2EXeHuwoQ8cp7mjl6j1BfGaoFHvqzA1GD
+156qJ9waxEvx/0XGudqWJeFTVkCAwEAAaOCAW4wggFqMA8GA1UdEwEB/wQFMAMCAQAwCwYD
VR0PBAQDAgO4MB0GA1UdDgQWBBRpebgs44/nvl3Dw7F0Yrg/nx9puTCBzgYDVR0jBIHGMIHD
gBSOYakm6rz5V4h0qO3QlbBuYT3ipaGBn6SBnDCBmTELMAkGA1UEBhMCRVMxGDAWBgNVBAoT
D0RhZW1vbiBTZWN1cml0eTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYD
VQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNhQGRhZW1vbnNl
Y3VyaXR5LmNvbTEKMAgGA1UEBRMBMIIJAI0DVR/84E8BMCAGA1UdEQQZMBeBFW5vcmdhYXJk
QGxvY29sb21vLm9yZzA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmRhZW1vbnNlY3Vy
aXR5LmNvbS9jYS9kcy5jcmwwDQYJKoZIhvcNAQEFBQADggIBAMefA0DXBeUmPG353ldj4jQP
TKusU49AGPtH0gI0W7gnc8L6NQb7/lzpF1xW3fVOXmDBSQrSzdsmPoUiQBOv8/GTPiJbktbr
eHGPDDi7xTmNgGCh/gv9EECEc0casKs778FMhJxQDIKUrBpdxpxUVHxzR9m2MgCaiOPi0oru
o5ZjdNh4PyfSrYkkMJmp9w7ouulyf7wSOwwyIxZixWHVIo0lJBZCFQqIcCXzmnLUhlUKqMGb
0sOsPh7GITecrfGAM8iBpLuRjGe3yDa8Xx2riflJLjKxqcSg0OIhibS3xkGTgoJhtAJBB21G
CkcnHmLXmnXYZvfE/D4twmSGo3j4D79xFA5xMJU5IwNYT+agU2srRq11eZvtVK3p2sF2rgSK
99cbCHL0K3AhhiF9z+1uLjZO8UgnvB81rQG+Kzn/nvZgQ1bvxKnrtzs3UuKPyAXflNVSiMwO
vUv04tBJcIGrdiav64BTQFBgguY7JWWkrsaTeEMUHXW6aUyGCfngQ2LR6McfDeZZLM0BKXiv
pjozutGTR76khWqSsttSZQoGoNbMRcHodFCZ2RHSsM1rPKINY1w7vTnr8oEVD3D+pY1UrM/o
vDkvS8ypr+gg66pMC0gXl7cReoFNiE118sHKlAEGKNlka3Pga2r+AL6KrjwCZHMwOFDheFoN
k9rxTruKV0O0MIIF7zCCA9egAwIBAgIJAI0DVR/84E8MMA0GCSqGSIb3DQEBBQUAMIGZMQsw
CQYDVQQGEwJFUzEYMBYGA1UEChMPRGFlbW9uIFNlY3VyaXR5MR4wHAYDVQQLExVDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEkMCIGCSqG
SIb3DQEJARYVY2FAZGFlbW9uc2VjdXJpdHkuY29tMQowCAYDVQQFEwEwMB4XDTA2MDQyMDEz
MTY1MFoXDTA3MDQyMDEzMTY1MFowYjELMAkGA1UEBhMCRVMxFTATBgNVBAoTDExvY29Mb21v
Lk9yZzEWMBQGA1UEAxMNRXJpayBOb3JnYWFyZDEkMCIGCSqGSIb3DQEJARYVbm9yZ2FhcmRA
bG9jb2xvbW8ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+Y+TlCeTK9H
hk1L+NgJgSTr/H+apIioztdeaKRhfgCZtLgBuAmDu1jXnS2LzuhgiMfime3VF5hZXg/aUMTb
DQNvvcWTdMalhypc1S7i5GXx6gxfoyHkjfi3Mlz5kmpdbSlC3M/skOA+8t12HSuhj+ieBqqm
esDp0OHRB8QL6TLPVpvH3GanvvpE99GdvONSG31UY+iGJkUvI18uDDnHhDn958O3He0oMwk/
rtSdV3W1tyUps6z4dqrFhc2vVMn0cilGl9vgiEEUK8EOKIdSNsa2mLYRd4e7ChDxynuaOXqP
UF8ZqgUe+rMDUYP7Xnqon3BrES/H/Rca52pYl4VNWQIDAQABo4IBbjCCAWowDwYDVR0TAQH/
BAUwAwIBADALBgNVHQ8EBAMCA7gwHQYDVR0OBBYEFGl5uCzjj+e+XcPDsXRiuD+fH2m5MIHO
BgNVHSMEgcYwgcOAFI5hqSbqvPlXiHSo7dCVsG5hPeKloYGfpIGcMIGZMQswCQYDVQQGEwJF
UzEYMBYGA1UEChMPRGFlbW9uIFNlY3VyaXR5MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJARYV
Y2FAZGFlbW9uc2VjdXJpdHkuY29tMQowCAYDVQQFEwEwggkAjQNVH/zgTwEwIAYDVR0RBBkw
F4EVbm9yZ2FhcmRAbG9jb2xvbW8ub3JnMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly93d3cu
ZGFlbW9uc2VjdXJpdHkuY29tL2NhL2RzLmNybDANBgkqhkiG9w0BAQUFAAOCAgEAx58DQNcF
5SY8bfneV2PiNA9Mq6xTj0AY+0fSAjRbuCdzwvo1Bvv+XOkXXFbd9U5eYMFJCtLN2yY+hSJA
E6/z8ZM+IluS1ut4cY8MOLvFOY2AYKH+C/0QQIRzRxqwqzvvwUyEnFAMgpSsGl3GnFRUfHNH
2bYyAJqI4+LSiu6jlmN02Hg/J9KtiSQwman3Dui66XJ/vBI7DDIjFmLFYdUijSUkFkIVCohw
JfOactSGVQqowZvSw6w+HsYhN5yt8YAzyIGku5GMZ7fINrxfHauJ+UkuMrGpxKDQ4iGJtLfG
QZOCgmG0AkEHbUYKRyceYteaddhm98T8Pi3CZIajePgPv3EUDnEwlTkjA1hP5qBTaytGrXV5
m+1UrenawXauBIr31xsIcvQrcCGGIX3P7W4uNk7xSCe8HzWtAb4rOf+e9mBDVu/Eqeu3OzdS
4o/IBd+U1VKIzA69S/Ti0Elwgat2Jq/rgFNAUGCC5jslZaSuxpN4QxQddbppTIYJ+eBDYtHo
xx8N5lkszQEpeK+mOjO60ZNHvqSFapKy21JlCgag1sxFweh0UJnZEdKwzWs8og1jXDu9Oevy
gRUPcP6ljVSsz+i8OS9LzKmv6CDrqkwLSBeXtxF6gU2ITXXywcqUAQYo2WRrc+Brav4Avoqu
PAJkczA4UOF4Wg2T2vFOu4pXQ7QxggP8MIID+AIBATCBpzCBmTELMAkGA1UEBhMCRVMxGDAW
BgNVBAoTD0RhZW1vbiBTZWN1cml0eTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNhQGRh
ZW1vbnNlY3VyaXR5LmNvbTEKMAgGA1UEBRMBMAIJAI0DVR/84E8MMAkGBSsOAwIaBQCgggIp
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDgwMTE1MjU0
NVowIwYJKoZIhvcNAQkEMRYEFHJ2LstHTgTugAnan8A/GsYntttHMFIGCSqGSIb3DQEJDzFF
MEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIH
MA0GCCqGSIb3DQMCAgEoMIG4BgkrBgEEAYI3EAQxgaowgacwgZkxCzAJBgNVBAYTAkVTMRgw
FgYDVQQKEw9EYWVtb24gU2VjdXJpdHkxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0
eTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQwIgYJKoZIhvcNAQkBFhVjYUBk
YWVtb25zZWN1cml0eS5jb20xCjAIBgNVBAUTATACCQCNA1Uf/OBPDDCBugYLKoZIhvcNAQkQ
AgsxgaqggacwgZkxCzAJBgNVBAYTAkVTMRgwFgYDVQQKEw9EYWVtb24gU2VjdXJpdHkxHjAc
BgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MSQwIgYJKoZIhvcNAQkBFhVjYUBkYWVtb25zZWN1cml0eS5jb20xCjAIBgNVBAUT
ATACCQCNA1Uf/OBPDDANBgkqhkiG9w0BAQEFAASCAQAKLiI9I7RSl8p4ji+n046lB3nw3a2H
gVigieXjTOR+CNM60Q+T4LARKPv0jSVnbQXhcUMm5FXBN6e/EAK+wuMKKtXlt+TS4921Yo9s
QY2nVIZfcYcnDscEW8+EcrKx4iLFwAR2oEaVz6/rHdHuavrFzAhIG+yLCJC4pFQ2Bz8GEP7L
MNUD2LZ9v39tQAKGX3UISb9f8I2vRkRRSzeGlGWuX3QJK1ih3xNWGj9aqx4hBhwy/Odyaprs
T5x/NOSg/U6O7qFHTl9pIxBpDDfOCTr+bBI8Fopiq8Gxerz8ufqbhWlcKVuAjbCFIrBnmV7Z
Xp33asN5MxC6fXzDTe29hz83AAAAAAAA
--------------ms050307040007090800040206--