From owner-freebsd-questions@FreeBSD.ORG Tue Aug 1 15:54:55 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE60A16A4DD for ; Tue, 1 Aug 2006 15:54:55 +0000 (UTC) (envelope-from freminlins@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BE3043D7E for ; Tue, 1 Aug 2006 15:54:51 +0000 (GMT) (envelope-from freminlins@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so310452nfc for ; Tue, 01 Aug 2006 08:54:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=H4D8imtWQfrigToiMSgAbzlyrsyrEvzM51zIhWDk9NreqEIv1I6g+Lce1KrlUa9SmExKEvEuTuUcQTPOiy4FFYRl5k//iZ638MMTQR75l0WuUju2W0vO3KNlsrUF1jbRkbpwG9zKEykVtApsRltngWI4hhW3zSBpM6lFReHrI4g= Received: by 10.49.41.18 with SMTP id t18mr966582nfj; Tue, 01 Aug 2006 08:54:50 -0700 (PDT) Received: by 10.48.208.6 with HTTP; Tue, 1 Aug 2006 08:54:49 -0700 (PDT) Message-ID: Date: Tue, 1 Aug 2006 16:54:49 +0100 From: Freminlins To: "=?ISO-8859-1?Q?Erik_N=F8rgaard?=" In-Reply-To: <44CF7279.5040504@locolomo.org> MIME-Version: 1.0 References: <20060801053719.GA6735@fast> <44CEF9EB.3080807@locolomo.org> <44CF7279.5040504@locolomo.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org, Tyler Spivey Subject: Re: switching from linux to freebsd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2006 15:54:56 -0000 On 01/08/06, Erik N=F8rgaard wrote: You usually don't patch up your system everyday. Remount rw do the > patching and remount ro. The problem is more that some 3rd party > applications assume that /usr is writeable. I found the problem more > annoying with / whenever I need to change some system file. I still disagree. The base OS files which need protecting are already protected sufficiently. If you don't agree with this then simply remounting ro is not sufficient. Only with elevated securelevels would this be useful. Else, anyone who gets root on the box can simply remount rw and do what the= y will. However, most important is to have /tmp on a separate partition. Then > there will only be few writes on /. Except for useful things like installing additional software. That is something I do do regularly. I think it is very valuable to get the system up so I can rescue my > data. Having base system go down along with my data doesn't seem to have > any clear advantages Mounting / and/or /usr ro will get your systems up faster and that > seemed to be the issue. You made the point with reference to security, not system recovery. That is what I am contradicting. Cheers, Erik > Cheers, Frem.