Date: Tue, 26 Feb 2002 15:56:49 -0500 From: Zvezdan Petkovic <zvezdan@CS.WM.EDU> To: security@FreeBSD.ORG Subject: Re: Third /tmp location ? (and maybe a fourth too) Message-ID: <20020226155649.A22293@dali.cs.wm.edu> In-Reply-To: <20020226095708.Y20347-100000@roble.com>; from marquis@roble.com on Tue, Feb 26, 2002 at 10:12:04AM -0800 References: <bulk.56278.20020225090015@hub.freebsd.org> <20020226095708.Y20347-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 26, 2002 at 10:12:04AM -0800, Roger Marquis wrote: > Bill Vermillion <bv@wjv.com> wrote: > > > From: Dag-Erling Smorgrav <des@ofug.org> > > > > > Bill Vermillion <bv@wjv.com> writes: > > > > > Is the /usr/tmp really used for somethink usefull ? > > > > I would think man 7 hier will answer that for you in a hurry. > > > > Yes it really is usefull. > > > > > Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects > > > /usr/tmp has been changed to use /var/tmp instead. > > > > And I set /usr/tmp for many things because there is no reason that > > I can see to have var so big that it will hold large files I may > > have to edit. I put /usr/tmp in almost all my .exrc files > > as too many times I've gotten 'file system full'. > > File system full errors are typically caused by unnecessary > partitioning. You rarely see them on single-partition systems. But on a single-partition systems you can't make /usr read-only and File System Hierarchy Standard is made exactly because of that. Multiple partitions enable a clear distinctions between _shareable_ and _unshareable_ data, as well as between _static_ and _variable_. Consider this example (from FSH standard): +---------+--------------------+-----------------+ | | shareable | unshareable | +---------+--------------------+-----------------+ | static | /usr | /etc | | | /opt | /boot | +---------+--------------------+-----------------+ | variable| /var/mail | /var/run | | | /var/spool/news | /var/lock | +---------+--------------------+-----------------+ In the above example if you use multiple partitions you can: * share /usr across the network * mount /usr read-only * mount /usr from read-only media such as CD-ROM * have to mount /var and / as read-write but if /var/mail is a separate partition you can share it across the network. * /etc, /boot, /var/run and /var/lock must be local to each machine. There are obvious security advantages as well as flexibility in the networked environment that cannot be achieved with a single-partition systems. For the very simple environments though having a single partition makes a lot of sense. There are two schools of thought related to partitioning. Both are right for there respective intentions. Notice that on a read-only /usr one can't make /usr/tmp either. :-) Best regards, -- Zvezdan Petkovic <zvezdan@cs.wm.edu> http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020226155649.A22293>