Date: Thu, 24 Jan 2002 21:24:02 -0600 From: "Mike Meyer" <mwm-dated-1012361043.102db0@mired.org> To: Brad Knowles <brad.knowles@skynet.be> Cc: "Mike Meyer" <mwm-dated-1012342995.0fa084@mired.org>, chip <chip@wiegand.org>, freebsd-chat@freebsd.org Subject: Re: Bad disk partitioning policies (was: "Re: FreeBSD Intaller (was "Re: ... RedHat ...")") Message-ID: <15440.53202.747536.126815@guru.mired.org> In-Reply-To: <p0510123fb876493753e0@[10.0.1.3]> References: <20020123114658.A514@lpt.ens.fr> <20020123124025.A60889@HAL9000.wox.org> <3C4F5BEE.294FDCF5@mindspring.com> <20020123223104.SM01952@there> <p0510122eb875d9456cf4@[10.0.1.3]> <15440.35155.637495.417404@guru.mired.org> <p0510123fb876493753e0@[10.0.1.3]>
next in thread | previous in thread | raw e-mail | index | archive | help
Brad Knowles <brad.knowles@skynet.be> types: > At 4:23 PM -0600 2002/01/24, Mike Meyer wrote: > > So instead of causing a serious DoS by running /usr out of space, you > > cause a serious DoS by running /var out of space. That will shut down > > all the daemons that log to /var/log; anything trying to update things > > in /var/db, which is most of the databases; mail and the printers will > > quit working; and so on. > That's assuming that you don't have a separate /var/tmp > and/or a separate /var/log, which I always do. Moreover, IMO a full > /var is less dangerous than a full everything-but-the-root-filesystem > (including /var, /usr, and everything else). Instead of having one moderate-sized thing that will create havoc on your system if it runs out of space, you now have two smaller things that can separately run out of space and create havoc. In other words, you've just doubled your chances of something creating havoc. > In addition, with separate filesystems available for /var > (and various subdirectories under it), you can now mount them nosuid > and make them much, much less dangerous, and you should be able to > mount /usr read-only (assuming a separate /usr/local), which will > make it more difficult for people/skript k1dd13s/programs to take a > user-level security compromise and turn it into a root-level security > compromise. Actually, you don't need a separate /usr/local to mount /usr read-only. If you read my description carefully, you'll see that I do that. All you need is a fixed set of things in /usr/local. Mounting things with different permissions - or exporting them with different permissions - is a perfectly reasonable reason to put them in different partitions. > > Unless you've got user home directories on /usr, it's relatively > > static. Leaving /var on it just means you get that much more space to > > run out of before things break. > When programs run amok, they run amok fast enough that *no* > amount of disk space is likely to give you enough additional time to > notice what's going on and to fix it. I've blown disk space > partitions that were in the tens of GB as a result of programs > running amok, and if I hadn't segregated them onto separate > filesystems, the entire machine would have been hosed. Tell me, what didn't quit working that putting /var and / on the same fs would have made quit working? Or possibly these were user programs, and were segregated from the system file, which I do believe is a good thing? > > The same thing applies to /. So the > > end result of leaving /, /usr and /var on one file system - so long as > > users home directories aren't on it - is that /var has lots of free > > space. > Why not just put everything on a single filesystem and be > done with it? I mean, if you're going to be silly, we might as well > be really silly. Because, instead of blindly parroting advice that was correct 30 years ago when most Unix systems were large multi-user machines with much more fragile file systems, I actually thought about what I was doing. > No, there are very good reasons why we create separate > partitions for separate parts of the directory tree, and now that we > have individual disk drives that easily measure 100GB or more, there > should be no problem with having too much space in partition A and > not enough in partition B. Yes, there are good reasons to create separate partitions. Trying to protect system processes from other system processes is not one of them. Doing that just creates more things that can run out of space and hose the system. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15440.53202.747536.126815>