Gene Heskett wrote: > And I'm down there working on it right now, having put a used 46GB WD > drive in as /dev/hdb, and the first real problem is that DD will not > allow me to make a /root partition, claiming it must be a directory > on /. > > With all due respect, thats bullshit. I will NEVER partition a drive > and put /root as a subdir on /. I don't have such an arrangment in > place on any linux install I have, won't tolerate it. Its senseless > to put your most private business as nothing more secure than a > directory on /. End of discussion IMNSHO. What I do as root, is not > any of the semi-public /'s business, none nada zip. > > /dev/hdb1= primary /boot = 100M > /dev/hdb2= primary /dos = 50M > /dev/hdb3= primary /root = 4GB But %$#@*& DD won't let me name it > '/root', I'm gonna have to do it by hand. Erm .. sorry. Your justification has lost me. Root's home directory should contain very little: it's supposed to be part of a minimal boot environment. This goes back to the days when disks and filesystems were more fragile than they are now, boot CDs unavailable, and boot floppies much less useful. The idea is to maximise the chances that you can at least boot a Unix as far as mounting /, with enough utilities to fix things. So that means you need root's home directory on / (so root can login and get at his or her settings), along with utilities like fsck, tar and mknod, so you can actually fix any problems with /usr (or rebuild it from backup). And the root filesystem should be as small as reasonably possible, to minimise the chances that anything goes wrong with it. The justification at http://www.pathname.com/fhs/pub/fhs-2.3.html#THEROOTFILESYSTEM (which is the Linux Filesystem Hierarchy Standard that Fedora and nearly every other Linux basically follow) is a worthwhile read. Note that some commercial Unices use "/" as root's home directory. I find this... untidy, but it does prevent ambiguities when someone talks about "the root directory" (and you're not sure they're using much precision). If I ask "what sort of 'most private business' needs to be done as root?" then you'll probably tell me it's most private! But e-mail, spreadsheets, word-processing, and the rest can and should be done as normal users. Anything that counts as "business" should be stored under /home or on another filesystem. There's no loss of security, as long as root is trusted. In fact, you get *more* security, because there are less ways for an ordinary user to compromise the security of the data. (If you do have to keep it under /root: you can always create another filesystem and mount it there...) And "nothing more secure than a directory on /"? As Fedora currently comes, there is no real difference between having a folder on one filesystem or on another. While Linux is booted, it will provide the same protection. While it isn't booted, anyone with physical access can swipe the drive, or boot a CD, USB key, or floppy and read data from the hard drive. Now it would be possible to merge in some of the patches floating around to provide an encrypted swap, and have an encrypted filesystem that you mount at login (entering a password) for sensitive files. *Then* you'd get security benefits from having sensitive documents on a different filesystem. Just as long as you're prepared for something to break, and that filesystem not to mount. Incidentally, the FHS says, at http://www.pathname.com/fhs/pub/fhs-2.3.html#FTN.AEN1037: > If the home directory of the root account is not stored on the root > partition it will be necessary to make certain it will default to / if > it can not be located. (Fedora doesn't do this by default...) > We recommend against using the root account for tasks that can be > performed as an unprivileged user, and that it be used solely for > system administration. For this reason, we recommend that > subdirectories for mail and other applications not appear in the root > account's home directory, and that mail for administration roles such > as root, postmaster, and webmaster be forwarded to an appropriate > user. James. -- E-mail address: james | They say that every cloud has a silver lining, which @westexe.demon.co.uk | must be a bit alarming for airline pilots... | -- "I'm Sorry, I Haven't A Clue", BBC Radio 4
