On Wednesday 19 January 2005 17:57, James Wilkinson wrote: >Gene Heskett wrote: >> And I'm down there working on it right now, having put a used 46GB >> WD drive in as /dev/hdb, and the first real problem is that DD >> will not allow me to make a /root partition, claiming it must be a >> directory on /. >> >> With all due respect, thats bullshit. I will NEVER partition a >> drive and put /root as a subdir on /. I don't have such an >> arrangment in place on any linux install I have, won't tolerate >> it. Its senseless to put your most private business as nothing >> more secure than a directory on /. End of discussion IMNSHO. >> What I do as root, is not any of the semi-public /'s business, >> none nada zip. >> >> /dev/hdb1= primary /boot = 100M >> /dev/hdb2= primary /dos = 50M >> /dev/hdb3= primary /root = 4GB But %$#@*& DD won't let me name it >> '/root', I'm gonna have to do it by hand. > >Erm .. sorry. Your justification has lost me. > >Root's home directory should contain very little: it's supposed to > be part of a minimal boot environment. > >This goes back to the days when disks and filesystems were more > fragile than they are now, boot CDs unavailable, and boot floppies > much less useful. The idea is to maximise the chances that you can > at least boot a Unix as far as mounting /, with enough utilities to > fix things. > >So that means you need root's home directory on / (so root can login > and get at his or her settings), along with utilities like fsck, > tar and mknod, so you can actually fix any problems with /usr (or > rebuild it from backup). > >And the root filesystem should be as small as reasonably possible, > to minimise the chances that anything goes wrong with it. > >The justification at >http://www.pathname.com/fhs/pub/fhs-2.3.html#THEROOTFILESYSTEM >(which is the Linux Filesystem Hierarchy Standard that Fedora and > nearly every other Linux basically follow) is a worthwhile read. > >Note that some commercial Unices use "/" as root's home directory. I >find this... untidy, but it does prevent ambiguities when someone > talks about "the root directory" (and you're not sure they're using > much precision). > >If I ask "what sort of 'most private business' needs to be done as >root?" then you'll probably tell me it's most private! But e-mail, >spreadsheets, word-processing, and the rest can and should be done > as normal users. Anything that counts as "business" should be > stored under /home or on another filesystem. > >There's no loss of security, as long as root is trusted. In fact, > you get *more* security, because there are less ways for an > ordinary user to compromise the security of the data. > >(If you do have to keep it under /root: you can always create > another filesystem and mount it there...) > >And "nothing more secure than a directory on /"? As Fedora currently >comes, there is no real difference between having a folder on one >filesystem or on another. While Linux is booted, it will provide the >same protection. While it isn't booted, anyone with physical access > can swipe the drive, or boot a CD, USB key, or floppy and read data > from the hard drive. > >Now it would be possible to merge in some of the patches floating > around to provide an encrypted swap, and have an encrypted > filesystem that you mount at login (entering a password) for > sensitive files. *Then* you'd get security benefits from having > sensitive documents on a different filesystem. > >Just as long as you're prepared for something to break, and that >filesystem not to mount. > >Incidentally, the FHS says, at > >http://www.pathname.com/fhs/pub/fhs-2.3.html#FTN.AEN1037: >> If the home directory of the root account is not stored on the >> root partition it will be necessary to make certain it will >> default to / if it can not be located. > >(Fedora doesn't do this by default...) > >> We recommend against using the root account for tasks that can be >> performed as an unprivileged user, and that it be used solely for >> system administration. For this reason, we recommend that >> subdirectories for mail and other applications not appear in the >> root account's home directory, and that mail for administration >> roles such as root, postmaster, and webmaster be forwarded to an >> appropriate user. > >James. Lets just say that we will have to agree to disagree on this one and let it go at that. I personally have never had just one partition, regardless of its name, fail to mount if the fstab is written correctly. In my case, on this machine, I took advantage of konstruct (or the other way around) and had it install the last kde I built in root. Works just fine for me, and I'm the only user... >-- >E-mail address: james | They say that every cloud has a silver > lining, which @westexe.demon.co.uk | must be a bit alarming for > airline pilots... > > | -- "I'm Sorry, I Haven't A Clue", BBC > | Radio 4 -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.32% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attorneys please note, additions to this message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
