Tim wrote:
> Are there any known, current, problems with mounting certain things as
> read-only or noexec to minimise harm? Such as making /tmp and /home
> noexec? Or /usr read-only? Or any other suggestions?
I've got /tmp mounted nodev,noexec (and should probably mount /var the
same way).
A read-only /usr sounds like more trouble than it's worth: it *will*
break yum updates. So you'll have to regularly remount it read-write
(while the system's on-line) to update the machine.
James.
--
E-mail address: james | "In these troubled times, it's always refreshing to
@westexe.demon.co.uk | see a major company concentrating on vital issues.
| It would be even more refreshing if Compaq tried it
| for once." -- The Inquirer
