Subject: Re: Separate /usr, etc...
To: None <firstname.lastname@example.org>
From: Chuck Yerkes <email@example.com>
Date: 12/16/2002 17:29:54
Quoting Greg 'groggy' Lehey (firstname.lastname@example.org):
> On Monday, 16 December 2002 at 14:43:36 -0800, Chuck Yerkes wrote:
> > I've offered this on the embsd list and the soekris-tech list
> > before.
> > Quoting Peter Seebach (email@example.com):
> >> I am toying with my old Compaq network appliance again, and I'm thinking of
> >> trying to build a "complete" installation which lives on a single CF card.
> >> How important is it that /usr be a separate filesystem? I'm a bit strapped
> >> for space (I want X installed locally). I can always give up and go back
> >> to a netboot kernel, but I think it'd be awfully neat if I could make
> >> everything run locally.
> > I'm a very strong advocate of making /usr separate because I
> > mount it read-only. In fact, except for root, if it's got
> > a binary on it, it's RO. If it's got data, it's mounted
> > noexec, nosuid, nodev. Several reasons. And I've built machines
> > where the binaries are on disks PINNED read-only (trojan that!).
> OK, so if root is RO and /usr is RO, what's the necessity for making
> them separate file systems?
Because generally (ie, non embedded systems) root wants to be
read/write. As does /var and /home. And, for me, /JAIL/www/data/.
Why a separate root in general?
1) "Whoops, was I in /usr/lib/ when I typed 'rm l*'?"
Seems that "cd /hom/echuck/tmp/" failed and I typed the rm before
More realistically, it meant that the junior system admin
(or tired sr) has to take an action before making /usr/ rw.
Or that hack to the FooDaemon that lets me overwrite /usr/bin/vi.
2) /var/ MUST be read write (recall: we're not talking cf appliance
machines). Nothing like having logs or lots of mail take up
that last disk space on root.
3) Avoidance of some mistakes with /.
I make / generally 50MB and leave it like that. Room for a couple
kernels and this and that, but not so much that I don't notice
where there are some core files or, once, backups going to /dev/rts0
(a file rather than the intended device: rst0 - seems a client's
backups were going to an overwritten file for a month or two from
that - root at 75% on install means you notice that fast).
Well, in systems used by groups of people (ie. not at home), /usr
and /usr/local (oft the same) grow and this gets replaced and someone
needs that and put it in and, oh where did the space go?
/usr can have a bunch of extra space, have multiple versions of
X in it, I don't care. But mistakes in / need to be obvious.
There's no joy in finding: / is now at 100%.
40GB root scare me and lead people to really sloppy system admin.