Subject: Re: Separate /usr, etc...
To: Chuck Yerkes <>
From: Greg 'groggy' Lehey <>
List: current-users
Date: 12/17/2002 11:40:46
On Monday, 16 December 2002 at 14:43:36 -0800, Chuck Yerkes wrote:
> I've offered this on the embsd list and the soekris-tech list
> before.
> Quoting Peter Seebach (
>> I am toying with my old Compaq network appliance again, and I'm thinking of
>> trying to build a "complete" installation which lives on a single CF card.
>> How important is it that /usr be a separate filesystem?  I'm a bit strapped
>> for space (I want X installed locally).  I can always give up and go back
>> to a netboot kernel, but I think it'd be awfully neat if I could make
>> everything run locally.
> I'm a very strong advocate of making /usr separate because I
> mount it read-only.  In fact, except for root, if it's got
> a binary on it, it's RO.  If it's got data, it's mounted
> noexec, nosuid, nodev.  Several reasons.  And I've built machines
> where the binaries are on disks PINNED read-only (trojan that!).

OK, so if root is RO and /usr is RO, what's the necessity for making
them separate file systems?

> But we're talking Compact Flash.
> My soekris boxes have 1 large partition.  Mounted read-only.
> I have a /mfs partition that's mounted, er, mfs.  It gets filled,
> on boot, with an rsync from /mfs.PROTO/.
> Then I have symlinks.
>   /var/run  -> /mfs/var/run
>   /tmp      -> /mfs/tmp
>   /var/tmp  -> /mfs/var/tmp
>   /etc/resolv.conf -> /mfs/etc/resolve.conf  (one is a DHCP client)
> and so on.

Right, that was what I was trying to say earlier, but I missed the
point about mfs.

Finger for PGP public key
See complete headers for address and phone numbers