On Sun, 14 Nov 2004 22:22:57 +1030
Brett Lymn <blymn@baesystems.com.au> wrote:

> ok - and just as an ambit claim, I believe that /usr should be added
> in there.  For most machines I can see little point in going past
> having two partitions: / and swap. 

Actually, that's a really bad idea. / should have only those things
critical to the OS and should not be in the same partitions that are
world writeable. 

> I don't like it, no sir I don't think I do.  After suffering the pain
> of having to totally repartition machines during an upgrade quite a
> few times, lots of little partitions for no real purpose just fills me
> with apprehension.  People claim it is "more secure" but the arguments
> are not really convincing.

There are specific reasons for the partitioning scheme I proposed.

/ can be isolated and mounted read-only
/var mounted write only means that log files can't be erased
/home and /root as their own partitions isolate users from root and the
OS, users can install packages in their own area
/usr mounted read-only limits binary installs later

Ats I mentioned, the mounting permissions would be enforced within the
kernel security level, so a reboot would be necessary to alter the
permissions. An unexpected reboot tends to get people's attention.

> > 
> > These do reflect some influence by OpenBSD, although not
> > exclusively.
> >
> 
> not necessarily a good model to follow, they did not have much choice
> other than partition up because their bootloader did not support
> bigger than 8Gig root partitions until recently.

The 8G limit is unrelated to their recommendations for partitioning
schemes. Their installer does not offer any partitioning schemes.

> > They may also be consistent with general practices.
> >
> 
> No, not really.  Certainly the default install from Sun these days is
> for one partition and swap.

So far I haven't heard from anyone using a BSD install that uses the
above scheme. I only used it because I was doing a quickie install that
I needed to swap some disks. I suggest that using only one partition is
not normal practices, or else the PR I pointed out would have been fixed
by now. The current default partition scheme of 32M /, swap, and /usr
will not build -current userland.

> > 
> > The read/write
> > only permissions should be set in the default installation and the
> > user should be required to learn about kernel security levels in
> > order to make changes, even to install packages in /usr, 
> >
> 
> No, that is entirely the wrong attitude to take - forcing people to
> learn something will make them reach for fedora core 3, to me it seems
> like you are proposing a puzzle to check if someone is worthy of
> running NetBSD, that will turn people off big time.

Not at all. I'm not sure why you would have this belief. The default
scheme I propose could be overridden during the installation process.
The user can do anything they want to the /home and /root partitions.
The users that come to NetBSD would be attracted to the ease of security
that it offers (which is not a strong point of OpenBSD). There's no
evidence that Linux is particularly secure.

> What is wrong with seriously screwing up the installation?  Screwing
> things up can help you learn things (like the value of backups...) and
> it is hardly likely that the machine will be of any consequence if you
> have access to it unsupervised if you don't have the appropriate level
> of experience.  Trying to be ingenious and prevent screwups just
> breeds more ingenious screwer-uppers.

Earlier you argued that forcing users to learn would make them go to
another OS. The scheme I suggested would require users to learn a few
steps before they screwed up.

> Lots of people may just complain about making it harder to use NetBSD
> which is what you are proposing, you would not be able to add a user
> without a remount rain-dance, or change a password (or are you going
> to put that in/var... what happens if that gets blown away?).  How
> many times do you think that will happen before / just gets mounted
> rw?

So you have systems in which you have multiple users and you use a
single / combined with /usr partition? If you're going to do this, don't
you have to override the default partition scheme?

tim