On Sun, Nov 14, 2004 at 07:46:43AM -0500, Tim Kelly wrote:
> 
> Actually, that's a really bad idea. / should have only those things
> critical to the OS and should not be in the same partitions that are
> world writeable. 
> 

OK - let's play with this.  Why would this be a really bad idea for a
generic workstation environment?  One where we have a single user that
just wants to get on and do stuff?

> 
> There are specific reasons for the partitioning scheme I proposed.
> 

Indeed.

> / can be isolated and mounted read-only

and then you cannot change a password (for instance).

> /var mounted write only means that log files can't be erased

mmmmm make the logs append only using file flags?

> /home and /root as their own partitions isolate users from root and the
> OS, users can install packages in their own area

Ummmm - pkgsrc?  If you cannot trust your users to behave then, sure, put
/home on it's own partition but it seems hardly appropriate that it be the
default.  /root should be isolated via permissions anyway, why
should it be compartmentalised further?

> /usr mounted read-only limits binary installs later
>

why is it separate from /?
 
> Ats I mentioned, the mounting permissions would be enforced within the
> kernel security level, so a reboot would be necessary to alter the
> permissions. An unexpected reboot tends to get people's attention.
>

And in the case of a - pretty much - single user workstation having to
reboot to change a password or install a package would be considered a joke.
 
> 
> The 8G limit is unrelated to their recommendations for partitioning
> schemes. 

Well sort of - it was used as an excuse for not supporting larger root
partitions for a long time.

> 
> I suggest that using only one partition is
> not normal practices,

I suggest otherwise :)

> 
> Not at all. I'm not sure why you would have this belief. The default
> scheme I propose could be overridden during the installation process.
>

So, why should _your_ scheme be the default?  Why can your scheme be the
one that the user overrides with.

As others have suggested, perhaps templates will solve this - there is
no really right partitioning scheme.

>
> The users that come to NetBSD would be attracted to the ease of security
> that it offers (which is not a strong point of OpenBSD).
>

And that needs to be a balance between security and usability.  Let's face
it, most of the threats for a single user workstation (these are the ones
that are most likely to be set up by inexperienced people) are external
threats.  Having the box secure by default from external threats will go
a long way for no much effort.

> 
> Earlier you argued that forcing users to learn would make them go to
> another OS. The scheme I suggested would require users to learn a few
> steps before they screwed up.
> 

If they are up and using the box then that goes a long way to helping them.
Like I said, doing the reboot-remount rain-dance just to change a password
or install software from pkgsrc is going to annoy people right up front.
That is different to carefully lining up your own foot and blowing a toe
or two off - you know you did something wrong.  Thats the difference.

> 
> So you have systems in which you have multiple users and you use a
> single / combined with /usr partition? If you're going to do this, don't
> you have to override the default partition scheme?
> 

Not in Solaris, in NetBSD I must confess that I cannot recall.  I rarely
actually use sysinst myself, I normally track -current on my machines and
when I upgrade the hardware the old hard disk goes into the new machine,
sometimes for just a short while so I can copy the contents over to a newer
bigger drive (this included doing a transition from i386 to x86_64). 

I just see too many problems and very few advantages to slicing up a big
disk into itty bitty parts.

-- 
Brett Lymn