[linux-elitists] mount options frenzy!
Thu Mar 29 15:13:37 PST 2001
Thus spake Don Marti:
> If you read Linux documentation or articles, as I think you do, you
> occasionally come across a tip such as "Mount /home nosuid" or "mount
> the web tree noatime" or "mount /usr read-only"
> Well, it's time for the elitists of the world to go through our fstabs
> and say what we're mounting how, so that I can create the Canonical
> Mount Options Chart to educate those less elite than ourselves.
> Any comments on the usefulness security-wise of making everything except
> / and /usr nosuid,nodev? And of copious use of noexec?
Hm, I don't use noexec on /home because most of the boxes I herd have
few shell users, and I like to keep scripts and stuff in ~/bin. I use
'noatime' copiously, although I haven't run any benchmarks to tell whether
or at what point it makes a difference; it hasn't been noticably faster.
You can't use it on /home though because it mucks with mutt. Or I can't,
at least. With systems with 2.2 kernels I also use 'nocheck', which
has been removed from 2.4 entirely because, according to either Tso or
Tweedie it's worthless and makes mounting slower. I've on occasion used
'sync' on large filesystems with valuable data or flaky hardware, but
have since read that it doesn't work that well...
W. Reilly Cooley firstname.lastname@example.org
Naked Ape Consulting http://nakedape.cc
LNXS: Linux/GNU for servers, networks, and http://lnxs.org
people who take care of them. *Now with integrated crypto!*
Mencken and Nathan's Second Law of The Average American:
All the postmasters in small towns read all the postcards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010329/cc62b603/attachment.pgp
More information about the linux-elitists