[linux-elitists] mount options frenzy!

Wil Cooley wcooley@nakedape.cc
Thu Mar 29 15:13:37 PST 2001


Thus spake Don Marti:
> If you read Linux documentation or articles, as I think you do, you
> occasionally come across a tip such as "Mount /home nosuid" or "mount
> the web tree noatime" or "mount /usr read-only"
> 
> Well, it's time for the elitists of the world to go through our fstabs
> and say what we're mounting how, so that I can create the Canonical
> Mount Options Chart to educate those less elite than ourselves. 
> 
> Any comments on the usefulness security-wise of making everything except
> / and /usr nosuid,nodev?  And of copious use of noexec?

Hm, I don't use noexec on /home because most of the boxes I herd have
few shell users, and I like to keep scripts and stuff in ~/bin.  I use
'noatime' copiously, although I haven't run any benchmarks to tell whether
or at what point it makes a difference; it hasn't been noticably faster.
You can't use it on /home though because it mucks with mutt.  Or I can't,
at least.  With systems with 2.2 kernels I also use 'nocheck', which
has been removed from 2.4 entirely because, according to either Tso or
Tweedie it's worthless and makes mounting slower.  I've on occasion used
'sync' on large filesystems with valuable data or flaky hardware, but
have since read that it doesn't work that well...

Wil
-- 
W. Reilly Cooley                         wcooley@nakedape.cc
Naked Ape Consulting                      http://nakedape.cc
LNXS: Linux/GNU for servers, networks, and   http://lnxs.org
people who take care of them.  *Now with integrated crypto!*
irc.openprojects.net                                   #lnxs

Mencken and Nathan's Second Law of The Average American:
	All the postmasters in small towns read all the postcards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010329/cc62b603/attachment.pgp 


More information about the linux-elitists mailing list