[linux-elitists] mount options frenzy!
Karsten M. Self
Fri Mar 30 15:07:51 PST 2001
on Fri, Mar 30, 2001 at 01:03:08PM -0800, Heather (email@example.com) wrote:
> > Any comments on the usefulness security-wise of making everything except
> > / and /usr nosuid,nodev? And of copious use of noexec?
> > Here's a start...
> > / defaults (ick...can we do better?)
> You can make a fairly small slash readonly if you symlink /etc/mtab to
> the instance in proc, and mount up other volumes for var, usr, tmp, home.
I found that linking mtab broke certain things...either autofs or
mounting /dev/ram. I think it was /dev/ram. Previously mounted ram
devices wouldn't be cleared, even if umounted, and after a time you'd
run out of ram devices.
> > /opt /opt is for Solaris weenies and retards. /opt/foo should be
> > /usr/lib/foo dammit.
> lrwxrwxrwx 1 root root 8 Oct 14 1999 /opt -> /usr/local
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010330/a1388ce5/attachment.pgp
More information about the linux-elitists