[linux-elitists] mount options frenzy!

Karsten M. Self kmself@ix.netcom.com
Fri Mar 30 15:07:51 PST 2001


on Fri, Mar 30, 2001 at 01:03:08PM -0800, Heather (star@betelgeuse.starshine.org) wrote:
> > Any comments on the usefulness security-wise of making everything except
> > / and /usr nosuid,nodev?  And of copious use of noexec?
> > 
> > Here's a start...
> > 
> > /      defaults (ick...can we do better?)
> 
> You can make a fairly small slash readonly if you symlink /etc/mtab to
> the instance in proc, and mount up other volumes for var, usr, tmp, home.

I found that linking mtab broke certain things...either autofs or
mounting /dev/ram.  I think it was /dev/ram.  Previously mounted ram
devices wouldn't be cleared, even if umounted, and after a time you'd
run out of ram devices. 

> > /opt   /opt is for Solaris weenies and retards.  /opt/foo should be 
> >        /usr/lib/foo dammit.
> 
> lrwxrwxrwx   1 root     root            8 Oct 14  1999 /opt -> /usr/local

Damned straight!

-- 
Karsten M. Self <kmself@ix.netcom.com>    http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?       There is no K5 cabal
  http://gestalt-system.sourceforge.net/         http://www.kuro5hin.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010330/a1388ce5/attachment.pgp 


More information about the linux-elitists mailing list