|
Home > Archive > Red Hat Configuration > January 2004 > Why partition a Lunux system?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Why partition a Lunux system?
|
|
| Lamar Thomas 2004-01-23, 7:21 pm |
| In this day of 80+ GB IDE HDs why should anyone partition the drive into
more then one partition like: (/, /boot/, /usr, /usr/local, /home, /etc,
/opt)? What is the benefit? Why not just / and swap? It seems like it's
just a hold over from the days of smaller HDs. Any feedback?
Thanks,
Lamar
| |
|
| Lamar Thomas wrote:
quote:
> In this day of 80+ GB IDE HDs why should anyone partition the drive into
> more then one partition like: (/, /boot/, /usr, /usr/local, /home, /etc,
> /opt)? What is the benefit? Why not just / and swap? It seems like it's
> just a hold over from the days of smaller HDs. Any feedback?
>
> Thanks,
>
> Lamar
>
>
"Linux Partition HOWTO" is your friend.
http://www.tldp.org/HOWTO/Partition/
| |
| Paul Colquhoun 2004-01-23, 7:22 pm |
| On Mon, 24 Nov 2003 20:05:20 GMT, mao <mao@mail.it> wrote:
| Lamar Thomas wrote:
|
|> In this day of 80+ GB IDE HDs why should anyone partition the drive into
|> more then one partition like: (/, /boot/, /usr, /usr/local, /home, /etc,
|> /opt)? What is the benefit? Why not just / and swap? It seems like it's
|> just a hold over from the days of smaller HDs. Any feedback?
|>
|> Thanks,
|>
|> Lamar
|>
|>
|
| "Linux Partition HOWTO" is your friend.
| http://www.tldp.org/HOWTO/Partition/
A security issue that was recently raised on the BUGTRAQ mailing list is
relevant here.
If you allow other people to have accounts on your system, you need to
have /home as a seperate partition, and to make sure it is mounted with
the 'nosuid' flag, to ensure they can't import suid programs from other
systems and bcore root on yours.
Another, related, issue is that they can create links (with 'ln') to other
peoples files. This won't let them read the files, but it stops the owner
deleting them, and it may cause the owner to run out of quota.
This link thing also works with system suid binaries, and can allow the user
to keep a "copy" of a program with a security hole arround after the admin
thinks they have deleted it.
Since linking only works within a partition, a seperate /home and /tmp will
prevent this. Regular scanning for suid programs in unexpected places is
also recommended.
--
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
Asking for technical help in newsgroups? Read this first:
http://catb.org/~esr/faqs/smart-questions.html#intro
| |
| Paul Colquhoun 2004-01-23, 7:22 pm |
| On Mon, 24 Nov 2003 20:05:20 GMT, mao <mao@mail.it> wrote:
| Lamar Thomas wrote:
|
|> In this day of 80+ GB IDE HDs why should anyone partition the drive into
|> more then one partition like: (/, /boot/, /usr, /usr/local, /home, /etc,
|> /opt)? What is the benefit? Why not just / and swap? It seems like it's
|> just a hold over from the days of smaller HDs. Any feedback?
|>
|> Thanks,
|>
|> Lamar
|>
|>
|
| "Linux Partition HOWTO" is your friend.
| http://www.tldp.org/HOWTO/Partition/
A security issue that was recently raised on the BUGTRAQ mailing list is
relevant here.
If you allow other people to have accounts on your system, you need to
have /home as a seperate partition, and to make sure it is mounted with
the 'nosuid' flag, to ensure they can't import suid programs from other
systems and bcore root on yours.
Another, related, issue is that they can create links (with 'ln') to other
peoples files. This won't let them read the files, but it stops the owner
deleting them, and it may cause the owner to run out of quota.
This link thing also works with system suid binaries, and can allow the user
to keep a "copy" of a program with a security hole arround after the admin
thinks they have deleted it.
Since linking only works within a partition, a seperate /home and /tmp will
prevent this. Regular scanning for suid programs in unexpected places is
also recommended.
--
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
Asking for technical help in newsgroups? Read this first:
http://catb.org/~esr/faqs/smart-questions.html#intro
| |
| Paul Colquhoun 2004-01-23, 7:22 pm |
| On Mon, 24 Nov 2003 20:05:20 GMT, mao <mao@mail.it> wrote:
| Lamar Thomas wrote:
|
|> In this day of 80+ GB IDE HDs why should anyone partition the drive into
|> more then one partition like: (/, /boot/, /usr, /usr/local, /home, /etc,
|> /opt)? What is the benefit? Why not just / and swap? It seems like it's
|> just a hold over from the days of smaller HDs. Any feedback?
|>
|> Thanks,
|>
|> Lamar
|>
|>
|
| "Linux Partition HOWTO" is your friend.
| http://www.tldp.org/HOWTO/Partition/
A security issue that was recently raised on the BUGTRAQ mailing list is
relevant here.
If you allow other people to have accounts on your system, you need to
have /home as a seperate partition, and to make sure it is mounted with
the 'nosuid' flag, to ensure they can't import suid programs from other
systems and bcore root on yours.
Another, related, issue is that they can create links (with 'ln') to other
peoples files. This won't let them read the files, but it stops the owner
deleting them, and it may cause the owner to run out of quota.
This link thing also works with system suid binaries, and can allow the user
to keep a "copy" of a program with a security hole arround after the admin
thinks they have deleted it.
Since linking only works within a partition, a seperate /home and /tmp will
prevent this. Regular scanning for suid programs in unexpected places is
also recommended.
--
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
Asking for technical help in newsgroups? Read this first:
http://catb.org/~esr/faqs/smart-questions.html#intro
| |
| Wally Sanford 2004-01-23, 7:22 pm |
| Paul Colquhoun wrote:quote:
> On Mon, 24 Nov 2003 20:05:20 GMT, mao <mao@mail.it> wrote:
>
>
> A security issue that was recently raised on the BUGTRAQ mailing list
> is relevant here.
>
> If you allow other people to have accounts on your system, you need to
> have /home as a seperate partition, and to make sure it is mounted
> with
> the 'nosuid' flag, to ensure they can't import suid programs from
> other systems and bcore root on yours.
>
> Another, related, issue is that they can create links (with 'ln') to
> other peoples files. This won't let them read the files, but it stops
> the owner deleting them, and it may cause the owner to run out of
> quota.
Do you mena sym or hard links? The former I never had trouble deleting
the target, and the link it self shows it's self in ls-l (usually as
lxwrxwrxwr) and most distros show it as:
link_name -> /path/to/real_link
| |
| Wally Sanford 2004-01-23, 7:22 pm |
| Paul Colquhoun wrote:quote:
> On Mon, 24 Nov 2003 20:05:20 GMT, mao <mao@mail.it> wrote:
>
>
> A security issue that was recently raised on the BUGTRAQ mailing list
> is relevant here.
>
> If you allow other people to have accounts on your system, you need to
> have /home as a seperate partition, and to make sure it is mounted
> with
> the 'nosuid' flag, to ensure they can't import suid programs from
> other systems and bcore root on yours.
>
> Another, related, issue is that they can create links (with 'ln') to
> other peoples files. This won't let them read the files, but it stops
> the owner deleting them, and it may cause the owner to run out of
> quota.
Do you mena sym or hard links? The former I never had trouble deleting
the target, and the link it self shows it's self in ls-l (usually as
lxwrxwrxwr) and most distros show it as:
link_name -> /path/to/real_link
| |
| Wally Sanford 2004-01-23, 7:22 pm |
| Paul Colquhoun wrote:quote:
> On Mon, 24 Nov 2003 20:05:20 GMT, mao <mao@mail.it> wrote:
>
>
> A security issue that was recently raised on the BUGTRAQ mailing list
> is relevant here.
>
> If you allow other people to have accounts on your system, you need to
> have /home as a seperate partition, and to make sure it is mounted
> with
> the 'nosuid' flag, to ensure they can't import suid programs from
> other systems and bcore root on yours.
>
> Another, related, issue is that they can create links (with 'ln') to
> other peoples files. This won't let them read the files, but it stops
> the owner deleting them, and it may cause the owner to run out of
> quota.
Do you mena sym or hard links? The former I never had trouble deleting
the target, and the link it self shows it's self in ls-l (usually as
lxwrxwrxwr) and most distros show it as:
link_name -> /path/to/real_link
|
|
|
|
|