Reindl Harald wrote:
Am 01.07.2012 19:32, schrieb Joe Zeff:
On 07/01/2012 10:23 AM, John Wendel wrote:
Extra security is certainly a plus. My main reason for wanting to run a
read-only root it to avoid wearing out the consumer grade compact flash
card that I'm using as my root device (yes, I'm cheap).
I'd suggest, then, using a distro that doesn't update as frequently as Fedora. /sbin is on the root device and
you'd need to set it to rw every time one of its programs gets updated. Also, if you're using Fedora, have a
separate /boot that's not on that card to make kernel updates easier.
i do it the other direction
/var/cache, /var/lib, /boot, /var/tmp, /var/log and /tmp on own partitions
or in case of virtual machines even on drives because i can have rootfs as
small as possible without fearing it gets full
What does that buy? If /tmp fills many things stop working even if it is on a
non-root filesystem. And to the extent that applications and services depend on
the other trees you mention breakage will occur, although far fewer things will
be broken filling anythig other than /tmp.
this would have the same effect without the problem of have to
remeber remount rw before updates
with "yum-plugin-security" and "yum update --security" you can
even on Fedora minimize updates most of the time if you really
want while you can update packages selective from the normal
repos if a update fixes a bug which affects you
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
