Re: Is it possible to setup read-only root ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 02.07.2012 19:35, schrieb Bill Davidsen:
> Reindl Harald wrote:
>>
>>
>> Am 01.07.2012 19:32, schrieb Joe Zeff:
>>> On 07/01/2012 10:23 AM, John Wendel wrote:
>>>> Extra security is certainly a plus. My main reason for wanting to run a
>>>> read-only root it to avoid wearing out the consumer grade compact flash
>>>> card that I'm using as my root device (yes, I'm cheap).
>>>
>>> I'd suggest, then, using a distro that doesn't update as frequently as Fedora.  /sbin is on the root device and
>>> you'd need to set it to rw every time one of its programs gets updated.  Also, if you're using Fedora, have a
>>> separate /boot that's not on that card to make kernel updates easier.
>>
>> i do it the other direction
>>
>> /var/cache, /var/lib, /boot, /var/tmp, /var/log and /tmp on own partitions
>> or in case of virtual machines even on drives because i can have rootfs as
>> small as possible without fearing it gets full
>>
> What does that buy? If /tmp fills many things stop working even if it is on a non-root filesystem. And to the
> extent that applications and services depend on the other trees you mention breakage will occur, although far fewer
> things will be broken filling anythig other than /tmp

what this does buy?
if a disk gets too small it is much easier stp the vm
and make the /tmp-drive larger than resize rootfs

and if /var/log fills the rootfs nor /tmp are filled
if /tmp fills you have a change to see it in any log

i am not speaking about workstations here
these are server-configurations working fine since many years

on some of them there is a larger extra virtual-disk and the
list above is BIND-mounted there which has the same effect:
less writes to rootfs and a much smaller rootfs

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux