On Tue, Oct 19, 2010 at 04:50:43PM -0400, seth vidal wrote: > On Tue, 2010-10-19 at 15:40 -0500, Chris Adams wrote: > > Once upon a time, James Antill <james@xxxxxxxxxxxxxxxxx> said: > > > Putting my really old sysadmin hat on, one other reason for > > > having /tmp, /var and /usr as separate mount points was so that you > > > could allocate different disk space to each (and they couldn't break > > > each other) ... do we have other solutions for that? > > > > On a multi-user server (and that includes web access like PHP or CGI), > > you really don't want user-writable directories on a filesystem with > > anything important, especially security-sensitive things like setuid > > binaries. Hard-link tricks are evil. I run with a separate /tmp > > (usually tmpfs now) and bind mount it to /var/tmp as well. > > Not to get too far off into the weeds but Polyinstantianed tmpdir > (pam_namespace) are a good idea here. Everyone gets their on /tmp > and /var/tmp and no one else can see them. +1 ... we should have had this a long time ago. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
