On Fri, Nov 30, 2001 at 02:01:18AM -0600, Chad C. Walstrom wrote: > Reason #1: Mount /usr as read-only. There is only one reason why you > should mount /usr read/write: to install software. Upon completion of > this one task, remount the drive as read-only. Lock it down with kernel > capabilities tools, and be done with it. [apt-get has a nice way to > auto-remount the drive in apt.conf(5) when installing/upgrading > software.] That depends on how paranoid you are regarding security. My feeling is that if someone can get enough access to write to pieces of / and /usr that they shouldn't, they will likely have enough access to damage the system anyway (fdisk/dd/lilo/grub/etc.) So you really only protect yourself from accidental damage (which shouldn't happen on a properly configured box) and attackers who aren't creative. ;) I don't know much about the kernel capabilities facility, but if you can mount the partition read-write to install apps without rebooting, you haven't bought yourself anything. If you can't (I assume that's the benefit,) then you'll have to take a downtime whenever you want to upgrade something which may or may not be a problem in your environment. The "no reason" bit was more aimed at the carry-over from OSes like SunOS where it was suggested (although I forget why at the moment) that / and /usr be on different partitions. I think it was something about partition location on disk, but that's another discussion. :) > Reason #2: With LVM, you don't have to worry about exceeding the > standard "allowed" harddrive partitions. So, create logical volumes to > your heart's (*ahem*) extent. With filesystem and logical volume > resizing, the flexibility and convenience outweight the small > "overhead." You're right about the exceeding available space, but /usr in LVM also means that given a problem with LVM, you're unlikely to be able to get your box to single-user mode. Even if you do (I haven't tested this), you're going to find a very limited environment without /usr. With / on LVM, you're definately unable to boot if LVM has problems. This is a problem I've seen a number of times on HPUX. The OS disk is under LVM in vg00. People want more disk space and so they add another disk to vg00 and go make new logical volumes (or worse, extend OS lvs.) It's not a problem until this new disk fails (or isn't powered on before bootup, or ...) Then the volume group can't be started and the machine won't boot. If you've extended a core OS lv (/, /usr, /var, etc,) you've just won yourself a restore/reinstall. All that while having the main OS disk still running perfectly. At least with / and /usr outside of LVM, it'd likely be easier to recover from the failure. > Reason #3: It's just plain strange to have / share space with /usr. Matter of opinion. :) > Reason #4: For someone new to Linux, LVM provides you with the > opportunity to correct a mistake without having to reinstall your system > because you'd prefer a different harddrive partition layout. True, but it also adds more complexity to setting up and maintaining the system. > Experiment, have fun. With LVM, you can afford to play in order to find > that "perfect" balance of partitioning and practicality. :) -- Randomly Generated Tagline: "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." - Larry Wall
Attachment:
pgp00364.pgp
Description: PGP signature
