From: "llemikebyw@aol.com" <llemikebyw@aol.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Opinion against /usr merge
Date: Wed, 18 Jul 2012 22:24:58 +0100 [thread overview]
Message-ID: <500729AA.1000309@aol.com> (raw)
In-Reply-To: <CADPrc82QJmCTcyar8E8r+xt69YdAxqq6CGmEtcStMKXEuo25aA@mail.gmail.com>
In the beginning there were root (/bin) and /usr programs
See UNIX Programmer's Manual (Thompson, Ritchie, November
1971). [http://cm.bell-labs.com/cm/cs/who/dmr/manintro.pdf]
/usr programs were "not considered part of the UNIX system"
[bottom of page ii].
Root (/) contained all the system files and configuration;
/usr all the user's files.
In the UNIX V7 manuals hosted here:
http://plan9.bell-labs.com/7thEdMan/bswv7.html
Dennis Rtichie suggests moving binary files from root (/bin)
to /usr/bin because it might speed up systems:
See page 152 of UNIX Version 7, Volume 2B
UNIX Programmers Manual.
Hence, he suggests leaving only maintenance binary files in
root (see para. 3 under Disk Layout, Pg. 152).
The most important remark comes in paragraph 2 of the disk
layout page:
"There are two considerations in deciding how to adjust the
arrangement of things on your disks: the most important is
making sure there is adequate space for what is required;
secondarily, throughput should be maximised."
For me the argument is about what gets mounted in which way.
I want to be able to ensure filesystems are mounted to prevent
potential privilege escalation.
Consequently, I have split my Gentoo system with the following
settings.
At boot /usr is present in / (on same partition)
/tmp is mounted nosuid from a separate partition
/var is mounted nosuid from a separate partition
/home is mounted nosuid from a separate partition
/bin and /sbin programs that do not require root authority
are all marked nosuid.
None of the executables/configuration files in / or /usr are
user-writable.
umasks are 077.
On my backup server, /home is mounted noexec, nosuid.
Personally I like the split between /bin and /usr/bin and /sbin
and /usr/sbin - provided ports maintainers stick to an
understanding that /bin is for maintenance files and /usr/bin
is for user application files (i.e. applications used by users).
/sbin and /usr/sbin should segregate root's/system maintenance
executables and root's/system application executables.
Although I am not sure at all that executables have been so
split by recent developers/maintainers (a lot of time has passed)...
It would be nice if a sensible structure could be proposed and
agreed by ALL Linux distributions (coordinated with BSD).
For me, it is a credit to Ken and Dennis' vision that they foresaw
the benefit of file permissions, including suid and sgid and the
EXCEPTIONALLY BRILLIANT idea of the sticky bit for /tmp.
It is incredible that they came up with much of this structure in
1969 - 1978.
"Progress, far from consisting in change, depends on retentiveness.
When change is absolute there remains no being to improve and
no direction is set for possible improvement: and when experience
is not retained, as among savages, infancy is perpetual.
Those who cannot remember the past are condemned to repeat it."
SATAYANA
Those querying a separate /usr partition or otherwise might like to
peruse UNIX Version 7 UNIX Programmers manual, Volume 2A:
UNIX for Beginners (Brian W. Kernighan)
Page 46 of this PDF: http://plan9.bell-labs.com/7thEdMan/v7vol2a.pdf
I LIKE THE IDEA of a separate /usr partition - but that is from a
mounting file-systems perspective rather than relying on the history
of UNIX...
Live free or die - UNIX.
Mike
On 18/07/12 18:35, Canek Peláez Valdés wrote:
> As William pointed out, this is just another silly rationalization
> done after the fact. But, just for argument's sake, lets suppose that
> "usr" was named like that because it was the acronym for "UNIX System
> Resources".
>
> *Who cares about that now?* It was 43 years ago. My cellphone is
> thousands of times faster than the PDP-7 Unix was originally developed
> for, and it has millions of times more storage. The length
> restrictions imposed on system directories are completely superfluous
> now.
>
> All the arguments for keeping /bin, /sbin, /usr/bin, and /usr/sbin
> separated are really instances of the Chewbacca defense [1]. They just
> don't make any sense.
next prev parent reply other threads:[~2012-07-18 21:26 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-17 21:20 [gentoo-dev] Opinion against /usr merge Richard Yao
2012-07-17 22:41 ` Rich Freeman
2012-07-17 23:07 ` Olivier Crête
2012-07-18 0:37 ` Ian Stakenvicius
2012-07-18 0:49 ` Olivier Crête
2012-07-18 0:50 ` Olivier Crête
2012-07-18 1:11 ` William Hubbs
2012-07-18 3:54 ` Richard Yao
2012-07-18 4:37 ` Olivier Crête
2012-07-18 8:10 ` Michał Górny
2012-07-18 13:18 ` Richard Yao
2012-07-18 15:04 ` Canek Peláez Valdés
2012-07-18 16:13 ` Hobbit
2012-07-18 16:26 ` William Hubbs
2012-07-18 16:56 ` Hobbit
2012-07-18 17:35 ` Canek Peláez Valdés
2012-07-18 17:40 ` Ciaran McCreesh
2012-07-18 17:58 ` Michał Górny
2012-07-18 18:25 ` Michael Mol
2012-07-18 18:47 ` Alec Warner
2012-07-18 18:53 ` Michael Mol
2012-07-18 19:03 ` Canek Peláez Valdés
2012-07-18 19:12 ` Michael Mol
2012-07-18 19:20 ` Canek Peláez Valdés
2012-07-18 19:40 ` Michael Mol
2012-07-18 20:02 ` Rich Freeman
2012-07-18 20:14 ` Michael Mol
2012-07-18 20:53 ` Peter Stuge
2012-07-18 19:22 ` Michał Górny
2012-07-18 19:05 ` Rich Freeman
2012-07-18 19:18 ` Michael Mol
2012-07-18 19:25 ` Canek Peláez Valdés
2012-07-18 19:47 ` Michael Mol
2012-07-18 19:50 ` Ian Stakenvicius
2012-07-18 19:55 ` Michael Mol
2012-07-18 19:59 ` Ian Stakenvicius
2012-07-19 4:22 ` [gentoo-dev] " Duncan
2012-07-18 20:05 ` [gentoo-dev] " Alec Warner
2012-07-18 20:10 ` Ian Stakenvicius
2012-07-19 11:05 ` Rich Freeman
2012-07-19 21:01 ` Christopher Head
2012-07-19 1:38 ` Patrick Lauer
2012-07-19 15:26 ` Richard Yao
2012-07-18 18:08 ` Maxim Kammerer
2012-07-18 21:24 ` llemikebyw [this message]
2012-07-19 1:24 ` Matthew Marlowe
2012-07-19 2:04 ` Olivier Crête
2012-07-19 4:09 ` Matthew Marlowe
2012-07-19 20:48 ` Walter Dnes
2012-07-18 18:11 ` Michael Mol
2012-07-18 18:22 ` Fabian Groffen
2012-07-19 3:02 ` [gentoo-dev] " Duncan
2012-07-18 17:47 ` [gentoo-dev] " Jason A. Donenfeld
2012-07-19 3:11 ` [gentoo-dev] " Duncan
2012-07-17 23:19 ` [gentoo-dev] " William Hubbs
2012-07-17 23:02 ` William Hubbs
2012-07-17 23:13 ` Dale
2012-07-17 23:23 ` William Hubbs
2012-07-17 23:46 ` Dale
2012-07-17 23:19 ` Richard Yao
2012-07-18 0:12 ` William Hubbs
2012-07-18 0:34 ` Richard Yao
2012-07-18 0:46 ` Rich Freeman
2012-07-18 1:17 ` Richard Yao
2012-07-18 1:28 ` Jeff Horelick
2012-07-18 3:24 ` Richard Yao
2012-07-18 4:42 ` Olivier Crête
2012-07-18 15:35 ` Walter Dnes
2012-07-18 18:06 ` Jason A. Donenfeld
2012-07-19 1:26 ` Walter Dnes
2012-07-18 18:27 ` Michał Górny
2012-07-19 1:37 ` Walter Dnes
2012-08-09 9:10 ` Luca Barbato
2012-08-09 11:57 ` Jeroen Roovers
2012-07-18 4:37 ` [gentoo-dev] " Duncan
2012-07-18 7:41 ` [gentoo-dev] " Michał Górny
2012-07-18 8:18 ` Michał Górny
2012-07-18 9:49 ` [gentoo-dev] " Duncan
2012-07-18 9:55 ` Michał Górny
2012-07-18 10:44 ` Duncan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=500729AA.1000309@aol.com \
--to=llemikebyw@aol.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox