From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HlvL4-0006vt-H2 for garchives@archives.gentoo.org; Wed, 09 May 2007 23:12:55 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l49NBb13003903; Wed, 9 May 2007 23:11:37 GMT Received: from desiato.localdomain (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l49N6pDT030987 for ; Wed, 9 May 2007 23:06:51 GMT Received: from hactar.digimed.co.uk (hactar.digimed.co.uk [192.168.1.2]) by desiato.localdomain (Postfix) with ESMTP id 0B43A12AB32 for ; Thu, 10 May 2007 00:06:50 +0100 (BST) Date: Thu, 10 May 2007 00:06:08 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Separate /usr [was: Clock is way off] Message-ID: <20070510000608.319c2326@hactar.digimed.co.uk> In-Reply-To: <200705091549.45764.bulliver@badcomputer.org> References: <49bf44f10705081656s776f28f5kbe497a5326107c2f@mail.gmail.com> <20070509182835.4c33a0f2@hactar.digimed.co.uk> <200705091953.08629.benno.schulenberg@gmail.com> <200705091549.45764.bulliver@badcomputer.org> Organization: Digital Media Production X-Mailer: Claws Mail 2.9.2cvs2 (GTK+ 2.10.12; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_uCHrFCsY/uksjneXvdLqcn."; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 90366463-ee49-47ec-a856-901f191a7af0 X-Archives-Hash: 7ecb145d2e54ccc6cbf9ba4d44b865bc --Sig_uCHrFCsY/uksjneXvdLqcn. Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 09 May 2007 15:49:45 -0600, darren kirby wrote: > I have heard you can use a separate /usr to enhance security by > mounting it readonly under normal circumstances. This way, bad guys > can't mess with your binaries in /usr/bin and /usr/sbin, Instead of only being able to get at the really important stuff in /bin and /sbin? > I do have a separate /usr, but do not mount it readonly, as I --sync > enough to make remounting it daily rather annoying. 1) Use a script to remount /usr, sysnc, remount /usr 2) Much better, use a separate filesystem for /usr/portage (or put it on /var) 3) Better still, http://gentoo-wiki.com/TIP_Speeding_up_portage#Make_A_Sparse_File_to_create= _portage_in --=20 Neil Bothwick "One World, One Web, One Program" - Microsoft Promotional Ad "Ein Volk, Ein Reich, Ein Fuhrer" - Adolf Hitler --Sig_uCHrFCsY/uksjneXvdLqcn. Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) iD8DBQFGQlP7um4al0N1GQMRAraVAJ9o6W2Gx+WLLeiv0hh5Xux0RJ9ZtACgnIRp OR+WpY+NYHmGzmcBmSYlAM4= =S/+Y -----END PGP SIGNATURE----- --Sig_uCHrFCsY/uksjneXvdLqcn.-- -- gentoo-user@gentoo.org mailing list