Disk Druid - Fedora flame #1

[Gene Heskett]

On Wednesday 19 January 2005 17:57, James Wilkinson wrote:
>Gene Heskett wrote:
>> And I'm down there working on it right now, having put a used 46GB
>> WD drive in as /dev/hdb, and the first real problem is that DD
>> will not allow me to make a /root partition, claiming it must be a
>> directory on /.
>>
>> With all due respect, thats bullshit. I will NEVER partition a
>> drive and put /root as a subdir on /.  I don't have such an
>> arrangment in place on any linux install I have, won't tolerate
>> it.  Its senseless to put your most private business as nothing
>> more secure than a directory on /.  End of discussion IMNSHO. 
>> What I do as root, is not any of the semi-public /'s business,
>> none nada zip.
>>
>> /dev/hdb1= primary /boot = 100M
>> /dev/hdb2= primary /dos  = 50M
>> /dev/hdb3= primary /root = 4GB But %$#@*& DD won't let me name it
>> '/root', I'm gonna have to do it by hand.
>
>Erm .. sorry. Your justification has lost me.
>
>Root's home directory should contain very little: it's supposed to
> be part of a minimal boot environment.
>
>This goes back to the days when disks and filesystems were more
> fragile than they are now, boot CDs unavailable, and boot floppies
> much less useful. The idea is to maximise the chances that you can
> at least boot a Unix as far as mounting /, with enough utilities to
> fix things.
>
>So that means you need root's home directory on / (so root can login
> and get at his or her settings), along with utilities like fsck,
> tar and mknod, so you can actually fix any problems with /usr (or
> rebuild it from backup).
>
>And the root filesystem should be as small as reasonably possible,
> to minimise the chances that anything goes wrong with it.
>
>The justification at
>http://www.pathname.com/fhs/pub/fhs-2.3.html#THEROOTFILESYSTEM
>(which is the Linux Filesystem Hierarchy Standard that Fedora and
> nearly every other Linux basically follow) is a worthwhile read.
>
>Note that some commercial Unices use "/" as root's home directory. I
>find this... untidy, but it does prevent ambiguities when someone
> talks about "the root directory" (and you're not sure they're using
> much precision).
>
>If I ask "what sort of 'most private business' needs to be done as
>root?" then you'll probably tell me it's most private! But e-mail,
>spreadsheets, word-processing, and the rest can and should be done
> as normal users. Anything that counts as "business" should be
> stored under /home or on another filesystem.
>
>There's no loss of security, as long as root is trusted. In fact,
> you get *more* security, because there are less ways for an
> ordinary user to compromise the security of the data.
>
>(If you do have to keep it under /root: you can always create
> another filesystem and mount it there...)
>
>And "nothing more secure than a directory on /"? As Fedora currently
>comes, there is no real difference between having a folder on one
>filesystem or on another. While Linux is booted, it will provide the
>same protection. While it isn't booted, anyone with physical access
> can swipe the drive, or boot a CD, USB key, or floppy and read data
> from the hard drive.
>
>Now it would be possible to merge in some of the patches floating
> around to provide an encrypted swap, and have an encrypted
> filesystem that you mount at login (entering a password) for
> sensitive files. *Then* you'd get security benefits from having
> sensitive documents on a different filesystem.
>
>Just as long as you're prepared for something to break, and that
>filesystem not to mount.
>
>Incidentally, the FHS says, at
>
>http://www.pathname.com/fhs/pub/fhs-2.3.html#FTN.AEN1037:
>> If the home directory of the root account is not stored on the
>> root partition it will be necessary to make certain it will
>> default to / if it can not be located.
>
>(Fedora doesn't do this by default...)
>
>> We recommend against using the root account for tasks that can be
>> performed as an unprivileged user, and that it be used solely for
>> system administration. For this reason, we recommend that
>> subdirectories for mail and other applications not appear in the
>> root account's home directory, and that mail for administration
>> roles such as root, postmaster, and webmaster be forwarded to an
>> appropriate user.
>
>James.

Lets just say that we will have to agree to disagree on this one and 
let it go at that.  I personally have never had just one partition, 
regardless of its name, fail to mount if the fstab is written 
correctly.

In my case, on this machine, I took advantage of konstruct (or the 
other way around) and had it install the last kde I built in root.  
Works just fine for me, and I'm the only user...

>--
>E-mail address: james | They say that every cloud has a silver
> lining, which @westexe.demon.co.uk  | must be a bit alarming for
> airline pilots...
>
>                      |     -- "I'm Sorry, I Haven't A Clue", BBC
>                      | Radio 4

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.32% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.