| 1 |
In the beginning there were root (/bin) and /usr programs |
| 2 |
|
| 3 |
See UNIX Programmer's Manual (Thompson, Ritchie, November |
| 4 |
1971). [http://cm.bell-labs.com/cm/cs/who/dmr/manintro.pdf] |
| 5 |
|
| 6 |
/usr programs were "not considered part of the UNIX system" |
| 7 |
[bottom of page ii]. |
| 8 |
|
| 9 |
Root (/) contained all the system files and configuration; |
| 10 |
/usr all the user's files. |
| 11 |
|
| 12 |
In the UNIX V7 manuals hosted here: |
| 13 |
http://plan9.bell-labs.com/7thEdMan/bswv7.html |
| 14 |
Dennis Rtichie suggests moving binary files from root (/bin) |
| 15 |
to /usr/bin because it might speed up systems: |
| 16 |
See page 152 of UNIX Version 7, Volume 2B |
| 17 |
UNIX Programmers Manual. |
| 18 |
|
| 19 |
Hence, he suggests leaving only maintenance binary files in |
| 20 |
root (see para. 3 under Disk Layout, Pg. 152). |
| 21 |
|
| 22 |
The most important remark comes in paragraph 2 of the disk |
| 23 |
layout page: |
| 24 |
|
| 25 |
"There are two considerations in deciding how to adjust the |
| 26 |
arrangement of things on your disks: the most important is |
| 27 |
making sure there is adequate space for what is required; |
| 28 |
secondarily, throughput should be maximised." |
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
For me the argument is about what gets mounted in which way. |
| 33 |
I want to be able to ensure filesystems are mounted to prevent |
| 34 |
potential privilege escalation. |
| 35 |
Consequently, I have split my Gentoo system with the following |
| 36 |
settings. |
| 37 |
|
| 38 |
At boot /usr is present in / (on same partition) |
| 39 |
/tmp is mounted nosuid from a separate partition |
| 40 |
/var is mounted nosuid from a separate partition |
| 41 |
/home is mounted nosuid from a separate partition |
| 42 |
|
| 43 |
/bin and /sbin programs that do not require root authority |
| 44 |
are all marked nosuid. |
| 45 |
|
| 46 |
None of the executables/configuration files in / or /usr are |
| 47 |
user-writable. |
| 48 |
|
| 49 |
umasks are 077. |
| 50 |
|
| 51 |
On my backup server, /home is mounted noexec, nosuid. |
| 52 |
|
| 53 |
Personally I like the split between /bin and /usr/bin and /sbin |
| 54 |
and /usr/sbin - provided ports maintainers stick to an |
| 55 |
understanding that /bin is for maintenance files and /usr/bin |
| 56 |
is for user application files (i.e. applications used by users). |
| 57 |
|
| 58 |
/sbin and /usr/sbin should segregate root's/system maintenance |
| 59 |
executables and root's/system application executables. |
| 60 |
|
| 61 |
|
| 62 |
Although I am not sure at all that executables have been so |
| 63 |
split by recent developers/maintainers (a lot of time has passed)... |
| 64 |
|
| 65 |
It would be nice if a sensible structure could be proposed and |
| 66 |
agreed by ALL Linux distributions (coordinated with BSD). |
| 67 |
|
| 68 |
For me, it is a credit to Ken and Dennis' vision that they foresaw |
| 69 |
the benefit of file permissions, including suid and sgid and the |
| 70 |
EXCEPTIONALLY BRILLIANT idea of the sticky bit for /tmp. |
| 71 |
|
| 72 |
It is incredible that they came up with much of this structure in |
| 73 |
1969 - 1978. |
| 74 |
|
| 75 |
"Progress, far from consisting in change, depends on retentiveness. |
| 76 |
When change is absolute there remains no being to improve and |
| 77 |
no direction is set for possible improvement: and when experience |
| 78 |
is not retained, as among savages, infancy is perpetual. |
| 79 |
Those who cannot remember the past are condemned to repeat it." |
| 80 |
SATAYANA |
| 81 |
|
| 82 |
Those querying a separate /usr partition or otherwise might like to |
| 83 |
peruse UNIX Version 7 UNIX Programmers manual, Volume 2A: |
| 84 |
UNIX for Beginners (Brian W. Kernighan) |
| 85 |
Page 46 of this PDF: http://plan9.bell-labs.com/7thEdMan/v7vol2a.pdf |
| 86 |
|
| 87 |
I LIKE THE IDEA of a separate /usr partition - but that is from a |
| 88 |
mounting file-systems perspective rather than relying on the history |
| 89 |
of UNIX... |
| 90 |
|
| 91 |
Live free or die - UNIX. |
| 92 |
|
| 93 |
Mike |
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
On 18/07/12 18:35, Canek Peláez Valdés wrote: |
| 99 |
> As William pointed out, this is just another silly rationalization |
| 100 |
> done after the fact. But, just for argument's sake, lets suppose that |
| 101 |
> "usr" was named like that because it was the acronym for "UNIX System |
| 102 |
> Resources". |
| 103 |
> |
| 104 |
> *Who cares about that now?* It was 43 years ago. My cellphone is |
| 105 |
> thousands of times faster than the PDP-7 Unix was originally developed |
| 106 |
> for, and it has millions of times more storage. The length |
| 107 |
> restrictions imposed on system directories are completely superfluous |
| 108 |
> now. |
| 109 |
> |
| 110 |
> All the arguments for keeping /bin, /sbin, /usr/bin, and /usr/sbin |
| 111 |
> separated are really instances of the Chewbacca defense [1]. They just |
| 112 |
> don't make any sense. |
Archives