1 |
On Thu, Apr 7, 2016 at 10:44 PM, M. J. Everitt <m.j.everitt@×××.org> wrote: |
2 |
> 2) "Today, a separate /usr partition already must be mounted by the |
3 |
> initramfs during early boot, thus making the justification for a |
4 |
> split-off moot." - no, not all gentoo users have an initramfs and |
5 |
> need/want one .. so this is a false assumption. |
6 |
|
7 |
You only need an initramfs (or some other mechanism to mount /usr |
8 |
during early boot) if /usr is on a different filesystem than /. |
9 |
|
10 |
If /usr is a separate filesystem, then Gentoo does require that it be |
11 |
mounted during early boot, at least as a supported configuration. |
12 |
While it is true today that with some configurations you can probably |
13 |
get away with not mounting it during early boot, there is no |
14 |
requirement that package maintainers support this. That includes |
15 |
system packages. |
16 |
|
17 |
So, #2 applies to Gentoo as much as to any other distro. That was a |
18 |
topic of some debate a few years ago now. |
19 |
|
20 |
> 3) I still believe there is merit in distinguishing between binaries |
21 |
> that can/should be run as root, and those that can/should not. Those |
22 |
> that run as root 100% of the time, or use VMs, don't really 'use' linux |
23 |
> in the original sense of the OS .. |
24 |
|
25 |
Duncan already explained much of this, but if you're relying on a |
26 |
user's PATH setting to prevent security issues you're doing it wrong. |
27 |
There are a number of binaries in /sbin which are completely |
28 |
appropriate for a non-privileged user to execute. Besides |
29 |
non-privileged operations of binaries like btrfs or rpcinfo, there are |
30 |
a bunch of misc binaries in there like usleep or zdump. |
31 |
|
32 |
Really though the main point of merging these paths into /usr is to |
33 |
get all the static content of a distro into a single path, which can |
34 |
then be maintained as a read-only filesystem, mounted across multiple |
35 |
systems, protected using tripwire or signature checking, and so on. |
36 |
As has been pointed out the rolling release nature of Gentoo reduces |
37 |
some of these benefits somewhat. To truly get these benefits we would |
38 |
also need to rethink how post-install configuration gets managed as |
39 |
was already pointed out. |
40 |
|
41 |
However, the principle is still a potentially useful one even if we |
42 |
never follow-up with some of the things Fedora/etc are doing. After a |
43 |
merge the package manager has free rein over /usr, full config |
44 |
management is the policy in /etc, and /var is a place for persistent |
45 |
state that generally belongs to the applications themselves (but |
46 |
management of this is a bit of a mix still with stuff like /var/www |
47 |
and /var/bind alongside mail spools and mysql database files). |
48 |
|
49 |
-- |
50 |
Rich |