1 |
On Wed, 09 May 2007 15:49:45 -0600, darren kirby wrote: |
2 |
|
3 |
> I have heard you can use a separate /usr to enhance security by |
4 |
> mounting it readonly under normal circumstances. This way, bad guys |
5 |
> can't mess with your binaries in /usr/bin and /usr/sbin, |
6 |
|
7 |
Instead of only being able to get at the really important stuff in /bin |
8 |
and /sbin? |
9 |
|
10 |
> I do have a separate /usr, but do not mount it readonly, as I --sync |
11 |
> enough to make remounting it daily rather annoying. |
12 |
|
13 |
1) Use a script to remount /usr, sysnc, remount /usr |
14 |
|
15 |
2) Much better, use a separate filesystem for /usr/portage (or put it |
16 |
on /var) |
17 |
|
18 |
3) Better still, |
19 |
http://gentoo-wiki.com/TIP_Speeding_up_portage#Make_A_Sparse_File_to_create_portage_in |
20 |
|
21 |
|
22 |
-- |
23 |
Neil Bothwick |
24 |
|
25 |
"One World, One Web, One Program" - Microsoft Promotional Ad |
26 |
"Ein Volk, Ein Reich, Ein Fuhrer" - Adolf Hitler |