| 1 |
On Wed, 09 May 2007 15:49:45 -0600, darren kirby wrote: |
| 2 |
|
| 3 |
> I have heard you can use a separate /usr to enhance security by |
| 4 |
> mounting it readonly under normal circumstances. This way, bad guys |
| 5 |
> can't mess with your binaries in /usr/bin and /usr/sbin, |
| 6 |
|
| 7 |
Instead of only being able to get at the really important stuff in /bin |
| 8 |
and /sbin? |
| 9 |
|
| 10 |
> I do have a separate /usr, but do not mount it readonly, as I --sync |
| 11 |
> enough to make remounting it daily rather annoying. |
| 12 |
|
| 13 |
1) Use a script to remount /usr, sysnc, remount /usr |
| 14 |
|
| 15 |
2) Much better, use a separate filesystem for /usr/portage (or put it |
| 16 |
on /var) |
| 17 |
|
| 18 |
3) Better still, |
| 19 |
http://gentoo-wiki.com/TIP_Speeding_up_portage#Make_A_Sparse_File_to_create_portage_in |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
Neil Bothwick |
| 24 |
|
| 25 |
"One World, One Web, One Program" - Microsoft Promotional Ad |
| 26 |
"Ein Volk, Ein Reich, Ein Fuhrer" - Adolf Hitler |
Archives