Re: [tlug] join /tmp and /var

[Martin Baehr <mbaehr@example.com>]

On Thu, Jun 26, 2003 at 03:00:03AM +0900, Shimpei Yamashita wrote:
> Um, putting /var and /tmp together almost defeats the point of partitioning
> at all. 

really?

> A big reason why you want to partition away /tmp is to avoid launching a
> denial of service attack on yourself by inadvertently filling up the partition
> /tmp is on. 

how is a seperate /tmp going to help you there?
you can just as easely fill up /var/tmp

> Well, guess what--/var is the easiest partition to fill up on a
> Unix system, and also the only partition that an outsider can legitimately
> fill up for you. (Think "/var/spool/mail" and "big attachments".)

again, what would you gain by having a seperate /tmp?
/tmp is hardly needed for critical operation.

sure some programs will stop working, but your system won't die.
if it does you have much more serious problems.

> So you're
> getting all the hassle of partitioning, without much of the merits. Why
> not just make the entire hard disk one big partition and be done with it?
> At least you aren't wasting any space that way.

you are missing the point of partitioning.
it is to keep critical partitions such as / from being written to at all.

with a bit of work it is possible to mount / and /usr readonly for
normal operation, and if your system crashes / and /usr
are almost never affected at all. that is the real gain from partitioning.

filling up is something you can measure, and have sufficient warning
about. there is also this 5% reserve for the root user on any partition,
so that root still can write even if the partition fills up.
this is really what protects you here, not a seperate /tmp partition,
which gains you almost nothing except waste of space because sometimes
you need a lot of /tmp but most of the time you need hardly any.

> I'm also a bit leery of a system in which the root partition is basically
> nonfunctional by itself (on your system, no program that writes to /tmp
> works until the extra partition is mounted), but that may just be the
> Luddite in me.

no critical program should need to, i have not found any yet,
and if there is one, make the directory existing on / too, it will then
be simply hidden when the mount happens.

my partitioning devides things in 4 groups:

stuff needed to boot (/)
static data that almost never changes (/usr/)
data that is valuable to me (/home/ and /usr/local/)
variable data that changes a lot (/tmp/ and /var/)

for each of these groups i have one partition.
on a simple workstation nothing more is needed.

greetings, martin.
-- 
Pike Conference 2003 - Sep 25-27  -  http://pike.ida.liu.se/conferences/2003/
-- 
interested in doing pike programming, sTeam/caudium/pike/roxen training,      
sTeam/caudium/roxen and/or unix system administration anywhere in the world.
--
pike programmer   working in europe                           open-steam.org
unix system-      bahai.or.at                       iaeste.(tuwien.ac|or).at
administrator     (stuts|black.linux-m68k).org        is.(schon.org|root.at)
Martin Bähr       http://www.iaeste.or.at/~mbaehr/