Moving /tmp to a separate partition. Advice?
in [Debian]
|
Prev: buisnesscard sid_d-i in "expert" mode asks different questions on amd64 vs powerpc
Next: Partition sizes in Squeeze (fstab contents)
From: Rob Owens on 23 May 2010 14:20 On Sun, May 23, 2010 at 07:14:21PM +0200, Klistvud wrote: > Dne, 23. 05. 2010 17:00:09 je Rob Owens napisal(a): > >> If /tmp is its own partition, you might consider using ext2 for speed. >> You could also consider RAID 0, if you have mulitple drives. > > A good suggestion, thanx. What about ext4, is it slower or faster than > ext2? > I'm not sure. ext2 has no journal, so I'd assume it's faster, but I really don't know. -Rob -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100523181159.GB5025(a)aurora.owens.net
From: Tom Furie on 23 May 2010 18:50 On Sun, May 23, 2010 at 10:38:48AM -0400, Andrew Reid wrote: > Setting the *directory* noexec seems very bad, since the exec bit > on directories controls the ability to cd to it, and turning that > off would make it largely useless. Just for the sake of argument *why* is setting /tmp rw- a bad thing? Surely if you put a file there, you know the full pathname, why would you need to list or search /tmp? Cheers, Tom -- There is one way to find out if a man is honest -- ask him. If he says "Yes" you know he is crooked. -- Groucho Marx
From: Andrew Reid on 23 May 2010 20:40 On Sunday 23 May 2010 18:46:29 Tom Furie wrote: > On Sun, May 23, 2010 at 10:38:48AM -0400, Andrew Reid wrote: > > Setting the *directory* noexec seems very bad, since the exec bit > > on directories controls the ability to cd to it, and turning that > > off would make it largely useless. > > Just for the sake of argument *why* is setting /tmp rw- a bad thing? > Surely if you put a file there, you know the full pathname, why would > you need to list or search /tmp? Well, I don't actually know for sure that it's bad, but it seems to invite broken-ness. Recursive Makefiles are notorious for cd-ing all over the place, but then again, that's usually in the source tree, which may or may not be in /tmp, depending where you unpacked it. As a theoretical example, I can easily imagine an installer that might unpack a set of example configurations into /tmp, and then do an "ls" to grep out the one that matches the local output of "uname -m" to select it for further architecture-specific processing. I can easily imagine myself writing such a thing. So, I confess "making it largely useless" was hyperbolic, but I still think it's a bad idea. -- A. -- Andrew Reid / reidac(a)bellatlantic.net -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/201005231930.17311.reidac(a)bellatlantic.net
From: Alexey Salmin on 24 May 2010 00:20 On Mon, May 24, 2010 at 6:30 AM, Andrew Reid <reidac(a)bellatlantic.net> wrote: > On Sunday 23 May 2010 18:46:29 Tom Furie wrote: >> On Sun, May 23, 2010 at 10:38:48AM -0400, Andrew Reid wrote: >> > Setting the *directory* noexec seems very bad, since the exec bit >> > on directories controls the ability to cd to it, and turning that >> > off would make it largely useless. >> >> Just for the sake of argument *why* is setting /tmp rw- a bad thing? >> Surely if you put a file there, you know the full pathname, why would >> you need to list or search /tmp? > > Well, I don't actually know for sure that it's bad, but it seems > to invite broken-ness. > > Recursive Makefiles are notorious for cd-ing all over the place, > but then again, that's usually in the source tree, which may or > may not be in /tmp, depending where you unpacked it. > > As a theoretical example, I can easily imagine an installer that > might unpack a set of example configurations into /tmp, and then do > an "ls" to grep out the one that matches the local output of "uname -m" > to select it for further architecture-specific processing. I can easily > imagine myself writing such a thing. > > So, I confess "making it largely useless" was hyperbolic, but I still > think it's a bad idea. Hmm. You're talking about why setting -wx on a /tmp is a bad thing: it will work but it may break some software trying to do ls /tmp, that's true. But Tom was asking why it's bad to set rw- which is much much worse because you need an x on a dir bit not to just cd but to access its contents in any way. Example: salmin(a)salmin:~$ mkdir dir salmin(a)salmin:~$ ls -ld dir drwxr-xr-x 2 salmin salmin 4096 May 24 11:01 dir salmin(a)salmin:~$ echo 123 > dir/a salmin(a)salmin:~$ cat dir/a 123 salmin(a)salmin:~$ chmod 111 dir salmin(a)salmin:~$ ls -ld dir d--x--x--x 2 salmin salmin 4096 May 24 11:01 dir salmin(a)salmin:~$ ls -l dir ls: cannot open directory dir: Permission denied salmin(a)salmin:~$ cat dir/a 123 x is set, r is not: can access dir/a but can't read dir contents salmin(a)salmin:~$ chmod 444 dir salmin(a)salmin:~$ ls -ld dir dr--r--r-- 2 salmin salmin 4096 May 24 11:01 dir salmin(a)salmin:~$ ls -l dir ls: cannot access dir/a: Permission denied total 0 -????????? ? ? ? ? ? a salmin(a)salmin:~$ cat dir/a cat: dir/a: Permission denied r is set, x is not: can read dir contents but can not access dir/a. That's way we can possibly set -wx on /tmp but setting rw- on any dir will make it completely unusable. Alexey -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/AANLkTikR3nFNxsppr_6LbkVEhSlkRHXjmk7xdykDIBUt(a)mail.gmail.com
From: Tom Furie on 24 May 2010 05:40
On Mon, May 24, 2010 at 11:12:18AM +0700, Alexey Salmin wrote: > On Mon, May 24, 2010 at 6:30 AM, Andrew Reid <reidac(a)bellatlantic.net> wrote: > > On Sunday 23 May 2010 18:46:29 Tom Furie wrote: > >> Just for the sake of argument *why* is setting /tmp rw- a bad thing? > >> Surely if you put a file there, you know the full pathname, why would > >> you need to list or search /tmp? > > > > Well, I don't actually know for sure that it's bad, but it seems > > to invite broken-ness. > > Hmm. You're talking about why setting -wx on a /tmp is a bad thing: it > will work but it may break some software trying to do ls /tmp, that's > true. > But Tom was asking why it's bad to set rw- which is much much worse > because you need an x on a dir bit not to just cd but to access its > contents in any way. Oops, -wx is what I was thinking of when I both read and replied to Andrew's post. Cheers, Tom -- I think you didn't get a reply because you used the terms "correct" and "proper", neither of which has much meaning in Perl culture. :-) -- Larry Wall in <199706251602.JAA01786(a)wall.org> |