[COLUG] Partition Size

Rob Funk rfunk at funknet.net
Tue Dec 11 08:51:01 EST 2007 

Duane wrote:
> Chris Clonch wrote:
> > On Monday 10 December 2007 9:12:38 Duane wrote:
> > > Doesn't it get a bit messy doing the whole parts of the file system
> > > as read only? I thought things were tending to be shifting more
> > > toward the file ACL level (selinux etc) to achieve this instead?

Doesn't it tend to get a bit messy doing access-control on a file-by file 
basis, rather than using the directory tree?  :-)

The Filesystem Hierarchy Standard should not be underestimated....
  http://www.pathname.com/fhs/pub/fhs-2.3.html

> > True, but without spending too much time with selinux, I find it
> > messier than splitting the file system.  To me selinux has a higher
> > learning curve.  Of course it has it advantages in a finer grain of
> > control than simply mounting a fs as read-only.
>
> Well that's not really security, that's just an illusion of security :)

You do tend to get better data security with a read-only filesystem.  I'm 
not talking about defending against attackers (who could certainly change 
the flag unless it's in hardware), but about the filesystem being less 
likely to get corrupted if the system is set at the mount level not to 
write to it at all.  On boxes that aren't internet servers, I tend to 
worry more about corruption caused by bugs than about attackers, and even 
on internet servers, software bugs are a more likely problem than 
attackers who remount read-only filesystems.

> > The picture I had in mind was a MythTV box with using XFS for media
> > file storage and scratch disk.  In that case virtualization would be
> > too much of a performance hit.  But I guess there really isn't any
> > solid reason you wouldn't use XFS for the rest of the system, other
> > than I would naturally resort back to ext3 for comforts sake.

As someone who used to love XFS and then lost an entire XFS filesystem, I 
can vouch for the better reliability of ext3.  I'd recommend using XFS 
only for large-data areas where it shines, and stick with ext3 for the 
OS.  Besides, the booters have more mature ext2/ext3 support than xfs 
support, if they support xfs at all.


-- 
==============================|   "A microscope locked in on one point
 Rob Funk <rfunk at funknet.net> |Never sees what kind of room that it's in"
 http://www.funknet.net/rfunk |    -- Chris Mars, "Stuck in Rewind"

More information about the colug432 mailing list