rawhide report: 20101019 changes
seth vidal
skvidal at fedoraproject.org
Tue Oct 19 20:50:43 UTC 2010
On Tue, 2010-10-19 at 15:40 -0500, Chris Adams wrote:
> Once upon a time, James Antill <james at fedoraproject.org> said:
> > Putting my really old sysadmin hat on, one other reason for
> > having /tmp, /var and /usr as separate mount points was so that you
> > could allocate different disk space to each (and they couldn't break
> > each other) ... do we have other solutions for that?
>
> On a multi-user server (and that includes web access like PHP or CGI),
> you really don't want user-writable directories on a filesystem with
> anything important, especially security-sensitive things like setuid
> binaries. Hard-link tricks are evil. I run with a separate /tmp
> (usually tmpfs now) and bind mount it to /var/tmp as well.
Not to get too far off into the weeds but Polyinstantianed tmpdir
(pam_namespace) are a good idea here. Everyone gets their on /tmp
and /var/tmp and no one else can see them.
-sv
More information about the devel
mailing list