Future: fhs 2.3 compliance for fc3

Stephen Smoogen smoogen at lanl.gov
Thu Apr 1 18:44:36 UTC 2004 

Ok I have a feeling I know where this sort of configuration would be
wanted :) :).. so I figured I should let you know the various problems
we have seen with diskless workstations, clusters and other things

On Thu, 2004-04-01 at 03:54, Dave Jones wrote:
> On Wed, 2004-03-31 at 23:38, Havoc Pennington wrote:
> 
> > A possibly related discussion; we've been wondering if we can make the
> > OS image read-only (mounting it that way, or via selinux).
> 
> If we do this, apt/yum/up2date/rpm will also need smarts to remount rw 
> when upgrading. Having to do this by hand each time would annoy the hell
> out of me enough to just make it permanently rw again.
> 

The issues I see are the following:

python items that get recompiled. I have to treat my scripts to ok
various .pyc files that seem to change md5sums every now and then. 

The following filesystems are heavily mutable and have to be rw
/etc
  mtab
  configurations and such being pushed out by cfengine, et al.
  [Rebooting to get the new configuration is not why we switched to
   Linux :)]
/dev
  permission changes and such

One of the old Unix boxes here had the ability to set / ro (unless
single user) and then overmounted a rw /dev /etc with all the entries
that were mutable. The only problem we had was when the new sysadmin
(me) didnt know that booting single user didnt overmount, and so the
changes to /etc/passwd disappeared :). 

Things that can be mounted via ramdisk
/tmp
/var/tmp
/var/spool/mqueue/xf/
## Also /var/spool/MIMEdefang/ if you use it.



Things that have to be available over a reboot/power-outage/etc
/var/spool/
/var/log/    [even with central logging it is needed to cross check
              logs]




> > Then have /tmp and probably /var in RAM (or wiped on boot)
> 
> Errr, if /var/log disappeared, I'd be very annoyed.
> 
> Ditto /var/spool. Imagine a scenario where I had a few hundred emails
> in /var/spool/mqueue, and for some reason the box locked up.
> Right now, I can reboot, and they'll still be there, and I can just
> restart the MTA and everything carries on.  With your proposal, that
> spool is *gone*.
> 
> Same is possibly true for other bits of /var too.
> 
> > This allows you to maintain the OS image in a central location and the
> > homedirs and server/app data in central locations, and have a single
> > network-wide master copy of all important state.
> 
> This sounds problematic for laptops. Things like AFS sound like a solution,
> but from what I've heard about it, I'm not sure I'm ready to trust my
> /home to it.
> 

I doubt very much you would want to run this configuration on a
laptop... :).

> 	Dave
-- 
Stephen John Smoogen		smoogen at lanl.gov
Los Alamos National Lab  CCN-5 Sched 5/40  PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- You should consider any operational computer to be a security problem --

More information about the devel mailing list