Bonehead Move, noexec
Andy Green
andy at warmcat.com
Fri Feb 16 11:07:49 UTC 2007
Tim wrote:
> On Thu, 2007-02-15 at 17:37 +0000, Andy Green wrote:
>
>> Are there any other reasons to have partitions and LVM on boxes with
>> one storage device and no possibility for internal expansion?
>
> I don't see much point of using LVM on a PC that can't possibly have
> more than one hard drive, but partitions do still have their uses. You
> can mount certain things using file systems more efficient for the
> purpose, you can mount certain things with protective restrictions (such
> as noexec, nodev, etc.), and so on...
I guess that's a real benefit if you want to customize your fstab
accordingly. But I also guess few users who have multi partitions are
doing this. I think it is common mainly because it is the orthodoxy
that admins with hair on their chest do it.
BTW I learnt on this list a year or two ago from someone that noexec
can't be understood as generically stopping execution of anything from
that mountpoint and can be a false comfort indeed. Try this:
$ cp /bin/ls .
$ chmod -x ./ls
$ ls -l ./ls
-rw-r--r-- 1 user user 93560 Feb 16 11:01 ./ls
$ ./ls
bash: ./ls: Permission denied
$ /lib/ld-linux.so.2 ./ls
...
/tmp isn't nodev by default either, but you can change that if you were
hardening it all up I suppose. Point taken then, but it is pretty
specialized and maybe not a reason for everyone to get LVM by default.
-Andy
More information about the users
mailing list