[sf-lug] filesystem for a 3TB external USB drive

jim jim at systemateka.com
Tue Jan 3 19:03:48 PST 2012 


    Seems like a few of these considerations might be a 
good basis for determining partitioning, yes? 



On Tue, 2012-01-03 at 18:56 -0800, Rick Moen wrote:
> Quoting Paul Ivanov (pi at berkeley.edu):
> 
> > Thanks for this, Rick - I learned something. Specifically your
> > particular uses of 'ro' and 'noatime'. I'm inferring that
> > the purpose of ro is for security, is this correct, or are there
> > other reasons?  
> 
> My use of 'ro' on most filesystems of type ext2 is so that (1) they're
> always synced while mounted 'ro', and cannot have long fsck times and
> possible filesystem corruption upon accidental reboots (the aspect that
> removes the usual disadvantages of ext2, in that particular use case),
> and (2) affected filesystems are that much more difficult for a clumsy
> sysadmin (or a process run with system authority) to screw them up.
> 
> You will notice that the ones mounted normally read-only are the ones
> that are normally static, such as /usr.  That filesystem (except for the
> /usr/local portion of it) doesn't change except when you
> install/remove/update software.  So, I leave it normally 'ro', and
> include a dpkg hook to automatically remount 'rw' before package
> operations and remount 'ro' after them.
> 
> Protecting the system against a clumsy sysadmin is arguably a sort of
> security reason.  (The administrative user is usually the largest single
> threat to the system's integrity.)  One might also hope that 'ro'
> filesystems might be a bit more resistant to canned, automated attack
> scripts, in the sense of limiting the damage they can easily do, the way
> they are usually written by default.  However, a well-written attack
> tool that has managed to achieve root access can always remount 'ro'
> filesystems as 'rw' before acting.
> 
> 
> > The noatime performance trick also looks like a gem - I didn't know
> > about it.
> 
> Beware of (rare) software that relies on the atime field being updated.
> Some MTAs need their mail spool files to have that datum be accurate,
> for example.
> 
> 
> 
> 
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> Information about SF-LUG is at http://www.sf-lug.org/

More information about the sf-lug mailing list