File system issue [was Re: jails]

[Roger Marquis]

> Do you want some unprivileged user's script writing into /tmp to fill up
> (or run filesystem out of file handlers) / partition holding other things
> like mail spool, or database storage?

Has never been an issue on any of our systems.  The reasons for that may
be twofold:  1) we don't partition without an actual use case where we
give the app its own disk to allocate free blocks from, and 2) we always
spec alert scripts to alert ops when any partition is over X% full.

OTOH we do have systems installed with partitions, not by us, that
constantly have diskfull issues.  Most of them are due to /var/ and /tmp/
and printer or other temp files.  Most importantly, none of those systems
would have issues had they originally been installed with a single
root disk partition.

> BTW: on mail servers where my users can log in I always mount their home
> directories, and spool with "noexec, nosuid, nodev" options (the same goes
> about /tmp, and wherever web server stores uploaded stuff...).

Never had a need to do that but OMMV, question is why would you carve
these partitions out of the root disk instead of putting them on a disk
of their own?

There are lots of good reasons for creating partitions.  It's just that
the vast majority of partitioned systems we come across have no reason to
be so partitioned.

A look at Unix history shows that partitions were originally created 
before raid to deal with root disks that were too small for the OS.  The
overwhelming majority of Unix and Linux systems today, both server and
desktop, are single-partition.

Roger Marquis