switching from linux to freebsd
Freminlins
freminlins at gmail.com
Tue Aug 1 19:04:18 UTC 2006
On 01/08/06, Erik Nørgaard <norgaard at locolomo.org> wrote:
If you configure your server using LDAP or NIS for user management then
> you only need to mount the root file system rw when updating the base
> system or changing root password. Add the MAC and you will likely be
> able to protect further against the attack you mention.
Or when you want to patch or install other software, unless you put
/usr/local on its own partition. And put /usr/ports somewhere else. And
don't tinker with anything in /etc/mail. I think we're just going to
disagree on this.
I have never yet seen a situation where mounting the OS disk ro proved to be
useful. I have seen it hinder perfectly normal sysadmin work.
I have seen one instance in 10 years where it would have stopped a silly
mistake (someone moved libc on Solaris). But as that person was doing
something they were supposed to be doing and just made a mistake, they would
have made the same mistake after mounting the disk rw if it had been mounted
ro.
Cheers, Erik
Cheers,
Frem.
More information about the freebsd-questions
mailing list