bin, sbin, etc as seperate LVM volumes 670

In a message on 21 Mar 2006 08:54:37 -0800, wrote :

Initrd has little actual code (user mode programs), mostly just the driver modules needed to get to the root file system(s). There might be a minimal static version of mount also there. Not enough to really do more than mount one file system and then swap in in for. Not enough there to mount *several* file systems. So, the first file system mounted *has* to have enough stuff on it to complete the init process. That is it *must* includebin,sbin,etc,lib, anddev, to start with -- these all must be all on the same file system. Unless you really want to go through extreme hbuttle. Generally not worth it, even for the most paranoid. You can mount the whole thing RO though. Another hack: have two incarnations ofetc: a minimal one on the base root file system, and another one mounted later *on top of* the rootetc, which could be mounted RW (which has the 'live'etc-{pbuttwd,shadow,group} files. Mounting everything under the base root directory RO is perfectly fine (evenetc, although that makes adding and removing users and file systems etc. a pain, which in fact could be the point). If your sysadmins don't need to mess with creating users or updating anything else inetc-, you can just mount it RO. You can change this *on the fly* if you need to ('man mount', see the remount option).

Don't give them the root pbuttword. Instead give them sudo and be real clever withetc-sudoers. 'man sudoers'

You don't need the Gnome system installed (just the X11 and Gnome *libraries* and a few of the applications), if these mess-windows people have an X11 server installed on their mess-windows boxes and the machine is on the (local, behind a solid firewall) network.

Robert Heller -- 978-544-68 plus 133 Deepwoods Software -- Linux Installation and Administration