[linux-lvm] Mandrake 8.1 and LVM
Theo Van Dinter
felicity at kluge.net
Fri Nov 30 10:47:01 UTC 2001
On Fri, Nov 30, 2001 at 02:01:18AM -0600, Chad C. Walstrom wrote:
> Reason #1: Mount /usr as read-only. There is only one reason why you
> should mount /usr read/write: to install software. Upon completion of
> this one task, remount the drive as read-only. Lock it down with kernel
> capabilities tools, and be done with it. [apt-get has a nice way to
> auto-remount the drive in apt.conf(5) when installing/upgrading
> software.]
That depends on how paranoid you are regarding security. My feeling
is that if someone can get enough access to write to pieces of / and
/usr that they shouldn't, they will likely have enough access to damage
the system anyway (fdisk/dd/lilo/grub/etc.) So you really only protect
yourself from accidental damage (which shouldn't happen on a properly
configured box) and attackers who aren't creative. ;)
I don't know much about the kernel capabilities facility, but if you
can mount the partition read-write to install apps without rebooting,
you haven't bought yourself anything. If you can't (I assume that's
the benefit,) then you'll have to take a downtime whenever you want to
upgrade something which may or may not be a problem in your environment.
The "no reason" bit was more aimed at the carry-over from OSes like
SunOS where it was suggested (although I forget why at the moment) that
/ and /usr be on different partitions. I think it was something about
partition location on disk, but that's another discussion. :)
> Reason #2: With LVM, you don't have to worry about exceeding the
> standard "allowed" harddrive partitions. So, create logical volumes to
> your heart's (*ahem*) extent. With filesystem and logical volume
> resizing, the flexibility and convenience outweight the small
> "overhead."
You're right about the exceeding available space, but /usr in LVM also
means that given a problem with LVM, you're unlikely to be able to get
your box to single-user mode. Even if you do (I haven't tested this),
you're going to find a very limited environment without /usr.
With / on LVM, you're definately unable to boot if LVM has problems.
This is a problem I've seen a number of times on HPUX. The OS disk is
under LVM in vg00. People want more disk space and so they add another
disk to vg00 and go make new logical volumes (or worse, extend OS lvs.)
It's not a problem until this new disk fails (or isn't powered on before
bootup, or ...) Then the volume group can't be started and the machine
won't boot. If you've extended a core OS lv (/, /usr, /var, etc,) you've
just won yourself a restore/reinstall. All that while having the main OS
disk still running perfectly.
At least with / and /usr outside of LVM, it'd likely be easier to recover
from the failure.
> Reason #3: It's just plain strange to have / share space with /usr.
Matter of opinion. :)
> Reason #4: For someone new to Linux, LVM provides you with the
> opportunity to correct a mistake without having to reinstall your system
> because you'd prefer a different harddrive partition layout.
True, but it also adds more complexity to setting up and maintaining the
system.
> Experiment, have fun. With LVM, you can afford to play in order to find
> that "perfect" balance of partitioning and practicality.
:)
--
Randomly Generated Tagline:
"UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things." - Larry Wall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-lvm/attachments/20011130/c05de95f/attachment.sig>
More information about the linux-lvm
mailing list