mounting /proc or /usr Post: 58928

Sponsored Content

Top Forums UNIX for Advanced & Expert Users mounting /proc or /usr Post 58928 by zazzybob on Saturday 4th of December 2004 06:17:12 PM

12-04-2004

Registered User

For the purposes of a desktop Linux system where you will be continually adding to /usr/local there is no real security gain by mounting /usr read-only. If you were serving /usr over NFS then I'd say yes.

Without having a firewall of any kind, your biggest threat is through vulnerabilites in old packages (and unnecessarily open ports) - if they can exploit your system, then yes, they could replace binaries in /usr/bin with malicious ones, but in such an event this probably would be the least of your worries.

If this were a server system, however, I'd say without a doubt yes - mount /usr read-only. For your needs, however, i'd recommend setting up iptables/ipchains (depending on your kernel) and getting your firewall up and running. Google for "guarddog" - this provides a nice KDE interface to configuring your firewall (providing support is compiled into your kernel for iptables/ipchains which it usually is by default on modern distributions).

Cheers
ZB

zazzybob

View Public Profile for zazzybob

Find all posts by zazzybob

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

/proc

/proc is filing up my root filesystem. Can you delete any of the4 ID numbers out of /proc. Please help me.

2. UNIX for Dummies Questions & Answers

proc

Hi, What are the various way's to fix /proc folder in redhat linux 7.2 and how to verify /proc folder is proper or croupted? Thank in advance Bache Gowda

3. Linux

Kernal panic error& setuproot:error mounting /proc&/sys

Hi all, I am new to redhat/fedora linux. In fedora linux 6,we created one file system(hda3 - /fs). in this mount poing we were installed mounta vista os. while booting we are getting below error messages. 1) Booting 'mountaVisat(2.6.18_pro 500_pc_target-x86_586 smp)' root(hd0,1)...

4. UNIX for Dummies Questions & Answers

_/proc/stat vs /proc/uptime

Hi, I am trying to calculate the CPU Usage by getting the difference between the idle time reported by /proc/stat at 2 different intervals. Now the 4th entry in the first line of /proc/stat will give me the 'idle time'. But I also came across /proc/uptime that gives me 2 entries : 1st one as the...

5. Solaris

How do I link ld in /usr/ucb/ to /usr/ccs/bin?

Hi all, below is the problem details: ora10g@CNORACLE1>which ld /usr/ucb/ld ora10g@CNORACLE1>cd /usr/ccs/bin ora10g@CNORACLE1>ln -s /usr/ucb/ld ld ln: cannot create ld: File exists ora10g@CNORACLE1> how to link it to /usr/ccs/bin?

6. UNIX for Dummies Questions & Answers

Regarding /proc

If you are adding the kernel module without any module parameter passing, it should print out following information to info1 file so that user can make read access to info1 file (via, for example, cat /proc/info1): � Processor type � Kernel version � Total number of the processes currently...

7. BSD

FreeBSD: /usr/bin/ld not looking in /usr/local/lib

I'm not sure if this is the default behavior for the ld command, but it does not seem to be looking in /usr/local/lib for shared libraries. I was trying to compile the latest version of Kanatest from svn. The autorgen.sh script seems to exit without too much trouble: $ ./autogen.sh checking...

8. OS X (Apple)

OSX: ./Users/myname OR. /usr/myname ? 1) what is the truth on UNIX ./usr/ directory.

OSX uses its own directory strecture on the BSD core, for example /Users/Bob_Alice/. but legacy Unix structure /usr/... remains. Adding confustion, some Unix books say /usr/ was never intended for specific users. and others show it being used for Bor or Alice. I am not sure where to put my third...

9. UNIX for Beginners Questions & Answers

Linux Containers - /proc mounting and other queries

Hi guys, I am confused about how containers work in Linux, especially how chrooting works and about how /proc filesystems are mounted. So please feel to migrate this question to another forum if this is not the right one. Now, to business. Okay Dockers can be confusing to the uninitiated...

LEARN ABOUT PLAN9

switch_root

SWITCH_ROOT(8)						       System Administration						    SWITCH_ROOT(8)

NAME

       switch_root - switch to another filesystem as the root of the mount tree

SYNOPSIS

       switch_root [-hV]

       switch_root newroot init [arg...]

DESCRIPTION

       switch_root moves already mounted /proc, /dev, /sys and /run to newroot and makes newroot the new root filesystem and starts init process.

       WARNING: switch_root removes recursively all files and directories on the current root filesystem.

OPTIONS

       -h, --help
	      Display help text and exit.

       -V, --version
	      Display version information and exit.

RETURN VALUE

       switch_root returns 0 on success and 1 on failure.

NOTES

       switch_root  will  fail	to  function if newroot is not the root of a mount. If you want to switch root into a directory that does not meet
       this requirement then you can first use a bind-mounting trick to turn any directory into a mount point:

	      mount --bind $DIR $DIR

SEE ALSO

       chroot(2), init(8), mkinitrd(8), mount(8)

AUTHORS

       Peter Jones <pjones@redhat.com>
       Jeremy Katz <katzj@redhat.com>
       Karel Zak <kzak@redhat.com>

AVAILABILITY

       The switch_root command is part of the util-linux package and is available from https://www.kernel.org/pub/linux/utils/util-linux/.

util-linux							     June 2009							    SWITCH_ROOT(8)