on Sat, Nov 16, 2002 at 12:44:53PM +0000, Richard Kettlewell wrote:
Adam Bower abower@thebowery.co.uk writes:
Its a major advantage to me in my current work enviroment, it also simplifies how things look on various machines across the network when we export out /usr again, also when we roll out new software that resides in /usr on the network if we fill up partitions we don't break more than we need to.
This sounds entirely cosmetic to me. You don't need a separate /usr on one system to be able to nfs-mount /usr on another!
Actually, under many nfs implementations you do, to do it correctly:
The export options are tied to the local mount points in the kernel and must be non-contradictory for any exported subdirectory of the local server mount point.
You say export /usr, the kernel attaches the options to /, oh dear.
The subtree check some nfs implementations have to get around this reduces the reliability and most likely performance of nfs. For the recommendation of using subtree checks with /usr and /var, consider the effect on mail boxes/dirs, software compilation, mail queues (if you are insane) etc. It's fragile, like chroot. How often has chroot been broken wrt security? 3? 5? Something like that.
If you combine /usr into the / filesystem, why have a /usr/bin? Early unix had no such path.
/usr contents is different in usage. It's resources for a running system. / is what you need to boot and by its nature is per-host data. Many systems using, for example, software mode raid, cannot boot off the raid set, so they have to have a seperate root. Likewise for low space devices that net boot. It just makes sense. Also hark back to the days of booting being bounded by cyclinder 1024. Such systems are still used today.. small root at the start of the disk, big /usr elsewhere.
Why do you need device files to be allowed on /usr? you don't, so disable them with a mount option. Why do you need set-id programs on /? you don't, so disable it. You cannot do that with a merged / /usr.
And then there's quotas, and dump/restore..
btw, a seperate 10mb /tmp on a memory based filesystem may help improve performance if you are doing lots of compiling or something that uses lots of temp files. gcc without -pipe uses /tmp to pass things around.