SUMMARY: Print and spool partition fills up...

From: G. Dimitoglou (george@esa.nascom.nasa.gov)
Date: Wed Sep 01 1999 - 14:59:39 CDT


Thanks for the tips.

Only the printing spooling area is in the / and this was an err that
has been propageted from long time ago.

I think I will just link the file system to another place and live with
that until next OS upgrade.

Thanks to the following managers who promptly answered my query.
Rich Lafferty <rich@alcor.concordia.ca>
Harry Levinson <levinson@ll.mit.edu>

Best to all,
George

> From levinson@ll.mit.edu Wed Sep 1 15:49 EDT 1999
>
> I don't like the default partition layout for exactly the reason that you
> are experiencing. I always put /var in a separate partition. In fact I
> usually just have /, /var, and /export (or /export/home). Sometimes /opt
> if I have an unusually large number of local packages to install there.
> It's also a good idea to keep /var/mail off of root in case you have large
> mail messages sent that can bring down your machine since sendmail runs as
> root.
>
> For the time being, you can create another directory somewhere and point
> /var/spool or /var/spool/print at it with either a symbolic link or a lofs
> mount.

From: Rich Lafferty <rich@alcor.concordia.ca>

Personally, I always have filesystems that users fill up on their
own filesystems, and ones that the system fills up too. In particular,
tmp directories and spools, and log directories.

What happens to your system logs when / fills up? In particular, consider
an intruder who has access to the system filling up /var/tmp and then
doing things that would otherwise be logged, or for that matter filling
up /var/tmp and denying mail service, or even a remote attacker sending
enough mail to fill up /var/spool/mail and thus cutting off logging
to /var/{log,adm}.

I'd put /var on its own, and /var/spool on its own, and maybe even
/var/tmp and /var/{log,adm} on their own partition/fs/domain.

  -Rich



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:25 CDT