Re: tightest fstab

[Chuck Yerkes <chuck+obsd@snew.com>]

As typical, you don't really state your goal, just your
perceived solution to your perceived problem.  So the value
of the answers you get are tainted by that.


noatime is bad.  Loses info.  A big faster, but that's not necessarily
an issue.  I sometime use it on /var/spool/ on really high volume
machines (sendmail boxes running 200k/messages/hour or more).

/usr could be readonly (therefor softdep and nodev are pretty moot).

/tmp on mfs?  It depends on what you're doing.  On a compile server,
it might be a bad idea (tmp fills, swap fills too).

I really hate no atime.

Generally, I'd love a devfs - freebsd 5.0 (pre-alpha) and MacOS X
have it.  It means that I can often make / readonly easily.  I've
hacked libutil before to put terminals into /dev/term/ and mounting
THAT as mfs means that appliances don't need an R/W home.

Quoting Simon Lok (simonlok@mac.com):
> Hi,
> 
> I have been digging around for the "tightest" (in
> the sense of maximum restrictions) fstab
> that one can possible have in an obsd installation.
>  From my digging, it seemed that a lot of people think
> that the /tmp partition as mfs was the way to go... I think
> that Solaris does something like that by default.  What
> do people think about this?  Too tight?
> 
> /dev/wd0a / ffs rw,softdep,noatime 1 1
> /dev/wd0b none swap sw 0 0
> /dev/wd0d /usr ffs rw,softdep,noatime,nodev 1 2
> /dev/wd0e /var ffs rw,softdep,noatime,noexec,nodev,nosuid 1 2
> swap /tmp mfs rw,-s=65536,noatime,async,nodev,nosuid,noexec 0 0
> /dev/sd0g /home ffs rw,softdep,noatime,nodev,nosuid 1 2