/usr directory

NightShade03NightShade03 Security NutMember Posts: 1,383 ■■■■■■■□□□
I am reading through the LPI book and they talk about placing the /usr directory on a seperate partition. This I can understand. They also recommend mounting it as a read-only filesystem. While this makes sense I have noticed that on the Ubuntu servers that I use there are a few programs that all install to the /usr directory. Is Ubuntu one of the distros that strays from the norm? I have seen in the RHCE books they talk about applications installing to /opt but that directory is empty on my servers.

Comments

  • dynamikdynamik Senior Member Banned Posts: 12,312 ■■■■■■■■■□
    I think it comes down to personal preference more than anything.

    Here's an awesome guide for the Linux Filesystem Hierarchy: Filesystem Hierarchy Standard
  • Forsaken_GAForsaken_GA Senior Member Member Posts: 4,024
    linux in general is going to put the majority of executables in /usr/bin or /usr/sbin, depending on the type it is. Anything you compile will generally go into /usr/local, and that's the preferred convention, as it helps differentiate between system installed software, and user installed software.

    The Unix file system hierarchy is something that's been in constant debate, everyone has their own opinion, and everyone has their own conventions. I personally don't like putting /usr on it's own partition, because it means I invariable oversize or undersize it's partition, and that creates other problems. Consequently, this also means I don't mount it read only, which is fine, because Ubuntu updates often enough that having to remount it read,write would just get on my freaking nerves.
  • LinuxG33kLinuxG33k Member Member Posts: 33 ■■□□□□□□□□
    I agree with forsaken_ga, in theory having /usr be a seperate partition mounted readonly would be a good practice. In reality even production systems are updated to often to mount /usr readonly, having to do a remount before running updates is a pain.

    Also, I've seen instances where certain software packages(plesk, ensim) while performing their updates, on a system that has /usr readonly, will bork out leaving the entire package unusable.

    Some security guides mention setting the immutable attribute recursively for /usr. That's just as bad since no one thinks to list attributes when a package update fails.
Sign In or Register to comment.