On Sat, 13 Nov 2004, Tim Kelly wrote:

> I offer the following for discussion as a default scheme...

Just as a side point, I mount all partitions as nodev,nosuid except for
the following:

    root
    /usr (nodev)
    /var (nosuid)

That last one is open to argument in various ways. I used to mount /var
nodev as well, but then you can't use chrooted programs that depend on
devices, such as ntpd. Having /var/ nosuid has the potential to confuse
the hell out of qmail users until they figure out why all those suid
programs in var (why are they in /var?) don't work.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
     Make up enjoying your city life...produced by BIC CAMERA