This article is more than 1 year old
Debian putting everything on the /usr
Tidying up the artefacts of the 90s should make things more secure and efficient
Debian is preparing to revise its default file system mapping to bring it in in line with other major distributions (like Fedora and CentOS).
Evidence of the shift can be found in the bootstrap option that's arrived in its unstable branch, where Debian dev Ansgar Burchardt posted news that mailing list announcement: “debootstrap in unstable can now install with merged-/usr
, that is with /bin
, /sbin
, /lib
* being symlinks to their counterpart in /usr
.”
Merging /usr
is with a debootstrap compilation flag, --merged-usr
.
The effort to merge /usr
has been going on since the beginning of the year. As LWN explained in January, strict filesystem hierarchy (/usr
, /bin
, /sbin
and /lib
is a relic of the small disks in Linux's early days.
The new option (please note it's not yet the default) means utilities that now live in /bin
and /sbin
are merged into /usr
; /bin
and /sbin
instead become symbolic links to content in /usr/bin
and /usr/sbin
.
Tradition, it seems, has its penalties. One of the reasons for the change is that the current hierarchy creates “busy work” for developers, as Russ Allbery explained in January. He argued the change would mean “we don't have to try to harass a thousand package maintainers into doing essentially untestable busy-work to try to move things around between /usr
, /bin
, and /lib
to support a tiny handful of systems for which other approaches are available.”
Announcing the new option, Burchardt emphasises that if necessary, “that this still allows /
and /usr
to reside on different filesystems: in this case the initramfs has to make sure /usr
is mounted as well.”
According to discussion on the Debian mailing list, there's a good reason for doing this: it greatly simplifies the creation of read-only filesystems.
The read-only filesystem is useful for things like secure USB Linux distributions, which since they can't be written to, can't be infected with malware, and can't accidentally retain sensitive browser data like secure session cookies.
In the follow-up discussion, Debian developer Michael Beibl explains “now, all of your system would be in /usr
and would be confined by your mount options.”
At the moment, “you have parts in /
and parts in /usr
and your mount options only apply to the bits in /usr
” (in other words, the developer has to pay extra attention to make the whole of an unmerged filesystem read-only). ®