This article is more than 1 year old

Debian putting everything on the /usr

Tidying up the artefacts of the 90s should make things more secure and efficient

Debian is preparing to revise its default file system mapping to bring it in in line with other major distributions (like Fedora and CentOS).

Evidence of the shift can be found in the bootstrap option that's arrived in its unstable branch, where Debian dev Ansgar Burchardt posted news that mailing list announcement: “debootstrap in unstable can now install with merged-/usr, that is with /bin, /sbin, /lib* being symlinks to their counterpart in /usr.”

Merging /usr is with a debootstrap compilation flag, --merged-usr.

The effort to merge /usr has been going on since the beginning of the year. As LWN explained in January, strict filesystem hierarchy (/usr, /bin, /sbin and /lib is a relic of the small disks in Linux's early days.

The new option (please note it's not yet the default) means utilities that now live in /bin and /sbin are merged into /usr; /bin and /sbin instead become symbolic links to content in /usr/bin and /usr/sbin.

Tradition, it seems, has its penalties. One of the reasons for the change is that the current hierarchy creates “busy work” for developers, as Russ Allbery explained in January. He argued the change would mean “we don't have to try to harass a thousand package maintainers into doing essentially untestable busy-work to try to move things around between /usr, /bin, and /lib to support a tiny handful of systems for which other approaches are available.”

Announcing the new option, Burchardt emphasises that if necessary, “that this still allows / and /usr to reside on different filesystems: in this case the initramfs has to make sure /usr is mounted as well.”

According to discussion on the Debian mailing list, there's a good reason for doing this: it greatly simplifies the creation of read-only filesystems.

The read-only filesystem is useful for things like secure USB Linux distributions, which since they can't be written to, can't be infected with malware, and can't accidentally retain sensitive browser data like secure session cookies.

In the follow-up discussion, Debian developer Michael Beibl explains “now, all of your system would be in /usr and would be confined by your mount options.”

At the moment, “you have parts in / and parts in /usr and your mount options only apply to the bits in /usr” (in other words, the developer has to pay extra attention to make the whole of an unmerged filesystem read-only). ®

More about

TIP US OFF

Send us news


Other stories you might like