Debian putting everything on the /usr

Tidying up the artefacts of the 90s should make things more secure and efficient


Debian is preparing to revise its default file system mapping to bring it in in line with other major distributions (like Fedora and CentOS).

Evidence of the shift can be found in the bootstrap option that's arrived in its unstable branch, where Debian dev Ansgar Burchardt posted news that mailing list announcement: “debootstrap in unstable can now install with merged-/usr, that is with /bin, /sbin, /lib* being symlinks to their counterpart in /usr.”

Merging /usr is with a debootstrap compilation flag, --merged-usr.

The effort to merge /usr has been going on since the beginning of the year. As LWN explained in January, strict filesystem hierarchy (/usr, /bin, /sbin and /lib is a relic of the small disks in Linux's early days.

The new option (please note it's not yet the default) means utilities that now live in /bin and /sbin are merged into /usr; /bin and /sbin instead become symbolic links to content in /usr/bin and /usr/sbin.

Tradition, it seems, has its penalties. One of the reasons for the change is that the current hierarchy creates “busy work” for developers, as Russ Allbery explained in January. He argued the change would mean “we don't have to try to harass a thousand package maintainers into doing essentially untestable busy-work to try to move things around between /usr, /bin, and /lib to support a tiny handful of systems for which other approaches are available.”

Announcing the new option, Burchardt emphasises that if necessary, “that this still allows / and /usr to reside on different filesystems: in this case the initramfs has to make sure /usr is mounted as well.”

According to discussion on the Debian mailing list, there's a good reason for doing this: it greatly simplifies the creation of read-only filesystems.

The read-only filesystem is useful for things like secure USB Linux distributions, which since they can't be written to, can't be infected with malware, and can't accidentally retain sensitive browser data like secure session cookies.

In the follow-up discussion, Debian developer Michael Beibl explains “now, all of your system would be in /usr and would be confined by your mount options.”

At the moment, “you have parts in / and parts in /usr and your mount options only apply to the bits in /usr” (in other words, the developer has to pay extra attention to make the whole of an unmerged filesystem read-only). ®

Similar topics


Other stories you might like

  • Meg Whitman – former HP and eBay CEO – nominated as US ambassador to Kenya

    Donated $110K to Democrats in recent years

    United States president Joe Biden has announced his intention to nominate former HPE and eBay CEO Meg Whitman as Ambassador Extraordinary and Plenipotentiary to the Republic of Kenya.

    The Biden administration's announcement of the planned nomination reminds us that Whitman has served as CEO of eBay, Hewlett Packard Enterprise, and Quibi. Whitman also serves on the boards of Procter & Gamble, and General Motors.

    The announcement doesn't remind readers that Whitman has form as a Republican politician – she ran for governor of California in 2010, then backed the GOP's Mitt Romney in his 2008 and 2012 bids for the presidency. She later switched political allegiance and backed the presidential campaigns of both Hillary Clinton and Joe Biden.

    Continue reading
  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has departed the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading
  • Canadian charged with running ransomware attack on US state of Alaska

    Cross-border op nabbed our man, boast cops and prosecutors

    A Canadian man is accused of masterminding ransomware attacks that caused "damage" to systems belonging to the US state of Alaska.

    A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out "cyber related offences" – including a specific 2018 attack on a computer in Alaska.

    The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation "that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol."

    Continue reading
  • German court rules cookie preference service that shared IP addresses with US firm should be halted

    Schrems II starts to be felt in Europe

    A German court has ruled that sharing IP addresses with US-based servers for the purpose of cookie consent is unlawful under EU data protection law and the EU Court of Justice Schrems II ruling.

    The university Hochschule RheinMain in Germany was this week prevented by Wiesbaden Administrative Court from using a cookie preference service that shares the complete IP address of the end user to the servers of a company whose headquarters are in the US.

    A complainant had alleged that the CookieBot consent manager from Danish provider Cybot transmitted data such that IP addresses were shared with US-based cloud company Akamai Technologies.

    Continue reading

Biting the hand that feeds IT © 1998–2021