On Friday 26 September 2008 12:00:18 Colin Walters wrote:
I use a separate (but not shared) /usr on my servers, and I mount it read-only.
I suggest using SELinux (if you're not already) instead; it provides far stronger security than messing with the filesystem layout ever can.
Security should be in layers. But aside from security, this is typically used to prevent accidental overwrites of important files.
-Steve