Submitted by Deleted on Tue, 07/07/2009 - 17:28
Newbie question. Sorry. The installation guidelines say either partition as
/boot / swap
or
/boot / swap /var /home
And I see many more suggested configurations discussed in the forum and elsewhere. Given that we want to use quotas, is the
/boot / swap /var /home
the best approach? Any comment on:
/boot / swap /var /home /tmp
and
/boot / swap /home /tmp
I will RAID1 all but swap (and /tmp if used). Two 1TB drives.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Tue, 07/07/2009 - 17:54 Comment #1
I like the idea of having / , /boot , /var and swap. That way logs and Dovecot index files in /var won't use up other disk space on the system, or count towards domains' quotas.
Also, having /tmp on a separate partition can also be useful, so that temp files don't overwhelm the system, and can be excluded from quotas.
Submitted by rrhill on Tue, 07/07/2009 - 18:46 Comment #2
So you would recommend /boot, /, swap, /var, /tmp (optional)?
What about /home?
I also read some place about setting /tmp up for no execute for security. Good? How?
The databases reside in /var. So, I will need to adjust the /home and /var according to how much database activity I anticipate from users.
I had also seen someone suggest /boot, /, swap, /var/log , /home, /tmp
Guess that would separate out just the logging portion of var.
Sorry, again. I would really rather keep the partioning as simple as possible, be able to use quotas, and make things a secure as possible ... looks like /boot, /, swap, /var, /home, /tmp(optional)?
Submitted by rrhill on Tue, 07/07/2009 - 18:47 Comment #3
Submitted by JamieCameron on Tue, 07/07/2009 - 18:51 Comment #4
Yeah, you don't want to do too many partitions, as they you can run into the problem of not having enough space on one while you've got plenty on another.
Making /tmp noexec is kind of pointless in my opinion - by the time an attacker has got to the point of being able to write to /tmp, you are in big trouble anyway! Also, it can break the Virtualmin install script.
Submitted by rrhill on Wed, 07/08/2009 - 13:00 Comment #5
OK, good. I won't do /tmp. No comment about /home? Guess I'll go with the second recommended solution in the guidelines:
/boot, /, swap, /var, /home
Submitted by JamieCameron on Wed, 07/08/2009 - 13:02 Comment #6
Personally I wouldn't even bother with /home, but some people like it in order to isolate user disk usage from the rest of the system.
Submitted by rrhill on Wed, 07/08/2009 - 15:56 Comment #7
OK. So not having a separate /home partition will not impact disk quotas? The only reason I''m not looking at just using:
/boot, swap, /
is this note on the installation guide:
"Note If you plan to use disk quotas, you should be aware of a few potential gotchas with this type of deployment. Quotas apply to all files on a given partition, regardless of the directory. In the case of mail delivery and processing, there are several very sneaky ways for this to cause failures of various types. Because of this, if you are using disk quotas, you probably want to make /home its own very large partition."
Which implies the need for /home ...
I have 1TB of drive to play with and this won't have hundreds of users, so drive space shouldn't be an issue.
Submitted by JamieCameron on Wed, 07/08/2009 - 15:58 Comment #8
Ok, if you have plenty of space, making /home a separate partition is quite reasonable..
Submitted by Zenon on Fri, 07/17/2009 - 07:24 Comment #9
Three questions:
a) Not assigning /tmp a separate partition could distort quota usage because data which is of no use (from the user's point of view) would be accounted to the user's quota?
b) User database storage use is not covered by Virtualmin quota settings, regardless of having mounted /var on a separate partition or not?
c) If we want an accurate (as good as possible) quota management/measurement, we sould use the following partitions: /boot, /, /swap, /var, /home, /tmp ?
Thanks for your advice.
Submitted by JamieCameron on Fri, 07/17/2009 - 12:00 Comment #10
a) Yes, that is correct. On the other hand, having /tmp as a separate partition could allow users to fill it up with no restrictions.
b) If the partition for /var/lib/mysql is the same as /home, Virtualmin will make MySQL data files owned by the domain's group, so they will participate in quota limits. However, if they are not the same filesystem it can still count disk used by MySQL for each domain, and send warning emails about it.
c) That seems OK, as long as you don't care about hard enforcing quotas on MySQL disk usage.
Submitted by Zenon on Fri, 07/17/2009 - 14:00 Comment #11
c) That seems OK, as long as you don't care about hard enforcing quotas on MySQL disk usage.
Did I get it right: Does hard enforcing mean, that the OS will enforce quota settings, i. e. that a database will not - under no circumstances - exceed a given quota, whereas, when the databases reside on a partition different than that of /home, there is no such hard enforcement so that quotas won't be enforced but there will be at least a warning?
Would it then be wise to work with four partitions
/boot
/swap
/
/home with /var/lib/mysql symlinked to /home/mysql ?
If quota usage is of importance, could you make a suggestion on how to partition a system with a 250 GB disk, that should serve as an allround server (htttp, e-mail, ftp) based on Debian?
Submitted by JamieCameron on Fri, 07/17/2009 - 15:13 Comment #12
Yes, your explanation is correct.
Linking /var/lib/mysql to /home/mysql is a good work-around for this. You can then keep /var as a separate partition, for logs.
It sounds like you guys are all talking past one another.
Different filesystems have separate quota tables. You will not get quota enforcement for any data that is not on the same filesystem as /home.
If you want everything that a user can create to be under the control of the quotas you set, you need one filesystem for all user-created files. Thus, /home, /var, and /tmp would all need to be on the same filesystem (and partition or volume).
We can't tell you what is "best", because it depends on your requirements and how much you care about enforcing usage limits over other factors (like the possibility of quotas preventing some actions from happening, as Jamie mentioned above).
I can say that I prefer to use as few partitions as possible. The simplest partition layout described in the documentation is the one I always use. As the documentation points out, the majority for reasons for breaking things up into many partitions simply don't apply to modern hardware and operating systems.
Submitted by shuja_khan on Sun, 07/19/2009 - 17:42 Comment #14
All the above configurations are correct in different situations.
What I have learned during my quest for fine tuning over the years.
If you are using quota on a particular directory, it should must be mounted to a partition alone so all remaining file creation processes may not generate false alarms.
In VM case /home must be a separate partition not to be shared with any thing else.
SWAP & tmp are obviously separate partitions,
VAR & /USR/LOCAL & /OPT & /BOOT & last / can be a separate partitions
But still it all depends what your are doing & what is required in a given situation.
-