Subject: Re: partitioning
To: None <netbsd-users@NetBSD.org>
From: Michael Parson <firstname.lastname@example.org>
Date: 08/31/2005 09:55:28
On Wed, Aug 31, 2005 at 08:01:53AM +0200, Thana Jordan wrote:
> Thank you for your reply about partitioning - ime not really a home
> user - i would like to know how to partition it like a pro focused on
> security and stability - thanx
Here's how I split things up:
/ I like to make this partition relatively small. On this box
(bl.org), a NetBSD/i386 2.0 system, I have / at 64 megs. This
should be a mostly static partition, very little, if any changes
over the long term. My philosophy is that this partition should
be able to survive a power-loss and the resulting fsck and still
be able to boot the system enough to work on anything else that
needs to be addressed.
<swap> The rule of thumb for this has generally been 2x RAM.
/var Here you mostly have log files, mail spools, and the defaults
locations for some stuff like mysql & apache, though I put that
data on other partitions. My /var is 2 gigs and with about a
dozen users and 3 years of compressed log files, It's about 40%
/usr Most of what is covered by what we call 'userland,' which
includes a bulk of the shipped binaries, libraries, header
files, etc. If you're going to be building your own kernels or
full-releases of NetBSD, your src trees are here too.
I have the kernel src and pkgsrc under /usr, my 4 gig partition
is at 40% usage.
/home This really depends on how much you're going to be doing on this
box and how much disk you've got. I put the bulk of my apache
webfiles under /home, all my personal stuff, etc.
/tmp If you've got the RAM, some people like to make this a mfs
(memory filesystem) carved out of RAM. When I do this, I never
make it more than 50% of RAM. Otherwise, this can be a real
disk partition, it doesn't need to be all that large, as long as
people use it properly. I have mine set to 256 megs.
other partitions some people (like myself) tend to build.
I also have /usr/local set aside as a separate partition and have set
pkgsrc set to install pkgs to there instead of /usr/pkg.
If this box's primary job is as a mail server, you might want to set
/var/spool off on it's own as well.
Now, WHY do old farts like me separate things out like this?
The old classic UNIX backup scheme of dump & restore only backs up
filesystems on partition (slice) boundaries. Breaking things up like
this lets me back up my home directories separate from the system
NetBSD, and other UNIX variants can run in different secure levels
where you can do things like mount / read-only in such a way that
requires console access to drop into single-user mode to change that
mount. Having stuff like your mail and home directories off on another
partition makes that a little easier.
I touched on this a little earlier. The more active a filesystem is
when the box goes down hard, like a power-loss, the more likely you
are to have corruption on that filesystem. Keeping / mostly read-only
limits the amount of potential damage to such a failure.
Are there other ways to address what I've outlined above? Sure, but
that's what I do with my low-budget 1U colo-ed rack-mount box and how
I've tried to run my systems over the course of my career.