Best CentOS partition layout

Newbie question. Sorry. The installation guidelines say either partition as

/boot / swap

or

/boot / swap /var /home

And I see many more suggested configurations discussed in the forum and elsewhere. Given that we want to use quotas, is the

/boot / swap /var /home

the best approach? Any comment on:

/boot / swap /var /home /tmp

and

/boot / swap /home /tmp

I will RAID1 all but swap (and /tmp if used). Two 1TB drives.

Status: 
Closed (fixed)

Comments

I like the idea of having / , /boot , /var and swap. That way logs and Dovecot index files in /var won't use up other disk space on the system, or count towards domains' quotas.

Also, having /tmp on a separate partition can also be useful, so that temp files don't overwhelm the system, and can be excluded from quotas.

So you would recommend /boot, /, swap, /var, /tmp (optional)?

What about /home?

I also read some place about setting /tmp up for no execute for security. Good? How?

The databases reside in /var. So, I will need to adjust the /home and /var according to how much database activity I anticipate from users.

I had also seen someone suggest /boot, /, swap, /var/log , /home, /tmp

Guess that would separate out just the logging portion of var.

Sorry, again. I would really rather keep the partioning as simple as possible, be able to use quotas, and make things a secure as possible ... looks like /boot, /, swap, /var, /home, /tmp(optional)?

Yeah, you don't want to do too many partitions, as they you can run into the problem of not having enough space on one while you've got plenty on another.

Making /tmp noexec is kind of pointless in my opinion - by the time an attacker has got to the point of being able to write to /tmp, you are in big trouble anyway! Also, it can break the Virtualmin install script.

OK, good. I won't do /tmp. No comment about /home? Guess I'll go with the second recommended solution in the guidelines:

/boot, /, swap, /var, /home

Personally I wouldn't even bother with /home, but some people like it in order to isolate user disk usage from the rest of the system.

OK. So not having a separate /home partition will not impact disk quotas? The only reason I''m not looking at just using:

/boot, swap, /

is this note on the installation guide:

"Note If you plan to use disk quotas, you should be aware of a few potential gotchas with this type of deployment. Quotas apply to all files on a given partition, regardless of the directory. In the case of mail delivery and processing, there are several very sneaky ways for this to cause failures of various types. Because of this, if you are using disk quotas, you probably want to make /home its own very large partition."

Which implies the need for /home ...

I have 1TB of drive to play with and this won't have hundreds of users, so drive space shouldn't be an issue.

Ok, if you have plenty of space, making /home a separate partition is quite reasonable..

Three questions:

a) Not assigning /tmp a separate partition could distort quota usage because data which is of no use (from the user's point of view) would be accounted to the user's quota?

b) User database storage use is not covered by Virtualmin quota settings, regardless of having mounted /var on a separate partition or not?

c) If we want an accurate (as good as possible) quota management/measurement, we sould use the following partitions: /boot, /, /swap, /var, /home, /tmp ?

Thanks for your advice.

a) Yes, that is correct. On the other hand, having /tmp as a separate partition could allow users to fill it up with no restrictions.

b) If the partition for /var/lib/mysql is the same as /home, Virtualmin will make MySQL data files owned by the domain's group, so they will participate in quota limits. However, if they are not the same filesystem it can still count disk used by MySQL for each domain, and send warning emails about it.

c) That seems OK, as long as you don't care about hard enforcing quotas on MySQL disk usage.

c) That seems OK, as long as you don't care about hard enforcing quotas on MySQL disk usage.
Did I get it right: Does hard enforcing mean, that the OS will enforce quota settings, i. e. that a database will not - under no circumstances - exceed a given quota, whereas, when the databases reside on a partition different than that of /home, there is no such hard enforcement so that quotas won't be enforced but there will be at least a warning?

Would it then be wise to work with four partitions

/boot
/swap
/
/home with /var/lib/mysql symlinked to /home/mysql ?

If quota usage is of importance, could you make a suggestion on how to partition a system with a 250 GB disk, that should serve as an allround server (htttp, e-mail, ftp) based on Debian?

Yes, your explanation is correct.

Linking /var/lib/mysql to /home/mysql is a good work-around for this. You can then keep /var as a separate partition, for logs.

Joe's picture
Submitted by Joe on Sat, 07/18/2009 - 15:51 Pro Licensee

It sounds like you guys are all talking past one another.

Different filesystems have separate quota tables. You will not get quota enforcement for any data that is not on the same filesystem as /home.

If you want everything that a user can create to be under the control of the quotas you set, you need one filesystem for all user-created files. Thus, /home, /var, and /tmp would all need to be on the same filesystem (and partition or volume).

We can't tell you what is "best", because it depends on your requirements and how much you care about enforcing usage limits over other factors (like the possibility of quotas preventing some actions from happening, as Jamie mentioned above).

I can say that I prefer to use as few partitions as possible. The simplest partition layout described in the documentation is the one I always use. As the documentation points out, the majority for reasons for breaking things up into many partitions simply don't apply to modern hardware and operating systems.

All the above configurations are correct in different situations.

What I have learned during my quest for fine tuning over the years.

If you are using quota on a particular directory, it should must be mounted to a partition alone so all remaining file creation processes may not generate false alarms.

In VM case /home must be a separate partition not to be shared with any thing else.

SWAP & tmp are obviously separate partitions,

VAR & /USR/LOCAL & /OPT & /BOOT & last / can be a separate partitions

But still it all depends what your are doing & what is required in a given situation.