Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th August 2005, 03:14
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default Best practice Mount Options

My next linux build, I want to make a Linux system harder against SUID based and other exploits. I want to keep the following mount points on their own partition. I alocated 10gig to the whole installation. Based on the Fedora 3 installation avaiable on this site, what would you recommend for each partition size. Please keep in mind that I want to keep the absolute minimum so that the majority of my space is alocated to the /var partition.

Avaiable space: 10gig

/ =
/usr =
/home =
/opt =
/var =
/tmp =
/boot =

If you think I need to add aditional partitions, please state that as well.
Reply With Quote
Sponsored Links
  #2  
Old 20th August 2005, 10:41
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

I did some blind calculations and this is what I came up with. Are these sufficiant enought for a strictly webserver style installation of Fed. C4?

/ = 200MB
/usr = 2,000MB
/home = 1,000MB
/opt = 512MB
/var = 6,000MB
/tmp = 200MB
/boot = 50MB

If I can resize the other directories so that /var can be as large as possible, please let me know.

EDIT: I had to trim down on some partitions to add a 400mb swap partition.

Last edited by domino; 20th August 2005 at 12:13.
Reply With Quote
  #3  
Old 20th August 2005, 11:15
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
Originally Posted by domino
I did some blind calculations and this is what I came up with. Are these sufficiant enought for a strictly webserver style installation of Fed. C4?

/ = 200MB
/usr = 2,000MB
/home = 1,000MB
/opt = 512MB
/var = 6,000MB
/tmp = 200MB
/boot = 50MB

If I can resize the other directories so that /var can be as large as possible, please let me know.
I think that looks resonable. Personally i wont choose so much different partitions, beacause sooner or later one of them will be full while other partitions where nearly empty. But for security reasons it is a good descision.

My hd layout is in most cases:

/boot
swap
/tmp
/
/var

With a big /var partition where i put the ispconfig web root.
Reply With Quote
  #4  
Old 20th August 2005, 12:10
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

Quote:
Originally Posted by till
Personally i wont choose so much different partitions, beacause sooner or later one of them will be full while other partitions where nearly empty.
That's a reasonable comment. However, I was under the impression that I can resize the partition later down the road if such case happens. I personally haven't tried it though. What's your take on that? Is it easy or hard to resize?
Reply With Quote
  #5  
Old 20th August 2005, 12:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
Originally Posted by domino
That's a reasonable comment. However, I was under the impression that I can resize the partition later down the road if such case happens. I personally haven't tried it though. What's your take on that? Is it easy or hard to resize?
I never tried resizing a partition. The risk was too high for me and i dont want to mess up a system in production stage.
Reply With Quote
  #6  
Old 20th August 2005, 12:32
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

Quote:
Originally Posted by till
I never tried resizing a partition. The risk was too high for me and i dont want to mess up a system in production stage.
I wouldn't either. This install here is basically a trial and error thing until I know enough to upgrade the stable install. That's why I installed it on a virtual environment. It's easy enough to go back on an old snapshot. No more reinstalling and waiting for updates on the repos.

I plan to put this server, when stable enough, on production and purchase a 1 or 2mb upstream dedicated DSL connection. My friends and family can just pitch in on the bandwidth cost. Which is cetainly cheaper than if they all got there own shared hosting.

Anyway, wish me luck . heh, I'll have a server farm before you know it. Just have to upgrade to dual 64 and 4gig memory.
Reply With Quote
  #7  
Old 20th August 2005, 16:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

However you do it, I'd take care that you have your users' web sites and mailboxes on the same partition, or otherwise you'll have problems with quotas...
If you use mbox, then put the web sites on the /var partition or make a huge / partition with everything on.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 20th August 2005, 17:42
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

Quote:
However you do it, I'd take care that you have your users' web sites and mailboxes on the same partition, or otherwise you'll have problems with quotas...
Yes, the users' website are all in the /var partition.

Quote:
If you use mbox, then put the web sites on the /var partition or make a huge / partition with everything on.
I haven't changed anything with the default mail location. What ever came default with your how-to is where it is. Now I don't know where the default setup saves the emails. I hope they are in /var as well.
Reply With Quote
  #9  
Old 20th August 2005, 17:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Quote:
Originally Posted by domino
I haven't changed anything with the default mail location. What ever came default with your how-to is where it is. Now I don't know where the default setup saves the emails. I hope they are in /var as well.
If you use the mbox format, then they're in /var/spool/mail; if you use Maildir then they're in the Maildir directory in a user's hoemdir (which again is under /var if you have your web sites under /var).

Which POP3/IMAP daemon do you use? Which tutorial did you follow?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 20th August 2005, 18:09
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
 
Default

Quote:
If you use the mbox format, then they're in /var/spool/mail; if you use Maildir then they're in the Maildir directory in a user's hoemdir (which again is under /var if you have your web sites under /var).
That is great to hear! I installed "Expert" and chose option "2" on the ISPConfig setup. Then changed the default place to "/var/www"
Quote:
Which POP3/IMAP daemon do you use? Which tutorial did you follow?
I Used Postfix and I fallowed your Fedora 4 Tutorial. Except I added a few more partitions to try to harden the server.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 10:45.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.