On Wed, 29 Jun 2011, Tim Johnson wrote:
>> How do I want to partition the drive(s)?
>
> Uses and needs vary. I'm not serving anything, so my and my wife's
> computers are essentially workstations.
>
> I partition as follows:
>
> / - 40%
> /home - 40%
> /usr/local - 20%
If you're going to do initrd and take advantage of root in LVM, etc., you'll
want a separate /boot partition. If you're going host any exposed network
services you'll want a separate /tmp partition mounted noexec, nodev.
Daemons shouldn't be able to run your system out of disk space, so /var
should be a separate partition. At the same time, misbehaving daemons
shouldn't be able to run your syslogger out of space, either, so you should
consider having a separate /var/log as well. Filesystem corruption, while
rare, can still happen, so you should have a separate /usr and/or /opt to
keep your precious config data in /etc isolated from the parts of the system
more likely to change.
Finally, given that remote shell access is often granted to users you should
consider mounting /home as nosuid, nodev, along with any other LV/partition
that doesn't need it.
Sounds like a lot, right? And it would be an unmanageable nightmare unless
you use LVM. With LVM, however, it's a cinch, and it provides a great deal
more protection from a wider array of attack vectors. If you sit down and
think of all the things that can go wrong on a server or workstation, odds
are you'll discover that you're not paranoid enough.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Jun 29 10:11:55 2011
This archive was generated by hypermail 2.1.8 : Wed Jun 29 2011 - 10:11:55 AKDT