Hi Volker, Rumen and Richard,
Thanks for you comments.
Ok, I can see it would be necessary if you are implementing software
RAID or encryption for your root filesystem.
Personally I only use RAID for non-static filesystems (root changes
relatively rarely, and is small, so I just make a fresh backup after any
change. In addition I have twice been involved in trying to recover
filesystems (thankfully not my own) that have been lost *because* of
faulty RAID technology that behaved badly when a disk failed, so I
prefer to make regular incremental backups to a second off-site
machine as a much safer option.
And as far as cryptograpic filesystems go, I usually only consider it
for user filesystems, as the system partitions are open source and
can be downloaded freely from the net. If I were really paranoid I
suppose I might want to encrypt the shadow password file, but the
main threat is hacking while system system is online, and the root
partition must be available unencrypted then. An encrypted root
partition would also get in the way of automated server recovery
if the system crashed while nobody was around.
I'm afraid I don't really buy the security argument (I think I would
call it safety rather than security if we are just talking about
accidental loss of the boot file) - I wouldn't normally keep my
kernel public writeable, and if I had super users or root scripts
running arround corrupting files, the boot stuff (which is easy to
replace) would be the least of my worries. Plus the biggest risk
of accidentally over-writing or removing the boot file is when
doing some work on grub or the kernel, in which case your partition
will be mounted.
If one was really concderned about losing the kernel, then put a
/boot directory on more than one partition. The storage cost of having
two copies of the kernel would be made up for by avoiding the need to
keep spare space dedicated to the /boot partition, and it would provide
a lot more protection.
Richard's partitioning scheme looks reasonable, except that my
understanding of the logic behind the Unix filesystem structure
is that none of the files in /usr are needed for booting, so I
prefer to keep /usr as a separate mounted partition.
The only reason I know of for having both a /bin and a /usr/bin is
to separate the basic necesseties needed for booting (/bin) from
the ones that are not needed till you go into multi-user mode (/usr/bin).
Similarly for /lib vs /usr/lib.
Personally I think introducing the '/opt' tree was a mistake, because it
adds another tree onto the root filesystem that you don't want to be part
of the root filesystem, needlessly creating the need for another partition,
or at least a messy symlink. I can think of no reason not to have put it
in /usr/opt - it could still be a separate partition if desired, but at
least there would be a choice.
For me, '/' is the boot partition, '/usr' is the bulk of the sytem
files, '/var' is for rapidly changeing system data, and '/home' is
for user data.
Regards,
DigbyT
P.S. One of the RAID snfau's went as follows:
a. company installs card based RAID solution and hence decides
it nolonger needs to make backups.
b. one of the hard disks fails, system continues running...
c. replacement drive is plugged in in place of failed drive,
controller proceeds to overwrite the surviving drive with
the contents of the new drive, destroying remaining copy of
companies data.
d. company throws away raid card and goes back to manual backups...
>From: Volker Armin Hemmann <[EMAIL PROTECTED]>
>To: gentoo-user@lists.gentoo.org
>Subject: Re: [gentoo-user] /boot and booting...
>Date: Mon, 6 Jun 2005 04:22:38 +0200
>
>security.
> >You will not accidentely overwrite vmlinuz, nor will it removed by a rampant
>script, when /boot is on a different partition.
>
>Date: Mon, 06 Jun 2005 08:17:51 +0300
>From: Rumen Yotov <[EMAIL PROTECTED]>
>To: gentoo-user@lists.gentoo.org
>Subject: Re: [gentoo-user] /boot and booting...
>
>Hi,
>Agree with the two reasons pointed above (use separate /boot/), would
>like to add the possibility to have encrypted root-partition ("/").
>Could also help for a easier rescue usage.
>Not recommended but sometimes is used.
>HTH. Rumen
On Mon, Jun 06, 2005 at 07:44:40AM +0200, Richard Fish wrote:
> Digby Tarvin wrote:
>
> >Following on from the recent discussions on grub and booting,
> >is there a good reason for having a separate partition for /boot,
> >other than perhaps to overcome BIOS addressing limitations for
> >people with very large root partitions??
> >
> >
>
> Well, I do it for 2 reasons:
>
> 1. To make sure all boot files are addressable through the BIOS.
> 2. To use raid0+encryption on my root filesystem.
>
> If you want your root filesystem to use encryption, software raid, LVM,
> etc, you need /boot and an initrd.
>
> As long as you brought it up, I have 11 main system partitions! Beat that!
>
> /
> /boot
> /tmp
> /var
> /home
> /opt
> /usr/local
> /usr/portage
> /usr/share
> /usr/src
> /mnt/archives (distfiles and packages go here)
>
> My reasoning on the above is:
>
> 1. I want all files necessary for booting the system (/[s]bin, /lib,
> /usr/[s]bin, /usr/lib, /etc) to be on one relatively small partition so
> they are physically near each other to cut down on the boot time. Since
> little from /usr/share, /usr/src, /usr/local, /home or /opt is used for
> booting, having these as separate filesystems keeps their files
> "out-of-the-way".
>
> 2. I want areas that have frequent changes (like /var and /usr/portage)
> to be separate to reduce the effects of fragmentation on the rest of the
> system.
>
> 3. Since the highest-numbered sectors of my disks are the worst
> performing, I want seldom used stuff like distfiles and ISO images to be
> there. Thus, /mnt/archives is at the end of my disks.
>
> -Richard
>
> --
> gentoo-user@gentoo.org mailing list
--
Digby R. S. Tarvin [EMAIL PROTECTED]
http://www.digbyt.com
--
gentoo-user@gentoo.org mailing list
