There's a lot of contradictory information about Unix server partitioning out on the internet, so I need some advice on how to proceed.
So far, on the servers I in our test environment I didn't really care about partitioning and I configured a single monolithic /
plus a swap partition. This partitioning scheme doesn't seem like a good idea for our production servers. I have found a good starting point here, but it seems very vague on the details.
Basically I have a server on which I will be running a basic LAMP stack (Apache, PHP, and MySQL). It will have to handle file uploads (up to 2GB). The system has a 2TB RAID 1 array.
I plan to set :
/ 100GB
/var 1000GB (apache files and mysql files will be here),
/tmp 800GB (handles the php tmp file)
/home 96GB
swap 4GB
Does this sound sane, or am I over-complicating things?
Best Answer
One thing to keep in mind when laying out your partitions are failure modes. Typically that question is of the form: "What happens when partition x fills up?" Dearest voretaq7 brought up the situation with a full
/
causing any number of difficult to diagnose issues. Let's look at some more specific situations.What happens if your partition storing logs is full? You lose auditing/reporting data and is sometimes used by attackers to hide their activity. In some cases your system will not authenticate new users if it can't record their login event.
What happens on an RPM based system when
/var
is full? The package manager will not install or update packages and, depending on your configuration, may fail silently.Filling up a partition is easy, especially when a user is capable of writing to it. For fun, run this command and see how quickly you can make a pretty big file:
cat /dev/zero > zerofile
.It goes beyond filling up partitions as well, when you place locations on different mount points you can also customize their mount options.
What happens when
/dev/
is not mounted withnoexec
? Since/dev
is typically assumed to be maintained by the OS and only contain devices it was frequently (and sometimes still is) used to hide malicious programs. Leaving offnoexec
allows you do launch binaries stored there.For all these reasons, and more, many hardening guides will discuss partitioning as one of the first steps to be performed. In fact, if you are building a new server how to partition the disk is very nearly exactly the first thing you have to decide on, and often the most difficult to later change. There exists a group called the Center for Internet Security that produces gobs of easy to read configuration guides. You can likely find a guide for your specific Operating System and see any specifics they may say.
If we look at RedHat Enterprise Linux 6, the recommended partitioning scheme is this:
The principle behind all of these changes are to prevent them from impacting each other and/or to limit what can be done on a specific partition. Take the options for
/tmp
for example. What that says is that no device nodes can be created there, no programs can be executed from there, and the set-uid bit can't be set on anything. By its very nature,/tmp
is almost always world writable and is often a special type of filesystem that only exists in memory. This means that an attacker could use it as an easy staging point to drop and execute malicious code, then crashing (or simply rebooting) the system will wipe clean all the evidence. Since the functionality of/tmp
doesn't require any of that functionality, we can easily disable the features and prevent that situation.The log storage places,
/var/log
and/var/log/audit
are carved off to help buffer them from resource exhaustion. Additionally, auditd can perform some special things (typically in higher security environments) when its log storage begins to fill up. By placing it on its partition this resource detection performs better.To be more verbose, and quote
mount(8)
, this is exactly what the above used options are:From a security perspective these are very good options to know since they'll allow you to put protections on the filesystem itself. In a highly secure environment you may even add the
noexec
option to/home
. It'll make it harder for your standard user to write shell scripts for processing data, say analyzing log files, but it will also prevent them from executing a binary that will elevate privileges.Also, keep in mind that the root user's default home directory is
/root
. This means it will be in the/
filesystem, not in/home
.Exactly how much you give to each partition can vary greatly depending on the systems workload. A typical server that I've managed will rarely require person interaction and as such the
/home
partition doesn't need to be very big at all. The same applies to/var
since it tends to store rather ephemeral data that gets created and deleted frequently. However, a web server typically uses/var/www
as its playground, meaning that either that needs to be on a separate partition as well or/var/
needs to be made big.In the past I have recommended the following as baselines.
These need to be reviewed and adjusted according to the system's purpose, and how your environment operates. I would also recommend using LVM and against allocating the entire disk. This will allow you to easily grow, or add, partitions if such things are required.