We assume that you are installing your new Linux server to a new hard drive, with no other existing file system or operating system previously installed. A good partition strategy is to create a separate partition for each major file system. This enhances security and prevents accidental denial of service or exploit of SUID programs.
Creating multiple partitions offers you the following advantages:
Protection against denial of service attack. |
Protection against SUID programs. |
Faster booting. |
Easy backup and upgrade management. |
Ability for better control of mounted file system. |
Limit each file system's ability to grow. |
If previous file system or operating system exist on the hard drive and computer where you want to install your Linux system, we highly recommend, that you make a backup of your current system before proceeding with the disk partitioning.
Step 1. For performance, stability and security reasons you must create something like the following partitions listed below on your computer. We suppose for this partition configuration the fact that you have a SCSI hard drive of 3.2 GB. Of course you will need to adjust partition sizes according to your own needs and disk size. Partitions that must be created on your system:
/boot 5MB /usr 512MB /home 1146MB /chroot 256MB /cache 256MB /var 256MB <Swap> 128MB /tmp 256MB / 256MB
All Kernel images are kept here. | |
Must be large, since all Linux binaries programs are installed here. | |
Proportional to the number of users you intend to host i.e. 10MB per users multiplied by the number of users 114 = 1140MB. | |
If you want to install programs in chroot jail environment i.e. DNS. | |
This is the cache partition of a proxy server i.e. Squid. | |
Contains files that change when the system run normally i.e. Log files. | |
Our swap partition. The virtual memory of the Linux operating system. | |
Our temporary files partition. | |
Our root partition. |
We have made two more special partitions:
/chroot
The /chroot
partition can be used for DNS server chrooted, Apache server chrooted and other chrooted future programs.
/cache
The /cache
partition can be used for a Squid Proxy server.
If you are not intending to install Squid Proxy server you don't need to create the /cache
partition.
Keeping /tmp
and /home
on separate partitions is pretty much mandatory if users have shell access
to the server- protection against SUID
programs; splitting these off into separate partitions also
prevent users from filling up any critical file system -denial of service attack.
The same applies to /var
, and /usr
on separate partitions is also a very good idea. By isolating the /var
partition, you protect
your root partition from overfilling -denial of service attack.
In our partition configuration we'll reserve 256 MB of disk space for chrooted programs like Apache,
DNS and other software. This is necessary because Apache DocumentRoot
files and other binaries, programs
related to Apache will be installed in this partition if you decide to run Apache web server in a chrooted
jail.
Take note that the size of the Apache chrooted directory on the chrooted partition is proportional
to the size of your DocumentRoot
files. If you're not intending to install and use Apache on your server,
you can reduce the size of this partition to something like 10 MB for DNS server that you always need in
a chrooted jail environment for security reasons.
For information purposes only, this is the minimum size in megabytes, which a Linux installation must have to function properly. The sizes of partitions listed below are really small. This configuration can fit into a very old hard disk of 512MB in size that you might find in old x486 computers. We show you this partition just to get an idea of the minimum requirements.
/ 35MB /boot 5MB /chroot 10MB /home 100MB /tmp 30MB /usr 232MB /var 25MB