Server – Installation – Partitioning
We accepted all the defaults when installing our Ubuntu server regarding the layout of the hard drive. We accepted the sizes and mount points recommended by the installer.
For many installations, letting the installer choose the size, based on the available drive space, works fine.
However, there are times when it is best to define the sizes and locations of some directories yourself. We’ll cover some of those in this lesson.
When There’s Risk
When the default partition scheme provided by the installer is used, the entire hard disk is made part of the root file system.
As any directory grows in size, it takes away from the free space available to all other partitions, including those needed for the system to function.
Once the file system in the root partition is out of space, the system can no longer perform critical functions, like starting new processes.
It will eventually fail, hanging or rebooting your system in an unstable state.
This can happen intentionally to create a Denial of Service (DoS) for the services your server provides, or accidentally, when a process performs in an unexpected way, or a user simply adds too much data.
The risk of this happening is relatively low for most server implementations, but we’ll cover some instances where you may want to set certain directories on separate partitions.
You can check out your partition layout anytime with the command
sudo parted -l
When deciding on a custom partition scheme, be sure you don’t take so much of the available space away from other partitions that they’ll dip below their minimum recommended size.
Other partitions may be sized according to the function(s) of the server and the space available.
Some of the types of servers you may want to protect with separate partitions are, web servers, file servers, and shared access servers. We’ll cover each below.
Some directories are used more heavily by web servers than others. /var/www and /var/log are two examples.
/var/www is fairly static and should not be a cause for concern.
/var/log can grow quickly as web traffic increases.
Properly setting up log rotation for your log servers averts most of the risk here, but if you want added safety, you can mount /var/log on its own partition.
If /var/log fills up and it’s on a separate partition, the web services may crash, but the operating system will still be up so you can log in and remedy the problem.
File servers, as the name suggests, are set up to allow a number of users to store and share files with others, or for their own centralized repositories of their work.
You may mount the place the data is stored under any name, but I suggest using one that makes sense, and has its own partition.
The size will depend on the amount of space available on the drives the system has access to.
Shared Access Servers
One example of a shared access server is one that serves students doing thinks like taking Linux courses at a University.
The administrator there will want to make sure student directories are on a separate partition. The administrator should also implement quotas on how big users home directories can get.
You’ll want a big /home directory mounted separately.
The Center for Internet Security (CIS) has security benchmarks available for free for many systems, including Ubuntu 16.04 LTS. The link is provided in the More Information section below.
These are excellent tools in helping you harden your servers.
One recommendation is setting up separate partitions for several directories. Those are:
The benchmark also recommends setting certain options like nosuid, nodev, and noexec on some of those partitions.
Please see the CIS Benchmark for your operating system for detailed information.
Understand Your Server
We’ve only covered a few of the possibilities here.
If you’re spinning up a server, understand the type of work it will be doing, and what areas need protection by learning ahead of time, or learning as you go.
You can modify your partition scheme at any time if you installed using Logical Volume Manager, as I recommended in the previous lesson, and always recommend.