[Sunhelp] Advantages of separate partitions

Flynn, Harold M. III Flynnh at mont.disa.mil
Thu Apr 13 09:45:16 CDT 2000 

Well, first and foremost, mail is usually collected in /var/mail.  On a
production system (we were using the host mail at an isp, as well as
homepages, and the like), we had to seperate this, as the mail directory was
CONSTANTLY approaching the limit.  We actually had to build a seperate
partition (/var/mail) to segregate, that way it wouldn't overflow and kill
off the system logging.  Additionally, from a security aspect, this is an
ideal situation, as a person can fill the mail directory with tons of email,
and put /var/mail at it's limit.  From that point forth, unless there's an
IDS running on the network watching what's occuring, the person can
basically do as they wish to the system, without fear of being monitored.

Having all three on the same partition is a deathwish from a security
standpoint.  As /export/home is the user directory, by giving somebody an
account, you're basically allowing them to not only access the machine
remotely, but additionally, if they're ever so inclined, they can put as
much data in their directory as they wish (this is not taking into account
quota's...a different issue), and potentially fill the filesystem.  Same
effect as above.

The /usr issue is a bit of a different story.  IMO, it's good to maintain
all of the other binaries on a seperate partition, while the system binaries
reside in /bin and /sbin.  This eliminates a little frustration and worry in
case the system crashes and you have to go to single user mode (less path
checking, if the fs corrupts, easier to restore just that from tape, etc).

Hal

> -----Original Message-----
> From:	Simon Marko (IMS) [SMTP:smarko at ims.telstra.com.au]
> Sent:	Wednesday, April 12, 2000 9:45 PM
> To:	sunhelp at sunhelp.org
> Subject:	[Sunhelp] Advantages of separate partitions
> 
> Can anyone tell me what advantages there are to having /usr /var
> /export/home on separate partitions?
> I can only think of one compelling reason, to protect the root partition
> from filling up with uncontrolled log files or users' data.
> Other issues such as ease of backup/restore and moving filesystems to
> other disks if necessary are overcome really by the tools that come with
> Solaris, such as ufsdump.
> 
> I'm willing to hear any debate on the utility of the "OBR" (One Big Root)
> Filesystem.
> Regards
> 
> Simon Marko
> Telstra Internetworking Solutions

More information about the SunHELP mailing list