The importance of Linux partitions

by on October 1, 2005 · 27 comments· LAST UPDATED December 8, 2008

in , ,

Disk partitioning is the creation of separate divisions of a hard disk drive using partition editors such as fdisk. Once a disk is divided into several partitions, directories and files of different categories may be stored in different partitions.

Many new Linux sys admin (or Windows admin) create only two partitions / (root) and swap for entire hard drive. This is really a bad idea. You need to consider the following points while partitioning disk.

Purposes for Disk Partitioning

An operating system like Windows / Linux can be installed on a single, unpartitioned hard disk. However, the ability to divide a hard disk into multiple partitions offers some important advantages. If you are running Linux on server consider following facts:

  • Ease of use - Make it easier to recover a corrupted file system or operating system installation.
  • Performance - Smaller file systems are more efficient. You can tune file system as per application such as log or cache files. Dedicated swap partition can also improve the performance (this may not be true with latest Linux kernel 2.6).
  • Security - Separation of the operating system files from user files may result into a better and secure system. Restrict the growth of certain file systems is possible using various techniques.
  • Backup and Recovery - Easier backup and recovery.
  • Stability and efficiency - You can increase disk space efficiency by formatting disk with various block sizes. It depends upon usage. For example, if the data is lots of small files, it is better to use small block size.
  • Testing - Boot multiple operating systems such as Linux, Windows and FreeBSD from a single hard disk.


File systems that need their own partitions
PartitionPurpose
/usrThis is where most executable binaries, the kernel source tree and much documentation go.
/varThis is where spool directories such as those for mail and printing go. In addition, it contains the error log directory.
/tmpThis is where most temporary data files stored by apps.
/bootThis is where your kernel images and boot loader configuration go.
/homeThis is where users home directories go.

Let us assume you have 120 GB SCSI hard disk with / (root) and swap partitions only. One of user (may be internal or external or cracker ) runs something which eats up all your hard disk space (DoS attack). For example, consider following tiny script that user can run in /tmp directory:

#!/bin/sh
man bash > $(mktemp)
$0

Anyone can run above script via cron (if allowed), or even with nohup command:
$ nohup bad-script &

The result can be a total disaster as entire file system comes under Denial of Service attack. It will even bypass the disk quota restriction. One of our Jr. Linux sys admin created only two partition. Later poorly written application eats up all space in /var/log/. End result was memo for him (as he did not followed internal docs that has guidelines for partition setup for clients server). Bottom line create the partition on Linux server.

If you do not have a partition schema, than following attacks can take place:

  1. Runaway processes.
  2. Denial of Service attack against disk space (see above example script).
  3. Users can download or compile SUID programs in /tmp or even in /home.
  4. Performance tuning is not possible.
  5. Mounting /usr as read only not possible to improve security.
  6. All of this attack can be stopped by adding following option to /etc/fstab file:
  • nosuid - Do not set SUID/SGID access on this partition
  • nodev - Do not character or special devices on this partition
  • noexec - Do not set execution of any binaries on this partition
  • ro - Mount file system as readonly
  • quota - Enable disk quota

Please note that above options can be set only, if you have a separate partition. Make sure you create a partition as above with special option set on each partition:

  • /home - Set option nosuid, and nodev with diskquota option
  • /usr - Set option nodev
  • /tmp - Set option nodev, nosuid, noexec option must be enabled

For example entry in /etc/fstabe for /home should read as follows:

/dev/sda1  /home          ext3    defaults,nosuid,nodev 1 2

Here is mount command output from one of my OpenBSD production server:

/dev/wd0a on / type ffs (local)
/dev/wd1a on /home type ffs (local, nodev, nosuid, with quotas)
/dev/wd0d on /root type ffs (local)
/dev/wd0e on /usr type ffs (local, nodev)
/dev/wd0f on /tmp type ffs (local, nodev)
/dev/wd0h on /var type ffs (local, nodev, nosuid)
/dev/wd0g on /var/log type ffs (local, nodev)

How do I obtain information about partitions?

There are several ways that information about partitions can be obtained on Linux / UNIX like operating systems.

List partitions:

fdisk -l

Report file system disk space usage:

df -h
OR
df -k

Display partition mount options including mount points

mount
Sample output:

/dev/sda2 on / type ext3 (rw,relatime,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
/proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
varrun on /var/run type tmpfs (rw,nosuid,mode=0755)
varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
/dev/sda1 on /media/sda1 type fuseblk (rw,nosuid,nodev,allow_other,default_permissions,blksize=4096)
/dev/sda5 on /share type fuseblk (rw,nosuid,nodev,allow_other,default_permissions,blksize=4096)
/dev/sdb2 on /disk1p2 type ext3 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/vivek/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=vivek)

Display / edit file system configuration options

less /etc/fstab
or
vi /etc/fstab

Quickly remount /usr in ro mode

mount -o remount, ro /usr

Quickly mount all file system configured in /etc/fstab

mount -a

References:

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 27 comments… read them below or add one }

1 polarizer October 7, 2005 at 2:08 pm

You did mention nodev, nosuid, noexec for /tmp (for /var/ and /var/log it’s a good idea too) but the output from your production server does not show some these settings. So why?

Reply

2 cyberciti October 7, 2005 at 3:55 pm

Yup we do have nodev, nosuid, with quotas enabled on /home and /var partitions.
/dev/wd1a on /home type ffs (local, nodev, nosuid, with quotas)
/dev/wd0h on /var type ffs (local, nodev, nosuid)

However on /tmp it is only nodev enabled and not nosuid. This is OpenBSD box. And rest of the services are chrooted i.e. www and ftp and /tmp is very small system around

Reply

3 Tudor Vaida January 10, 2007 at 1:38 am

(1) Performance
(4) Backup
Nothing in your article about them.

Reply

4 nixCraft January 10, 2007 at 6:53 am

Tudor,

(4) Backup
You can easily dump and restore /home partition without touching rest of file system.

(1) Performance
You can easily disable or enable few properties for performance such as disable file creation update time on /var partition or database partition to save disk I/O.

Above are two prime examples.

Appreciate your post.

Reply

5 Nabin Limbu November 16, 2007 at 1:52 pm

If noexec is enabled in /var, then it can create problem to cgi-bin scripts which are normally stored in /var/www/cgi-bin

Reply

6 Bartek December 8, 2008 at 12:32 pm

Good article. If I have an existing Ubuntu installation, what would you recommend for resizing the partitions?

Right now I only have / and /home so it’s not horrible a there is some separation, but you made a valid point on separating /var and the others.

Reply

7 nixCraft December 8, 2008 at 12:56 pm

@Bartek,

To resize partition use
* SystemRescueCd
* BootitNG
* GParted

Make sure you got back of all data before trying out resizing operation.

Reply

8 Mikael Ståldal December 8, 2008 at 12:57 pm

Consider mounting /tmp as tmpfs.

Reply

9 Hosting Reviews January 6, 2009 at 4:55 pm

It’s amazing how many people don’t realize that your system can be quite vulnerable if you don’t have a partition schema, Great Post!

Reply

10 punktyras December 10, 2009 at 8:26 pm

For example entry in /etc/fstabe for /home should read as follows:
/etc/fstabe -> /etc/fstab

Reply

11 Philippe March 16, 2010 at 10:06 am

Useful and thorough article, thanks Vivek.

Reply

12 faber April 2, 2010 at 11:54 pm

I’ve found your blog on google for my last 4-5 questions about linux … LOL I definetly add your blog to my feed reader.

Btw I have a question.
How much space should I give to each partition? I used to have /, swap and /home partition and it was quite easy to split an hdd.
With 7 partition (and a few knowledge) it’s not ! :P

Thank you!

Reply

13 faber April 2, 2010 at 11:56 pm

I know that talking about absolute space (give X GB to /usr, Y GB to /home) could have no sense at all since we could have different hard disk size.

Maybe we should talk in percentages… I don’t know :)

Reply

14 faber April 3, 2010 at 12:03 am

Should we consider logical volumes like centos (and I suppose redhat) does?

Reply

15 Rick April 26, 2010 at 6:02 pm

Great article, thanks for posting it & comments by readers, very helpful!

Reply

16 crook November 10, 2010 at 4:48 am

can anyone please tell what are the advantages of having an entry for non critical file systems in /etc/fstab

Reply

17 GrahamCB December 3, 2010 at 5:16 pm

Really informative material. I am a linux newbie and am getting ready to switch from the default distro load on a single partition to a proper partition arrangement. I thought a hard dive could have only 4 primary partitions so duhh some of the suggested partitions must be logical drives within an extended partition? If yes, will this be easy to do and what should be on it? Thanks in advance guys.

Reply

18 Steve February 17, 2011 at 6:46 am

I’m also interested in suggested partition sizes. I’m currently building an Arch Linux system and have decided to start with LVM on LUKS for logical partitioning/resizing of a dm-crypt’ed filesystem. Since my goal is a secure system I want to divide my partitions up sensibly and was hoping to find some general starting points. I can always resize later with LVM if I need more or less space.

Thanks for a great article! When I worked in web hosting we used to set up and mount our server partitions like this and it probably mitigated a lot of attacks. We used to have to root out perl hacks running in /tmp all the time before we started employing these techniques.

Reply

19 Rakib April 25, 2011 at 5:48 am

Excellent!! Thanks, I was also a stupit who did only 2 partitions. But From now on I will do multiple partitions. But can any one tell what should be the percentage of all those partition depending on the total amount of hard disk??

Reply

20 balwinder kaur July 7, 2011 at 10:00 am

good site for linux

Reply

21 Sam October 9, 2011 at 12:42 am

hi,

Linux is a complicated but powerful bitch – made worse by ‘tutors’ who never seem to use diagrams to explain what the hack is going on. you just go from one complexity to the next. if i ever [ unlikely! ] get good at Linux, i’ll write a book full of diagrams and pictures as well as properly headed/tabbed text to make sure normal people can really understand Linux.

please rewrite this using diagrams & explaining:

1] what exactly is a partition – types, quantity
2] how a hard disk is organised
3] what is the difference between windows and linux as far as hard drive concerned
4] what’s the best HD config for a webserver [ that's what most people do ]
5] what file sytems to use best & why
6] how to back up ecah partition
7] how to restore each partition
8] how to recover/rebuild from a crash

you have to know the whole thing – you well know bits of knowledge don’t get you very far and can easily land you in deep trouble.

cheers.

Reply

22 Anu November 20, 2012 at 6:52 am

Loved your comment! even i think the same, :) something like head first series..

Reply

23 Dean Voets October 23, 2011 at 11:48 pm

Thank you for the information. I’ve got some questions (and some answers for the previous questions :)):

1) What do you recommend for the /boot partition?
2) Is it possible to use two partitions for /tmp (one as tmpfs and one on the harddisk)?
3) You mention using for backuping up: which filesystems can be backed up like that? It would be intresting, but I always thought that was restricted to ext2.

Some answers/ opinions about the questions asked earlier:
I’m about to reinstall my linux (with 7 partitions) and just checked how much was used & checked the average file size:

/boot: 37 megabytes with grub 2 booting windows 7 & xubuntu, average filesize +- 300kb.
/usr: 4.3 gygabytes including most texwork packages (Latex), eclipse, all codecs, etc. Average size: 40kb
/var: 340 megabytes, average size 60kb
/opt & /srv are basically empty
/tmp is mounted as tmpfs.
/: 255mb, average file size about 10kb.
I didn’t look at /home and the swap.
Now, I’m going for 100mb /boot, 8 gb /usr, 1 gb /var, 1 gb /, 8 gb swap (probably excessive) and I’m leaving the remaining part for home. /tmp will again be mounted as tmpfs and I’ll link /opt to /usr/opt. Comments/tips are always appreciated :).

Best filesystem to use:
Ext4 is probably not a bad choice if you are unsure. When Ext3 was the new one, I also considered ext2 since that could be read in windows (not easily) but I don’t think there is any windows support for current Linux filesystems. Ntfs works reasonably well in Linux but I would keep it out of the system partitions since it’s rather slow.

About installing on a primary or logical partition. The /boot partition should be on a primary partition, all others can/should be extended partitions.
In case of a dual-boot with windows 7, you should first install windows which will create two primary partitions and then install linux. Make sure that you keep the bootable flag at the windows partition.
You can also install windows 7, windows XP and linux by making the partitions upfront, choosing an extended partition for Windows 7 (it’s bootpartition will be the first primary one), then installing windows XP at the second primary partition and finishing with Linux.

Reply

24 priyanka singh January 13, 2012 at 10:49 am

thank you for wonderful information provided by you

Reply

25 Pradeep Gurav January 20, 2012 at 9:46 am

Very good article.. I have question.. answer is already there in your blog but i just want to confirm.. Can we use options like ‘defaults,nodev’ ?

some other blog i read about default options for ext3 are rw,suid,dev,exec,auto,nouser,async. if I give defaults[..dev..],nodev.. how it works.. whts final options ..dev..or..nodev

What are the default options? Is it specific to OS or file system..?

Reply

26 CS August 7, 2013 at 10:17 am

/usr BEWARE (bad, bad pun).

There are things to be said about /usr on a partition independent of root. I’ll let these folk do it:

http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken/

Its the relative silence of having such a setup that is a worry. The usage scenario of the box may dictate the extent of potential damage.

Reply

27 steak November 3, 2013 at 9:33 am

Would something like the HOOKS found in https://wiki.archlinux.org/index.php/Initramfs
solve the problem of /usr graceful failures? It just seems nice to have it on another partition and from systemd’s page it seems the issue is /usr not being loaded early enough (which i think /usr HOOK fixes)

Reply

Leave a Comment

Tagged as: , , , , , , , , , ,

Previous post:

Next post: