Hi, A bit off-topic, but I''m about to set up a remote Linux server for Rails, with postgres and probably Lighttpd. The server has two 120GB hard drives, one of which will just be for nightly backups of the other. I don''t intend to have any untrusted user accounts on the server. The server will be dedicated to my own applications. I''ll want to support lots of www clients, with pretty heavy database access. Currently, I''m planning to just make a single partition for everything, aside from the small /boot and swap partitions. Does this seem reasonable? Or are there reasons I''d be better off with multiple partitions, such as maybe the postgres database files in their own partition? Just figured I''d ask in case there were any "gotcha''s" I should be aware of when putting everything in one partition. Thanks for any thoughts, Regards, Bill
Ezra Zygmuntowicz
2005-Dec-21 03:51 UTC
Re: [OT] server partitioning question (rails + postgres)
On Dec 20, 2005, at 5:00 PM, Bill Kelly wrote:> Hi, > > A bit off-topic, but I''m about to set up a remote Linux server > for Rails, with postgres and probably Lighttpd. > > The server has two 120GB hard drives, one of which will just be > for nightly backups of the other. > > I don''t intend to have any untrusted user accounts on the server. > The server will be dedicated to my own applications. > > I''ll want to support lots of www clients, with pretty heavy database > access. > > Currently, I''m planning to just make a single partition for > everything, aside from the small /boot and swap partitions. > > Does this seem reasonable? Or are there reasons I''d be better off > with multiple partitions, such as maybe the postgres database files > in their own partition? > > Just figured I''d ask in case there were any "gotcha''s" I should be > aware of when putting everything in one partition. > > > Thanks for any thoughts, > > Regards, > > BillBill- It sounds good to me. One thing I highly recommend though is to make /tmp its own partition and mount it as noexec nosetsuid. This will keep any malicious folks from exploiting a vulnerabilty somewhere and uploading files to your /tmp dir and running exploits from there. I have dealt with these type of attacks before and hardening /tmp is a big step to quashing these attack vectors. Cheers- -Ezra Zygmuntowicz WebMaster Yakima Herald-Republic Newspaper ezra-gdxLOakOTQ9oetBuM9ipNAC/G2K4zDHf@public.gmane.org 509-577-7732
Hi Ezra, From: "Ezra Zygmuntowicz" <ezra-SD1UcFUIF7QjH4SCZfkgnw@public.gmane.org>> > It sounds good to me. One thing I highly recommend though is to > make /tmp its own partition and mount it as noexec nosetsuid. This > will keep any malicious folks from exploiting a vulnerabilty > somewhere and uploading files to your /tmp dir and running exploits > from there. I have dealt with these type of attacks before and > hardening /tmp is a big step to quashing these attack vectors.Thanks for the tip !!! I''ll do that. I''ll also be using a grsecurity kernel patch, which among other things pretty much refuses to execute a program or script unless it has the same owner/group as its containing directory, and both the program file and the directory are chmod go-w. ( http://www.grsecurity.net/ ) Thanks again, Regards, Bill
Jason Edgecombe
2005-Dec-21 15:41 UTC
Re: [OT] server partitioning question (rails + postgres)
Bill Kelly wrote:> Hi, > > A bit off-topic, but I''m about to set up a remote Linux server > for Rails, with postgres and probably Lighttpd. > > The server has two 120GB hard drives, one of which will just be > for nightly backups of the other. > > I don''t intend to have any untrusted user accounts on the server. > The server will be dedicated to my own applications. > > I''ll want to support lots of www clients, with pretty heavy database > access. > > Currently, I''m planning to just make a single partition for > everything, aside from the small /boot and swap partitions. > > Does this seem reasonable? Or are there reasons I''d be better off > with multiple partitions, such as maybe the postgres database files > in their own partition? > > Just figured I''d ask in case there were any "gotcha''s" I should be > aware of when putting everything in one partition.Hi There, Here are my suggestions for partitioning. I use these for my own servers. My recommendations are most relevant for linux. 1. I recommend using logical volume management. Make /boot and swap partitions and put the rest in LVM. LVM allows you to more easily resize your storage volumes. 2. give /tmp, /var/log and your database files their own partitions/volumes. Any other fast-changing data folders should have their own volume. This will keep your root/main volume from getting fragmented. In addition it keeps your system functioning in case of DoS of similar attacks. If /tmp, /var/log, or the db partition fill up, you might have problems, but if the root volume gets full,you won''t be able to login and fix things. for /tmp and /var/log, I recommend a minimum of 2GB each. more if you have high-traffic sites. If you do use LVM, leave about 10% of your disk unallocated, that leaves you room to expand volumes or create new ones for things that you didn''t expect. I hope this helps. Sincerely, Jason Edgecombe
Matthew Beale
2005-Dec-21 15:55 UTC
Re: [OT] server partitioning question (rails + postgres)
On Wed, 2005-12-21 at 10:41 -0500, Jason Edgecombe wrote:> Bill Kelly wrote: > > > Hi, > > > > A bit off-topic, but I''m about to set up a remote Linux server > > for Rails, with postgres and probably Lighttpd. > > > > The server has two 120GB hard drives, one of which will just be > > for nightly backups of the other. > > > > I don''t intend to have any untrusted user accounts on the server. > > The server will be dedicated to my own applications. > > > > I''ll want to support lots of www clients, with pretty heavy database > > access. > > > > Currently, I''m planning to just make a single partition for > > everything, aside from the small /boot and swap partitions. > > > > Does this seem reasonable? Or are there reasons I''d be better off > > with multiple partitions, such as maybe the postgres database files > > in their own partition? > > > > Just figured I''d ask in case there were any "gotcha''s" I should be > > aware of when putting everything in one partition.Geez, yeah that could be a long OT topic. EVMS is a good alternative to LVM. Just in terms of partitioning, I''d throw /tmp (maybe /var/tmp?) on a ramdisk, and be sure rails sessions are being thrown there. A /boot is sort of unnecessary, unless you plan not to mount it by default. I might make /var a separate EVMS partition, since it''s where you''ll (ideally) be putting all of your app''s data (And thus the most likely to need to grow in the future). Giving / (minus /var) ~5 Gigs is plenty generous, the rest could go toward /var. It''s sort of unlikely file-systems and partitions will be your apps performance limit in the short term, I wouldn''t worry too much. I would GET EVERYTHING ON A RAID-1 ARRAY. Just Do It. Hard drive crashes will happen, and murphy''s law says it will be the only copy of your code, and your biggest client will need it that day ;-) -- -Matthew Beale mixonic-8rZIAEcCR/xWk0Htik3J/w@public.gmane.org :: 607 227 0871 Resume and Portfolio @ http://madhatted.com
Possibly Parallel Threads
- Linux - Rails - PostgreSQL partitioning
- SOLVED:Re: How to select postgres for usage instead postgres-pr?
- PostgreSQL, postgres gem, rails2.pdf, http://ruby.scripting.ca/postgres/ confusion...
- [PATCH server] add ipv6 postgres trust
- Installing the Postgres gem on Ubuntu