Rails - Dec 2005 - [OT] server partitioning question (rails + postgres)

Hi,

A bit off-topic, but I''m about to set up a remote Linux server
for Rails, with postgres and probably Lighttpd.

The server has two 120GB hard drives, one of which will just be
for nightly backups of the other.

I don''t intend to have any untrusted user accounts on the server.
The server will be dedicated to my own applications.

I''ll want to support lots of www clients, with pretty heavy database
access.

Currently, I''m planning to just make a single partition for
everything, aside from the small /boot and swap partitions.

Does this seem reasonable?  Or are there reasons I''d be better off
with multiple partitions, such as maybe the postgres database files
in their own partition?

Just figured I''d ask in case there were any
"gotcha''s" I should be
aware of when putting everything in one partition.


Thanks for any thoughts,

Regards,

Bill

On Dec 20, 2005, at 5:00 PM, Bill Kelly wrote:
> Hi,
>
> A bit off-topic, but I''m about to set up a remote Linux server
> for Rails, with postgres and probably Lighttpd.
>
> The server has two 120GB hard drives, one of which will just be
> for nightly backups of the other.
>
> I don''t intend to have any untrusted user accounts on the server.
> The server will be dedicated to my own applications.
>
> I''ll want to support lots of www clients, with pretty heavy
database
> access.
>
> Currently, I''m planning to just make a single partition for
> everything, aside from the small /boot and swap partitions.
>
> Does this seem reasonable?  Or are there reasons I''d be better off
> with multiple partitions, such as maybe the postgres database files
> in their own partition?
>
> Just figured I''d ask in case there were any
"gotcha''s" I should be
> aware of when putting everything in one partition.
>
>
> Thanks for any thoughts,
>
> Regards,
>
> Bill
Bill-

	It sounds good to me. One thing I highly recommend though is to  
make /tmp its own partition and mount it as noexec nosetsuid. This  
will keep any malicious folks from exploiting a vulnerabilty  
somewhere and uploading files to your /tmp dir and running exploits  
from there. I have dealt with these type of attacks before and  
hardening /tmp is a big step to quashing these attack vectors.


Cheers-
-Ezra Zygmuntowicz
WebMaster
Yakima Herald-Republic Newspaper
ezra-gdxLOakOTQ9oetBuM9ipNAC/G2K4zDHf@public.gmane.org
509-577-7732

Hi Ezra,

From: "Ezra Zygmuntowicz"
<ezra-SD1UcFUIF7QjH4SCZfkgnw@public.gmane.org>
> 
> It sounds good to me. One thing I highly recommend though is to  
> make /tmp its own partition and mount it as noexec nosetsuid. This  
> will keep any malicious folks from exploiting a vulnerabilty  
> somewhere and uploading files to your /tmp dir and running exploits  
> from there. I have dealt with these type of attacks before and  
> hardening /tmp is a big step to quashing these attack vectors.
Thanks for the tip !!!

I''ll do that.  I''ll also be using a grsecurity kernel patch,
which
among other things pretty much refuses to execute a program or
script unless it has the same owner/group as its containing directory,
and both the program file and the directory are chmod go-w.
( http://www.grsecurity.net/ )


Thanks again,

Regards,

Bill

Bill Kelly wrote:
> Hi,
>
> A bit off-topic, but I''m about to set up a remote Linux server
> for Rails, with postgres and probably Lighttpd.
>
> The server has two 120GB hard drives, one of which will just be
> for nightly backups of the other.
>
> I don''t intend to have any untrusted user accounts on the server.
> The server will be dedicated to my own applications.
>
> I''ll want to support lots of www clients, with pretty heavy
database
> access.
>
> Currently, I''m planning to just make a single partition for
> everything, aside from the small /boot and swap partitions.
>
> Does this seem reasonable?  Or are there reasons I''d be better off
> with multiple partitions, such as maybe the postgres database files
> in their own partition?
>
> Just figured I''d ask in case there were any
"gotcha''s" I should be
> aware of when putting everything in one partition.
Hi There,

Here are my suggestions for partitioning. I use these for my own 
servers. My recommendations are most relevant for linux.

1. I recommend using logical volume management. Make /boot and swap 
partitions and put the rest in LVM. LVM allows you to more easily resize 
your storage volumes.
2. give /tmp, /var/log and your database files their own 
partitions/volumes.  Any other fast-changing data folders should have 
their own volume. This will keep your root/main volume from getting 
fragmented. In addition it keeps your system functioning in case of DoS 
of similar attacks.

If /tmp, /var/log, or the db partition fill up, you might have problems, 
but if the root volume gets full,you won''t be able to login and fix
things.

for /tmp and /var/log, I recommend a minimum of 2GB each. more if you 
have high-traffic sites.

If you do use LVM, leave about 10% of your disk unallocated, that leaves 
you room to expand volumes or create new ones for things that you
didn''t
expect.

I hope this helps.

Sincerely,
Jason Edgecombe

On Wed, 2005-12-21 at 10:41 -0500, Jason Edgecombe
wrote:
> Bill Kelly wrote:
> 
> > Hi,
> >
> > A bit off-topic, but I''m about to set up a remote Linux
server
> > for Rails, with postgres and probably Lighttpd.
> >
> > The server has two 120GB hard drives, one of which will just be
> > for nightly backups of the other.
> >
> > I don''t intend to have any untrusted user accounts on the
server.
> > The server will be dedicated to my own applications.
> >
> > I''ll want to support lots of www clients, with pretty heavy
database
> > access.
> >
> > Currently, I''m planning to just make a single partition for
> > everything, aside from the small /boot and swap partitions.
> >
> > Does this seem reasonable?  Or are there reasons I''d be
better off
> > with multiple partitions, such as maybe the postgres database files
> > in their own partition?
> >
> > Just figured I''d ask in case there were any
"gotcha''s" I should be
> > aware of when putting everything in one partition.
Geez, yeah that could be a long OT topic.  EVMS is a good alternative to
LVM.  Just in terms of partitioning, I''d throw /tmp (maybe /var/tmp?)
on
a ramdisk, and be sure rails sessions are being thrown there.  A /boot
is sort of unnecessary, unless you plan not to mount it by default.  I
might make /var a separate EVMS partition, since it''s where
you''ll
(ideally) be putting all of your app''s data (And thus the most likely
to
need to grow in the future).  Giving / (minus /var) ~5 Gigs is plenty
generous, the rest could go toward /var.

It''s sort of unlikely file-systems and partitions will be your apps
performance limit in the short term, I wouldn''t worry too much.

I would GET EVERYTHING ON A RAID-1 ARRAY.  Just Do It.  Hard drive
crashes will happen, and murphy''s law says it will be the only copy of
your code, and your biggest client will need it that day ;-)

-- 

-Matthew Beale
mixonic-8rZIAEcCR/xWk0Htik3J/w@public.gmane.org :: 607 227 0871
Resume and Portfolio @ http://madhatted.com