126
submitted 1 year ago by wtry@lemm.ee to c/linux@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] Decipher0771@lemmy.ca 7 points 1 year ago* (last edited 1 year ago)

Depends on your system. Desktop have different requirements than servers.

On both at minimum, I'd keep /home and /var/log separate. Those usually see the most writes, are least controlled, and so long as they're separate partitions they can fill up accidentally and your system should still remain functional. /tmp and /var/tmp should usually be mounted separately, for similar reasons.

/boot usually keep separate because bootloaders don't always understand the every weird filesystem you might use elsewhere. It would also be the one unencrypted partition you need to boot off of.

On a server, /opt and /srv would usually be separate, usually separate volumes for each directory within those as well, depending how you want to isolate each application/data store location. You could just use quotas; but mounting separately would also allow you to specify different flags, i.e. noexec, nosuid for volumes that should only ever contain data.

/var/lib/docker and other stuff in /var/lib I usually like to keep on separate mounts. i.e. put /var/lib/mysql or other databases on a separate faster disk, use a different file system maybe, and again different mount options. In distant past, you'd mount /var/spool on a different filesystem with more inodes than usual.

Highly secure systems usually require /var/log/audit to be separate, and needs to have enough space guaranteed that it won't ever run out of space and lock the system out due to inability to audit log.

Bottom line is its differnet depending on your requiremtns, but splitting unnecessarily is a good way to waste space and nothing else. Separate only if you need it on a different type of device, different mount options, different size guarantees etc, don't do it for no reason.

[-] stikonas@lemmy.kde.social 4 points 1 year ago

Regarding /boot, it can be encrypted as long as your bootloader can decrypt it, for example GRUB can decrypt LUKS encrypted partitions (albeit somewhat slowly). And the only partition that really has to be unencrypted is UEFI system partition (ESP), where bootloaders are located.

this post was submitted on 11 Aug 2023
126 points (100.0% liked)

Linux

48033 readers
714 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS