Forum: Ruby on Rails [OT] server partitioning question (rails + postgres)

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
4feed660d3728526797edeb4f0467384?d=identicon&s=25 Bill Kelly (Guest)
on 2005-12-21 02:04
(Received via mailing list)
Hi,

A bit off-topic, but I'm about to set up a remote Linux server
for Rails, with postgres and probably Lighttpd.

The server has two 120GB hard drives, one of which will just be
for nightly backups of the other.

I don't intend to have any untrusted user accounts on the server.
The server will be dedicated to my own applications.

I'll want to support lots of www clients, with pretty heavy database
access.

Currently, I'm planning to just make a single partition for
everything, aside from the small /boot and swap partitions.

Does this seem reasonable?  Or are there reasons I'd be better off
with multiple partitions, such as maybe the postgres database files
in their own partition?

Just figured I'd ask in case there were any "gotcha's" I should be
aware of when putting everything in one partition.


Thanks for any thoughts,

Regards,

Bill
8e44c65ac5b896da534ef2440121c953?d=identicon&s=25 Ezra Zygmuntowicz (Guest)
on 2005-12-21 04:53
(Received via mailing list)
On Dec 20, 2005, at 5:00 PM, Bill Kelly wrote:

>
> Just figured I'd ask in case there were any "gotcha's" I should be
> aware of when putting everything in one partition.
>
>
> Thanks for any thoughts,
>
> Regards,
>
> Bill

Bill-

	It sounds good to me. One thing I highly recommend though is to
make /tmp its own partition and mount it as noexec nosetsuid. This
will keep any malicious folks from exploiting a vulnerabilty
somewhere and uploading files to your /tmp dir and running exploits
from there. I have dealt with these type of attacks before and
hardening /tmp is a big step to quashing these attack vectors.


Cheers-
-Ezra Zygmuntowicz
WebMaster
Yakima Herald-Republic Newspaper
ezra@yakima-herald.com
509-577-7732
4feed660d3728526797edeb4f0467384?d=identicon&s=25 Bill Kelly (Guest)
on 2005-12-21 05:53
(Received via mailing list)
Hi Ezra,

From: "Ezra Zygmuntowicz" <ezra@yakimaherald.com>
>
> It sounds good to me. One thing I highly recommend though is to
> make /tmp its own partition and mount it as noexec nosetsuid. This
> will keep any malicious folks from exploiting a vulnerabilty
> somewhere and uploading files to your /tmp dir and running exploits
> from there. I have dealt with these type of attacks before and
> hardening /tmp is a big step to quashing these attack vectors.

Thanks for the tip !!!

I'll do that.  I'll also be using a grsecurity kernel patch, which
among other things pretty much refuses to execute a program or
script unless it has the same owner/group as its containing directory,
and both the program file and the directory are chmod go-w.
( http://www.grsecurity.net/ )


Thanks again,

Regards,

Bill
D2b2017098da3e2fd1cdcfbb72ecdbfb?d=identicon&s=25 Jason Edgecombe (Guest)
on 2005-12-21 16:43
(Received via mailing list)
Bill Kelly wrote:

>
> Just figured I'd ask in case there were any "gotcha's" I should be
> aware of when putting everything in one partition.

Hi There,

Here are my suggestions for partitioning. I use these for my own
servers. My recommendations are most relevant for linux.

1. I recommend using logical volume management. Make /boot and swap
partitions and put the rest in LVM. LVM allows you to more easily resize
your storage volumes.
2. give /tmp, /var/log and your database files their own
partitions/volumes.  Any other fast-changing data folders should have
their own volume. This will keep your root/main volume from getting
fragmented. In addition it keeps your system functioning in case of DoS
of similar attacks.

If /tmp, /var/log, or the db partition fill up, you might have problems,
but if the root volume gets full,you won't be able to login and fix
things.

for /tmp and /var/log, I recommend a minimum of 2GB each. more if you
have high-traffic sites.

If you do use LVM, leave about 10% of your disk unallocated, that leaves
you room to expand volumes or create new ones for things that you didn't
expect.

I hope this helps.

Sincerely,
Jason Edgecombe
39b36b2be47228f8619d61ea7a607a25?d=identicon&s=25 Matthew Beale (Guest)
on 2005-12-21 16:56
(Received via mailing list)
On Wed, 2005-12-21 at 10:41 -0500, Jason Edgecombe wrote:
> > I don't intend to have any untrusted user accounts on the server.
> > in their own partition?
> >
> > Just figured I'd ask in case there were any "gotcha's" I should be
> > aware of when putting everything in one partition.

Geez, yeah that could be a long OT topic.  EVMS is a good alternative to
LVM.  Just in terms of partitioning, I'd throw /tmp (maybe /var/tmp?) on
a ramdisk, and be sure rails sessions are being thrown there.  A /boot
is sort of unnecessary, unless you plan not to mount it by default.  I
might make /var a separate EVMS partition, since it's where you'll
(ideally) be putting all of your app's data (And thus the most likely to
need to grow in the future).  Giving / (minus /var) ~5 Gigs is plenty
generous, the rest could go toward /var.

It's sort of unlikely file-systems and partitions will be your apps
performance limit in the short term, I wouldn't worry too much.

I would GET EVERYTHING ON A RAID-1 ARRAY.  Just Do It.  Hard drive
crashes will happen, and murphy's law says it will be the only copy of
your code, and your biggest client will need it that day ;-)

--

-Matthew Beale
mixonic@synitech.com :: 607 227 0871
Resume and Portfolio @ http://madhatted.com
This topic is locked and can not be replied to.