Home > Articles > Operating Systems, Server > Linux/UNIX/Open Source

  • Print
  • + Share This

Partitions and Security

During installation, Linux will prompt you to partition your hard drive. This section will examine how your partitioning approach can affect your security.

What Are Partitions, Exactly?

Partitions are areas on your hard drive that are reserved for file systems. Let's look at their relationship to your hard drive at large.

Hard drives are composed of one or more layers called platters. Older SCSI drives, in particular, often house multiple platters. Please see Figure 3.2.

Figure 3.2 Hard drives can have one platter or several.

Each platter's surface vaguely resembles the surface of a vinyl record. Please see Figure 3.3.

As depicted in Figure 3.3, platters are covered by groove-like structures, circles that get increasingly smaller as they get closer to the center. The spaces between these circles are tracks. Tracks are divided into smaller units called sectors, which contain even smaller units that record data bits.

Figure 3.3 Your hard drive's tracks, sectors, and data.

The total number of tracks that occupy the same region on all platters form a cylinder. Please see Figure 3.4.

Figure 3.4 All tracks occupying an identical area form a cylinder.

Partitions are composed of a user-specified range of contiguous cylinders. With DOS and Windows 3.11 (and even Windows 95's early release), users needed only one partition. This occupied virtually the entire disk and contained system files, user files, and swap files. Please see Figure 3.5.

Figure 3.5 The DOS partition occupies almost the entire disk.

NOTE

As hard drives larger than 2 gigabytes have become more affordable, this has changed. DOS/Windows and the first release of Windows 95 could only handle 2GB or less. Hence, to accommodate a large disk, you had to format it in 2GB partition increments, in which your first partition would be Drive C:, your second partition would be Drive D:, and so on. Later releases of Windows impose no such restriction.

In Linux, it's more common to have multiple partitions, primarily to maintain strict control over where data ends up. Normally, when you use only a single partition (as you would with DOS), your operating system writes data arbitrarily wherever it finds suitable space, and so do users. Eventually, your data becomes spread out, unmanageable, and disorganized.

In contrast, things are a bit more orderly when you create multiple partitions. For example, you can separate swap files from your live file system. Each partition exclusively owns a specific disk area. Figure 3.6 depicts a fairly common partitioning scenario.

Another common scenario is when you install two or more operating systems on the same disk drive but on different partitions, and they can coexist problem-free.

Linux supports a wide range of partition types. Table 3.1 lists a few of the more interesting ones.

Figure 3.6 Here, the disk has two swap partitions and one native file Linux partition.

Table 3.1 Various Partition Types Supported by Linux

Number

Partition Type

2

XENIX root, an antiquated, Unix-based operating system for PCs that is rarely used today. It has a long history. Originally based on Unix version 7, later incorporating features from BSD 4.1, and finally conforming to SYS V, XENIX has been marketed by many companies, including Microsoft and the Santa Cruz Operation (SCO).

7

The High Performance File System or HPFS, a fault-tolerant system that incorporates advanced caching, long filenames, and support for traditionally incompatible file structures. It is the basis for the OS/2 system. Learn more about HPFS at http://www.cs.wisc.edu/~bolo/shipyard/hpfs.html.

8

AIX (IBM Unix).

40

Venix 80286, a System V-compatible version of Unix from VentureCom.

63

GNU HURD, which hails from the Free Software Foundation and will eventually be a replacement for the Unix kernel. To learn more about HURD, go to http://www.gnu.org/software/hurd/hurd.html.

64

Novell NetWare.

81

Minix.

82

Linux swap partition.

83

Linux native partition.

93

Amoeba, a distributed operating system that runs on SPARCstations (Sun4c and Sun4m), as well as the 386/486, 68030, Sun 3/50, and Sun 3/60. Amoeba is used to pool the power of multiple workstations into one powerful block of computing power. Learn more about Amoeba at http://www.cs.vu.nl/pub/amoeba/.


Linux supports more partitions than those listed here. For a complete list, go to http://mm.iit.uni-miskolc.hu/Data/texts/Linux/SAG/node35.html. Also, for a complete list of all PC partition types (including those Linux does not support) go to http://www.win.tue.nl/math/dw/personalpages/aeb/linux/partitions/partition_types-1.html.

Many folks install both DOS/Windows and Linux on the same hard drive, on separate partitions. This offers them latitude and flexibility. They can learn Linux while still relying on Windows, and enjoy at least one-way compatibility. Please see Figure 3.7.

Figure 3.7 Linux and DOS/Windows can coexist, but only Linux offers compatibility.

Although DOS and Windows cannot access the Linux partition, Linux can access the DOS partition, thereby allowing you to copy files back and forth across file systems.

NOTE

During installation, Linux asks you to specify additional or foreign file systems that you'd like to access. Linux mounts those file systems in the directory of your choice. A typical configuration would be to mount the DOS file system from Linux in /dos.

Linux newcomers often use the configurations depicted in Figures 3.6 and 3.7 because they're easy to implement. Many new Linux users are satisfied if they can just complete the installation with no problems, so they're apt to avoid more complicated partitioning schemes. Moreover, few installation routines highlight the relationship between partitioning and security, and give no hint that such configurations are risky.

In fact, the scenarios depicted in Figures 3.6 and 3.7 expose your system to attack and hinder your ability to exercise effective system administration.

If you'd like to automatically manage your partitions, I suggest that you use a distribution such as Red Hat 7.x. During installation, Red Hat gives you the option of automatically partitioning your drives. The result is shown here:

[root@bcdinc jray]# fdisk /dev/hda

Command (m for help): p

Disk /dev/hda: 255 heads, 63 sectors, 784 cylinders
Units = cylinders of 16065 * 512 bytes

  Device Boot  Start    End  Blocks  Id System
/dev/hda1  *     1     3   24066  83 Linux
/dev/hda2       4    784  6273382+  5 Extended
/dev/hda5       4    338  2690856  83 Linux
/dev/hda6      339    673  2690856  83 Linux
/dev/hda7      674    706  265041  83 Linux
/dev/hda8      707    739  265041  83 Linux
/dev/hda9      740    772  265041  82 Linux swap

Command (m for help):

This is a rather complex partitioning scheme that sets up separate boot, user, and swap partitions. These partitions are then automatically mounted as well:

[root@bcdinc jray]# mount
/dev/hda8 on / type ext2 (rw)
none on /proc type proc (rw)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
/dev/hda1 on /boot type ext2 (rw)
/dev/hda6 on /home type ext2 (rw)
/dev/hda5 on /usr type ext2 (rw)
/dev/hda7 on /var type ext2 (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)

Again, if you're a first-time user, Red Hat's automatic partition system makes installation as easy as Windows or Mac OS. If you've decided to use another distribution or partition the drive manually, there are several rules you should follow.

Lumping Linux into a Single Partition

First, you should never put root and user file systems on the same Linux partition. If you do so, you increase the chance that attackers can exploit SUID programs to access restricted areas.

NOTE

SUID files are special in that they always execute with owner privileges, no matter who runs them. For example, if root owns a SUID program, that program will execute with root privileges and have considerable power to access, alter, and overwrite files that might otherwise be unreachable. If an attacker can exploit weaknesses in SUID programs, he can threaten the system at large. (Learn more about SUID programs in Chapter 4, "Basic Linux System Administration.")

Additionally, lumping Linux into a single native partition makes your life as a system administrator difficult. For example, it might hinder your ability to incisively update or back up individual packages or file systems. And when the full Linux system occupies one partition, even limited file corruption can cause systemic problems (meaning that one corrupted directory hierarchy can affect others). Disk optimization (which is something you rarely even have to consider under Linux) is another problem under a single partition system. As new software is installed, old software is removed, kernels are updated, and so on, fragmentation will increase. Although there are tools to optimize Linux disks, they are unreliable and a pain to use. Most frequently the only real maintenance that can be performed on a single-partition system is to reinstall the operating system.

To avoid these problems, create a separate partition for each major file system. Figure 3.8 depicts one possible configuration.

Figure 3.8 All major file systems are on separate partitions.

This enhances security and makes backups and recovery manageable. You can specify different backup schedules for different partitions, system files are separated from data files, and so on. This approach also allows you to exercise more stringent control over each file system and how it is mounted.

NOTE

The term mount refers to how Linux makes different file systems available to you. When Linux mounts a local or foreign file system, it attaches the system to a local device and/or directory. This gives you an access point. For example, to grant you access to your CD-ROM, Linux associates the CD-ROM drive with the device /dev/cdrom (usually), and you must specify a directory as the mount point (typically, /mnt/cdrom or /cdrom). From that point on, your CD-ROM's top-level directory is accessible in /cdrom and its subdirectories are available beneath it (/cdrom/docs, /cdrom/install, /cdrom/source, and so on).

At system startup, Linux mounts all available file systems per the specifications set forth in /etc/fstab. You can use /etc/fstab to incisively control how users and the system access your partitions. Let's quickly cover /etc/fstab now.

/etc/fstab

/etc/fstab is the plain text file in which you specify file system mount options. Each line addresses one file system. For example, the following entry specifies mount options for an MS-DOS file system mountable in /dos:

/dev/hda4 /dos msdos defaults 1 1

The line consists of six fields:

  • The file system specification—Here you specify either the block device or file system to be mounted—in this case, partition 4 on the first drive. This is what Linux will mount.

  • The file system file location—This is the mount point—in this case, it's /dos, a common naming for a DOS file system mount point, as discussed earlier.

  • The file system type—In this field, you describe the file system's type: Minix, extended, DOS, HPFS, iso9660/CDROM, Network File System (NFS), or swap.

  • The file system mount options—Here you specify the level of access that users and the system will have on this mounted file system. Here's where security comes in. Your choices are as follows:

defaults Everything (quota, read-write, and suid).
noquota No quotas, generally.
nosuid No SUID access.
quota Quotas are active.
ro Read-only.
rw Read-write.
suid SUID access is okay.

  • File system dump parameters—This is a numerical value to flag file systems that need to be dumped (backed up).

  • File system check sequence number—Here you specify the file system's priority for integrity checks performed by fsck. (fsck is a file system integrity checker that examines file systems at boot by default.)

Where should you force a nosuid mount? Anywhere that local or remote users might be up to no good. For example, suppose that you anticipate providing anonymous FTP services (not a great idea). If so, consider creating a separate partition for this and have Linux mount it nosuid. This still allows data to be written but addresses the SUID problem.

Other Advantages of Multiple Partitions

So, multiple partitions offer you at least four advantages:

  • Easy backup and upgrade management

  • Faster booting (in some cases)

  • The ability to control how each file system is mounted

  • Protection against renegade SUID programs

There are other advantages. One is that the multipartition approach prevents accidental denial of service and shields your root file system from overflow. For example, /var stores logging information. If you have just a single partition containing root, /usr, /var, and /tmp, logs in /var can potentially flood your entire file system (and users can too).

Sizing Out Partitions

As noted, new users sometimes shy away from multiple partitions (beyond swap and root). That's because creating multiple partitions forces you to make some hard choices. For example, just how large should each partition be? Unfortunately, there's no definite answer to this question except when you're dealing with swap and root partitions. Swap partitions are typically twice the size of real memory available (recent decreases in RAM pricing make this unnecessary), and root should have 64MB minimum (although I allocate 100MB).

In respect to other file systems, you'll make your choices depending on different factors. One factor is what you intend to do with your Linux box. On a multiuser system, you'll want to give your users at least 20MB each (and probably more). Hence, for 10 users, you'll need a /home partition of at least 210MB.

Some of these values are interdependent. For example, if you're accommodating many users and providing mail and news services, your /var and /home partitions will need to be substantial. Unless, of course, users use third-party mail and news solutions. In that case, their messages will be stored in their /home/user directory; for example, /home/user/.netscape/.

If you run a firewall, you'll need a large log directory hierarchy (/var), and this should have its own partition. In fact, you might be forced to put this partition on a separate disk drive. That way you'll avoid losing valuable audit information if the primary file system is corrupted.

However, in most cases your largest partitions will house the /usr and /home directories.

NOTE

Some Linux distributions are moving towards storing more dynamic data in the /var directory than they did previously. Red Hat 7.x, for example, assumes the Apache root to be /var/www. Take this into consideration when partitioning.

Let's look at a conservative example. Here's a df report from a 1.6GB IDE hard drive with a 128MB swap partition that isn't visible from the df query:

Filesystem     1024-blocks Used Available Capacity Mounted on

/dev/hda2       66365  17160  45778   27%  /
/dev/hda5       373695  1549  352845   0%  /home
/dev/hda6       703417 344725  322356   52%  /usr
/dev/hda7       127816  21235  99981   18%  /var
/dev/hda8       123919   22  117498   0%  /tmp

Here's the fstab information immediately after installation:

/dev/hda2 / ext2 defaults 0 1
/proc /proc proc defaults 0 0
/dev/hda1 none swap defaults 0 0
/dev/hda5 /home ext2 defaults 0 2
/dev/hda6 /usr ext2 defaults 0 2
/dev/hda7 /var ext2 defaults 0 2
/dev/hda8 /tmp ext2 defaults 0 2
#
/dev/fd0 /mnt/floppy ext2 defaults,noauto 0 0
#
/dev/hdb /mnt/cdrom iso9660 ro,noauto 0 0

Note partitions 5, 6, 7, and 8. These are logical partitions. You're allowed only four primary partitions in the Intel world, or three primary partitions, one extended partition, and multiple logical partitions. To create additional partitions, first establish an extended partition and then slice this into logical partitions using either fdisk or, if you have Red Hat, Disk Druid.

CAUTION

Some distributions offer user-friendly installation routines that automatically suggest disk layout (much like Sun's Solaris does). These routines are convenient, but think carefully before accepting such a partitioning scheme. Automatic partitioning does not take into account the way that the system will be used. Instead, it creates a generalized partition table that doesn't necessarily work well with Web or file servers. For beginners, however, automatic disk layout is a great way to create a solid file system foundation with very little effort.

Although you've probably used fdisk already, some folks who purchased this book might not have installed Linux yet. For their benefit, I'll briefly address fdisk here. If your Linux distribution doesn't use fdisk, keep reading. Cfdisk and Disk Druid are both discussed later in the chapter.

fdisk

fdisk is a partition manipulator for Linux. During your installation, Linux will move you from a semi-graphical environment to a command-line interface so that you can partition your disks. At that point, you'll almost certainly be dealing with fdisk.

fdisk's initial prompt will look much like this:

Using /dev/hda as default device!

The number of cylinders for this disk is set to 1579.
This is larger than 1024, and may cause problems with:
1) software that runs at boot time (e.g., LILO)
2) booting and partitioning software from other OSs
  (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help):

Before continuing, if you're using fdisk for the first or even the fifth time, review the list of valid commands. That way, you can familiarize yourself with each one and reduce the chance of error. To view the complete command set, type m and press Enter. In response, fdisk will print a help menu:

Command action
  a  toggle a bootable flag
  b  edit bsd disklabel
  c  toggle the dos compatibility flag
  d  delete a partition
  l  list known partition types
  m  print this menu
  n  add a new partition
  o  create a new empty DOS partition table
  p  print the partition table
  q  quit without saving changes
  s  create a new empty Sun disklabel
  t  change a partition's system id
  u  change display/entry units
  v  verify the partition table
  w  write table to disk and exit
  x  extra functionality (experts only)

Also, examine the current partition table before you make any changes. That way, you can verify whether any partitions already exist. To do so, type p and press Enter. If you're working with an unpartitioned disk, fdisk will print a blank table:

Disk /dev/hda: 32 heads, 63 sectors, 1579 cylinders
Units = cylinders of 2016 * 512 bytes

  Device Boot  Start   End  Blocks  Id System

Command (m for help):

Now you're ready to begin creating your partitions.

From here on, I'll stick with the values from the preceding partitioning example. You'll need to adjust partition sizes according to your own needs. This is merely a walkthrough that demonstrates how to create an extended partition and logical partitions within it. Few Linux how-to books address this issue. (Most such books focus on Red Hat installations. Red Hat includes Disk Druid, a semi-graphical tool that simplifies the process for you. However, you might be installing another distribution, one with command-line fdisk. If so, this next section will illustrate the steps required when you're creating such partitions by hand.)

Creating the Swap and Root Partitions

First, you'll need to create your swap and root partitions. In this example, I'll assume that you're installing to a new hard drive, with no other existing file systems previously installed.

To create a new partition, type n and press Enter. In response, fdisk will ask you what style of partition you want. Type p and press Enter for primary:

Command Action

e extended
p primary partition (1-4)
p

fdisk will then ask you to number the new partition. This is your first primary partition and will house your swap file, so choose 1:

Partition Number (1-4): 1

Next, fdisk will ask you to specify where the partition starts. This is your first partition and you want to write it from the first cylinder onward, so choose 1:

First cylinder: (1-1579) 1

Finally, to complete the cycle, fdisk will ask you to size the partition. Swap file size is a matter of personal preference. In past years, Linux tutorials prescribed a ratio approach: "If you have 8MB of RAM, you'll need a 16MB swap file, minimum." With the cost of 128MB RAM falling well below $100, it is rarely necessary to rely on swap space.

As per the preceding example, choose 128MB (based on 64MB of physical RAM):

Last cylinder or +size or +sizeM or +sizek (1-1579): +128M

After you create each partition, reexamine the fdisk partition table. This way, if you make typographical errors, you can catch them before writing changes to disk. Here's what the updated table will look like after you create the first partition:

Command (m for help): p

Disk /dev/hda: 32 heads, 63 sectors, 1579 cylinders
Units = cylinders of 2016 * 512 bytes

  Device Boot  Start   End  Blocks  Id System
/dev/hda1       1   130  131008+ 83 Linux native

Note that the partition is type 83 (Linux native). You need to change this. This partition is a swap partition, and you must manually designate it as such. To do so, type t and press Enter:

Command (m for help): t

In response, fdisk will prompt you for the partition number. Choose 1:

Partition number (1-4):1

Finally, fdisk will ask which partition type you want. Choose 82 to convert the partition to a Linux swap:

Hex Code (L to list): 82

When you reexamine the partition table, fdisk will reflect the changes:

Command (m for help): p

Disk /dev/hda: 32 heads, 63 sectors, 1579 cylinders
Units = cylinders of 2016 * 512 bytes

  Device Boot  Start   End  Blocks  Id System
/dev/hda1       1   130  131008+ 82 Linux swap

Next, create the root partition. Here again, size is a matter of personal preference. You should allocate at least 32MB to root, although I've seen people make this partition as large as 100MB. In any case, the procedure is precisely the same. You start by creating a new partition. Type n and press Enter. Then fdisk will ask what style of partition you'd like. Again, type p and press Enter for primary:

Command Action

e extended
p primary partition (1-4)
p

Then fdisk will ask you to number the new partition. This will be your second primary partition, so choose 2:

Partition Number (1-4): 2

In response, fdisk will ask you to specify where the partition starts:

First cylinder: (131-1579)

Note that the first valid starting cylinder is now 131. That's because your swap partition occupies cylinders 1 through 130. Therefore, you'll start your root partition at cylinder 131:

First cylinder: (1-1560) 131

And finally, fdisk will ask you to size the partition. For this example, allocate 64MB:

Last cylinder or +size or +sizeM or +sizek (131-1579):+64M

The results show a Linux (type 82) swap partition and a root (type 83) partition:

Command (m for help): p

Disk /dev/hda: 32 heads, 63 sectors, 1579 cylinders
Units = cylinders of 2016 * 512 bytes

  Device Boot  Start   End  Blocks  Id System
/dev/hda1       1   130  131008+ 82 Linux swap
/dev/hda2      131   198  68544  83 Linux native

Creating the Extended Partition

The next step is to create an extended partition that will occupy the remaining disk space. To create an extended partition, type n and press Enter (new), and then choose e for extended:

Command Action

e extended
p primary partition (1-4)
e

Here, fdisk will ask you to specify the extended partition's first cylinder. In this case, the first available cylinder is 199, so choose that:

First cylinder: (199-1579):199

Finally, fdisk will ask you to specify the extended partition's last cylinder. In general, you should go with the very last cylinder. That way, the extended partition occupies the remaining disk space. However, you choose to leave some space at the end of the disk, so specify cylinder 1560:

Last cylinder or +size or +sizeM or +sizek (199-1579): 1560

Here are the results:

Command (m for help): p

Disk /dev/hda: 32 heads, 63 sectors, 1579 cylinders
Units = cylinders of 2016 * 512 bytes

  Device Boot  Start   End  Blocks  Id System
/dev/hda1       1   130  131008+ 82 Linux swap
/dev/hda2      131   198  68544  83 Linux native
/dev/hda3      199   1560 1372896  5 Extended

The table now shows one Linux swap, one Linux native, and one Linux extended partition. Your remaining task is to allocate several logical partitions.

Creating Logical Partitions Within the Extended Partition

Now that fdisk is aware of an extended partition, the fdisk menu will change. To create your first logical partition (for /home), type n and press Enter. In response, fdisk offers a new menu. Here, choose l for logical:

Command Action

l  logical (5 or over)
p  primary partition (1-4)
l

Then fdisk will ask you to specify the new logical partition's first cylinder. Note that the first available cylinder is 199, which is the same first available cylinder that you specified for the extended partition. That's because your logical partitions will lie on top of the extended partition. So, choose 199:

First cylinder: (199-1579):199

Finally, fdisk will ask you to specify this logical partition's last cylinder. To give /home 370MB, choose 581:

Last cylinder or +size or +sizeM or +sizek (199-1579): 581

Here are the results so far:

Command (m for help): p

Disk /dev/hda: 32 heads, 63 sectors, 1579 cylinders
Units = cylinders of 2016 * 512 bytes

  Device Boot  Start   End  Blocks  Id System
/dev/hda1       1   130  131008+ 82 Linux swap
/dev/hda2      131   198  68544  83 Linux native
/dev/hda3      199   1560 1372896  5 Extended
/dev/hda5      199   581  386032+ 83 Linux native

You add the remaining partitions, /usr, /var, and /tmp, in the same fashion. Here's the sequence for /usr:

Command Action

l  logical (5 or over)
p  primary partition (1-4)
l
First cylinder: (582-1579):582
Last cylinder or +size or +sizeM or +sizek (581-1579): 1302

Here's the sequence for /var:

Command Action

l  logical (5 or over)
p  primary partition (1-4)
l
First cylinder: (1303-1579):1303
Last cylinder or +size or +sizeM or +sizek (1303-1579): 1433

And finally, the sequence for /tmp:

Command Action

l  logical (5 or over)
p  primary partition (1-4)
l
First cylinder: (1433-1579):1303
Last cylinder or +size or +sizeM or +sizek (1433-1579): 1560

When you view the final results, fdisk will reflect the following changes:

Command (m for help): p

Disk /dev/hda: 32 heads, 63 sectors, 1579 cylinders
Units = cylinders of 2016 * 512 bytes

  Device Boot  Start   End  Blocks  Id System
/dev/hda1       1   130  131008+ 82 Linux swap
/dev/hda2      131   198  68544  83 Linux native
/dev/hda3      199   1560 1372896  5 Extended
/dev/hda5      199   581  386032+ 83 Linux native
/dev/hda6      582   1302  726736+ 83 Linux native
/dev/hda7     1303   1433  132016+ 83 Linux native
/dev/hda8     1434   1560  127984+ 83 Linux native

After you've achieved and verified your desired results, choose w. This will exit fdisk and permanently commit these changes to disk. Linux will then return you to the main installation program.

Other Partitioning Tools

Not every Linux installation program directs you to fdisk for partitioning. Instead, you might work with cfdisk or Disk Druid. These tools are much easier to use.

cfdisk

cfdisk is a Curses-based partition manipulator for Linux.

NOTE

Curses is a development package for creating menu-based programs on Unix terminals. Curses applications vaguely resemble old DOS programs, in that you can navigate menu choices by using arrow keys. Traditional Curses applications have a black background and white foreground. Menu choices appear in white until highlighted with a white bar, at which point the highlighted text turns black. Learn more about Curses programming at http://dickey.his.com/ncurses/ncurses-intro.html.

cfdisk presents a comfortable and easy-to-navigate interface. Please see Figure 3.9.

Figure 3.9 Partitions viewed in cfdisk's Curses environment.

For the most part, you'll have no trouble navigating cfdisk using arrow keys—the program provides ample help along the way. However, I've provided a summary of important cfdisk keystrokes and their functions in Table 3.2. This is in the event that on your first installation, you're forced to use cfdisk but have little or no accompanying documentation—a common problem.

Table 3.2 Keystroke Commands in cfdisk

Key

Function

?

Get help.

b

Set (or unset) the highlighted partition as bootable.

d

Delete the highlighted partition.

g

-Enter an expert mode where you can alter the disk's listed geometry. Warning: Use this function with caution. This is much like specifying your own disk drive settings (heads, cylinders, blocks) in your BIOS. Chances are that cfdisk's auto-detected values are correct. If you specify erroneous values, your Linux system may not boot.

h

Get help.

n

Create a new partition.

p

Obtain and print the current partition table information.

q

Quit cfdisk.

t

Change the file system type (much like t works in fdisk).

W

Write changes to disk. (You must issue the W command in uppercase.)


Disk Druid

Disk Druid, common to Red Hat installation as a fdisk alternative, is even easier to use. The application is entirely graphical. Please see Figure 3.10.

Figure 3.10 Disk Druid's opening screen.

To add your partitions, highlight the Add button and press Enter. In response, Disk Druid displays a dialog box with all the options you'll ever need. Please see Figure 3.11.

Figure 3.11 Disk Druid's partition editing screen.

Summary of Partitions and Security

Because partitioning has a strong bearing on your system security, you should carefully weigh your options before installation. Making your final decisions will never be easy.

Balancing disk load is probably the most challenging aspect of partitioning, particularly with smaller disks. By creating multiple partitions, you limit each file system's ability to grow. In certain instances, of course, that's exactly what you want. However, it's irritating to later discover that you failed to allocate adequate disk space.

One thing that can help is to know each major file system's purpose. Here they are, in short order:

  • /—Houses relatively few files (mostly startup scripts).

  • /usr—Houses most of your software.

  • /home—Houses your user directories.

  • /opt—This is for third-party add-on software (Netscape, StarOffice, and so on).

  • /var—Houses garden-variety administrative logs, mail, and news.

Disk balancing also gets easier if you develop policies for a consistent application set. For example, perhaps you limit third-party software to Netscape Communicator, StarOffice, and Corel WordPerfect. This eliminates the need for a large /var partition and gives you a ballpark figure on how large /opt has to be.

Of course, there's no law mandating that you create a dozen partitions. The partition parameters in the preceding examples are for demonstration purposes only. You can get along nicely with just three partitions, especially if only a few trusted users have access to your Linux system. Only you can accurately assess how many partitions you'll need and which file systems to segregate.

Here are some closing tips:

  • You might prefer fewer partitions, or you might want to prioritize file systems that must or should be segregated. If so, the important file systems to house on separate partitions are root (/), /var, and /tmp from a security viewpoint, or root (/), /var, and /usr from an administrative viewpoint. At bare minimum, I strongly advise housing root on its own partition.

  • If you allocate partitions to non-Linux operating systems, carefully consider how you want Linux to mount them. For example, suppose that you have a small Windows partition at the beginning of the disk. If you use this partition almost exclusively when in Windows, consider having Linux mount it read-only or not at all. That way, you protect it from either accidental or intentional damage.

  • If you're running a firewall, sniffer, or other network-monitoring device, funnel logs to their own partition (preferably on another disk).

  • Exercise care when setting partition mount options. Sometimes, restrictive policies can lead to administrative headaches. For example, suppose that you decide to lump contributed binaries into /usr/local and have Linux mount /usr/local read-only. Later, this might hamper your ability to perform upgrades without first redefining the mount option.

Finally, here are some resources for more information on partitioning:

  • + Share This
  • 🔖 Save To Your Account

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020