LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Look over this fstab please (https://www.linuxquestions.org/questions/linux-newbie-8/look-over-this-fstab-please-871360/)

Ipozya 03-27-2011 08:33 PM
Look over this fstab please
 
Could anyone comment on this fstab (suggestions or corrections). I have put it together form google/forums. Please note that noexec for the /var parititon is valid for Arch Linux since the there are no files that need to be executed from it (according to Arch wiki). Thanks for any help!

Code:
#
# /etc/fstab: static file system information
#
# <file system>        <dir>        <type>    <options>          <dump> <pass>
devpts                /dev/pts      devpts    defaults            0      0
shm                    /dev/shm      tmpfs    nodev,nosuid        0      0

/dev/sda5 /boot ext3 defaults,noatime 0 2
/dev/sda10 swap swap defaults 0 0
/dev/sda3 / ext3 defaults,noatime,errors=remount-ro 0 1
/dev/sda8 /home ext3 defaults,noatime,nosuid,nodev,errors=remount-ro 0 2
/dev/sda9 /usr ext3 defaults,noatime,nodev,errors=remount-ro 0 2
/dev/sda7 /tmp ext3 defaults,noatime,nodev,nosuid,noexec 0 2
/dev/sda6 /var reiserfs defaults,noatime,nodev,nosuid,noexec,barrier=flush 0 2
Does it matter what order the entries are in? This is how it was ordered by default.

EDIT: I added persistent labelling. I removed all of the /dev/sda* and replaced with UUID=[alphanumeric code] to match output of "sudo blkid"

acid_kewpie 03-28-2011 02:49 AM
What are we looking for? Why have you "put it together" in the first place?

Ipozya 03-28-2011 10:38 AM
Well I previously had the default fstab; which was simply the "defaults" option for each partition and 0 1 for dump/pass (besides 0 0 for swap). I did some searching and I put this fstab together based on others suggestions in previous threads and articles. I am not the most experienced linux user so I don't fully comprehend some of the deeper implications of some of these choices (e.g. the practical difference between using relatime and noatime) and just want to make sure I these changes are valid or if you would recommend something different.

toordog 03-28-2011 03:12 PM
Quote:
Originally Posted by Ipozya (Post 4306410)
Well I previously had the default fstab; which was simply the "defaults" option for each partition and 0 1 for dump/pass (besides 0 0 for swap). I did some searching and I put this fstab together based on others suggestions in previous threads and articles. I am not the most experienced linux user so I don't fully comprehend some of the deeper implications of some of these choices (e.g. the practical difference between using relatime and noatime) and just want to make sure I these changes are valid or if you would recommend something different.

Ipozya, when i begun with Linux, I tend to do like you and optimize my system without really understanding what I was doing. But I quickly learn that doing it was usually worse than the default for the simple reason that Linux is made by Guru expert that really know what they are doing. I couldn't say the same from Microsoft back to 1998-2000 and they did a much better work in the most recent version. From that perspective, it is not that useful to try to optimize your system. Your personal needs will probably never reach the limit of the actual configuration.

As per the security concern, if you have a dynamic IP, that your password are strong (most hack are not from exploit but from weak password) and you don't host service like FTP, WEB, you will be fine.

Now if you machine is a server and security is of concern, it is beyond the scope of a new comer to Linux. It will requires you lot of reading (not how to but real manual) to understand what you are doing. Following blindly advice found on forum without understanding it is a bad habit. A good habit would be to use the information as a guidance to investigate the detail behind it. How to is useful and can help just like following an architecture plan is for house builder. But you cannot build a house without knowing what the plan refer to or you will build a house that can't stand straight because the plan cannot oversee everything perfectly. ;)


I don't see anything bad about your configuration, but it is very restrictive and you might face some issue. The default is good enough you can trust it. If you want to add just enough security to feel safe, put your /tmp in a different partition just like you did and put a noexec and nosuid on it that's it. You probably don't need more than that.


Remember that your main focus should be : STRONG Password and don't allow anonymous access of any kind. And don't setuid or setgid any files on your own unless you really know what you are doing.

Ipozya 03-28-2011 05:13 PM
Hi toordog,

I fully share your sentiments but at the same time I have no problems fiddling around. My system is backed up and if I ever had to reinstall a distribution, all I really would need are a few configurations files that I have edited over time and the rest would not take too long. And I am not exactly a "new" linux user. I have used it for nearly a year and have gotten very used to it (used arch for 6 months and work almost exclusively in CLI). I just have recently been more interested in fiddling around with system files and seeing the effects. I don't really see a better way of learning, and honestly if I make mistake, it's not the end of the world. So I am quite inexperienced compared to many of the people here who have used linux for quite some time, but still know my way around :)

That being said, I certainly don't want to do anything unnecessary, restrictive, or potentially detrimental to my system. What with this fstab do you see as potentially causing problems or restricting the system? After skimming "man mount" and looking online, most of these changes were recommended. The man mount, for example, suggested that barrier=flush is added to any reiserfs partition on a computer that is not always connected to a secure power source (e.g. my laptop) to prevent corruption in the case of power loss. The same for errors=remount-ro. I will admit that I am slightly more unsure about nodev, nosuid, noexec for each partition (some things are arch-specific, like noexec on /var), but from reading their intended use and other suggestions, that seemed to be the setup I ran into most often. The noatime seems like it adds a performance boost to laptops by requiring less work from hardisk.

So from my standpoint, I am introducing most of these options as they seem to bring clear performance advantages and security in the case of power loss (I was considering safety from intruders to a much smaller extent). This is I guess what I am asking, maybe I am getting it all wrong and am not benefiting from all this, but I don't see how something like errors=remount-ro on partitions with data I would like to keep safe or noexec,nosuid on /tmp is not advisable to most users.

Notably, the default fstab does not use persistent labelling (uses /dev/sda* instead of LABEL/UUID=). Using something like UUID= is much better to avoid dev nodes swapping names (would make system unbootable), so there are definitely cases where changes are warranted.

themanwhowas 03-28-2011 07:00 PM
Why are you using resierfs?

Also i don't think that the /boot partition needs ext3. ext2 would be fine as ext3 is just ext2 with a journal. the /boot partition needs no journal. ext3 wouldn't be a problem though. I compare it to saving up £1,000 for a £500 TV. Why would you do that?

Ipozya 03-28-2011 08:02 PM
Reiserfs is recommended for arch users for the /var partition (pacman uses a lot of small files, which reiserfs is the best at handling. I don't exactly know if this is still the case with pacman-3.5 which came out last week since it changed the database significantly. It would be difficult anyway to change now without going through a lot of trouble (I think?). I agree that /boot doesn't need journaling (nor does /tmp) but I don't really know if it's even worth changing now.

And just to add another point, toordog, it's not simply because the defaults are those set by the developers that they are necessarily the best. For a distribution like arch (which relies on KISS principle), most configurations are quite minimalistic by default. They are set to be the simplest conditions that is known to work. It doesn't make sense for them to add a lot of options that may not apply to every user. This doesn't mean that users shouldn't actively read up on the configuration files and edit things if it is likely to improve their unique system.

themanwhowas 03-28-2011 08:23 PM
Correct me if I'm wrong but reiserfs is better for small files because it packs them in together no? Tail packing? So it's more for space saving rather than performance. Anyway, I used reiserfs a few years back and had a terrible time with it. I'm not saying that you will, or that you shouldn't use it. I'm no filesystem guru. I just would personally never ever use it again

toordog 03-28-2011 11:50 PM
Quote:
Originally Posted by Ipozya (Post 4306950)
Reiserfs is recommended for arch users for the /var partition (pacman uses a lot of small files, which reiserfs is the best at handling. I don't exactly know if this is still the case with pacman-3.5 which came out last week since it changed the database significantly. It would be difficult anyway to change now without going through a lot of trouble (I think?). I agree that /boot doesn't need journaling (nor does /tmp) but I don't really know if it's even worth changing now.

And just to add another point, toordog, it's not simply because the defaults are those set by the developers that they are necessarily the best. For a distribution like arch (which relies on KISS principle), most configurations are quite minimalistic by default. They are set to be the simplest conditions that is known to work. It doesn't make sense for them to add a lot of options that may not apply to every user. This doesn't mean that users shouldn't actively read up on the configuration files and edit things if it is likely to improve their unique system.

noatime, and the ro are all by default in every fstab. They are minimalistic like you said but enable even if it is not written. It is not true that the system is bare minimum and not optimized. The system is highly optimized to fit in the most majority of situation which you are. So to give you an example where your system would not be fit for a particular environment. Let say you have 64G of RAM, you will need to tweak a little bit becuase you probably don't want 128G of swap by default (easy example but sysctl config would be more of matter but i didn't want to go too deep for now).

Let says that you have 20T of hard drive and all your file are 1M size. You will be out of inode in a matter of minutes and your partition would probably not be aligned. If you had a database of 3T that read constantly to your drive, you might want ot allow more memory cache for the read than for the write. (this will decerase performance on the other side).

Unless you are facing those extreme situation, your system is the most optimized way you can get. If you try to optimize it, you will gain lower than 1% and you will risk 70% to decrease your performance by doing anything. When it comes to performance, the best way is not to randomly push the button. just like you will not try to find a password of 10G combine just by bruteforcing it. You need to read the manual before implementing any change. You must understand the inter relation of every options before you do something. Trust me, just playing with it is not going to help you but to make you confused and disgusted. There is nothing less motivating than having something that doesn't work and without being able to understand why. You are better understand first, do a change and benefit from it and continu your way than the opposite.

With 1 year of experience you are no longer a newbie, but you are still a beginner even if you use the CLI.


I don't know your level, but if it is something that you can swallow, try to read about sysctl option and try hard to understand waht are their relation in between each other. Try to read about people that master performance and read about their suggestion for different context and try to figure out why they did that that way. It will be hard to read at first, but once you start to understand more it'll become much easier and you will understand much better the underlayer of the CLI, GUI and the OS in general. You will start to understand waht is a sector on a disk, what is a block, what is a inode, what is a link (ln)related to the physical hdd in Unix.

Before going to the underlayer of the OS, I would ensure to masterise all the basic that we tend to quick read when we start. Like understanding exactly what is the stdout, stdin, stderr how the system see a device a directory a link a file. How the system make call to a device or a file to read it. (is it exactly the same way or is it different? if you cannot answer that you should read more about the basic.) What PS1 PS2 PS3 PS4 mean for. This is just about the Shell, but most intermediary Unix user couldn't answer from memory.

Most people try to jump directly to recompile a kernel, link module (mostly drivers) without even masterizing their Shell.


If you want to really learn fast with Unix, don't try to go too fast. It is very complex, give yourself time and read as much as you can. Try to read the real manual not forum or how to. Forum and How to are good when you are stuck or when you need to refresh your memory only. And trust me, one life is not going to be enough to know it all. But after 5 Years of intensive study, you will know enough to be able to improvise most of what you don't know and to find quickly what you need when you need it. It would be useless to know everything just to know it. As long as you can find what you need quickly and do it by yourself a bit by instinct (accumulation of all your experience and knowledge).



Take care :)


All times are GMT -5. The time now is 04:10 AM.