Optimal partitioning scheme, and How to avoid backing up in case of OS change...
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Optimal partitioning scheme, and How to avoid backing up in case of OS change...
Hi,
I have recently installed SL 5.5, while waiting for the final SL 6 ...
Since this shouldnt be much longer now, I haven't done anything "serious" in my SL 5.5 box...
I really want to shift to SL 6 because there are a lot of packages i need to build which are not in the 5.5 repos... Gnumeric 1.6.3 from epel is unusable, Paraview needs the latest Qt4, Scilab needs a most recent version of PCRE, etc.
Since this will be a production machine, I need stability ( that's why I have chosen SL 6/CentOS 6), as well as some compatibility with closed source apps, like Intel Compilers, Abaqus, or Pro Engineer.
My issue here is the following...:
This machine will have a 2 TB disk which I intend to partition as follows :
100 Mb -> /boot -> ext4
50 Gb -> / -> ext4
1 Gb -> swap -> swap ( this will be a 16 Gigs Ram machine, so... no more swap )
1948.9 Gb -> /home -> ext4 -> luks encrypted
Should I need to reinstall, or decide to change my OS, if I leave /home untouched in the (re)install, i will be able to luks mount my /home, right...?
I mean... any "modern" distro should allow me to do this... right...?
Should I need to reinstall, or decide to change my OS, if I leave /home untouched in the (re)install, i will be able to luks mount my /home, right...?
I mean... any "modern" distro should allow me to do this... right...?
In another thread I was just talking about maybe moving from Mandriva to OpenSUSE. I commented that I have several issues to sort out before I am willing to make the move.
One of those issues is exactly this one. All of my system except the system partition is encrypted. That includes 6 hard drives and partitions everyplace.
Now, I certainly would expect that I can mount any of my encrypted partitions using any Linux distro, but I haven't proved it yet.
In the next couple of days, I am going to unmount one of my data partitions from the host, and make it available as a physical partition for one of my OpenSUSE virtual machines. Then, we'll see. If it is recognized and I can mount it, then that is one less problem to worry about.
I just haven't gotten around to doing it yet.
By the way, I run an encrypted swap partition, and the directories /tmp, /var/cache, and /var/tmp are located on partitions other than my system partition in order to prevent data leaks into the unencrypted part of the computer.
By the way, I run an encrypted swap partition, and the directories /tmp, /var/cache, and /var/tmp are located on partitions other than my system partition in order to prevent data leaks into the unencrypted part of the computer.
At boot time my /tmp is wiped off, all temporary files from previous sessions vanish, IMHO none of my workhorse apps write to /var/cache and /var/tmp, and all the "critical" files that leave the computer leave as gpg encrypted, is there really need to encrypt /var/*...?
At boot time my /tmp is wiped off, all temporary files from previous sessions vanish, IMHO none of my workhorse apps write to /var/cache and /var/tmp, and all the "critical" files that leave the computer leave as gpg encrypted, is there really need to encrypt /var/*...?
What about if the power plug is pulled, as the thief grabs your machine and heads for the door? If he puts a Knoppix disk into your drive and boots your computer, what might he find in /tmp?
Also, kde uses /var/tmp. My system uses /var/cache. Some of that is Mandriva, some is other things. While writing this, I realized that /var/lib/mysql contains a lot of genuine data, so I just moved it over too. I have just recently completed my platform encryption project, and I elected to not encrypt the system partition for now at least, so as I find these things they get moved.
What about if the power plug is pulled, as the thief grabs your machine and heads for the door? If he puts a Knoppix disk into your drive and boots your computer, what might he find in /tmp?
Also, kde uses /var/tmp. My system uses /var/cache. Some of that is Mandriva, some is other things. While writing this, I realized that /var/lib/mysql contains a lot of genuine data, so I just moved it over too. I have just recently completed my platform encryption project, and I elected to not encrypt the system partition for now at least, so as I find these things they get moved.
I see...
The only possibe secure HPC platform would have to be implemented using Computation over encrypted instances then...
Now thieves can steel my machine at will huh... !?
Bad attitude.
Backups are more important than encryption in the general scheme of things. Not much good having it all scrambled it you lose access to it (destroyed, not as in stolen).
Last edited by syg00; 11-30-2010 at 06:57 PM.
Reason: clarification (I hope .... :) )
Bad attitude.
Backups are more important than encryption in the general scheme of things. Not much good having it all scrambled it you lose access to it (destroyed, not as in stolen).
Thx Syg00
Sometimes ppl just do not bkup out of lazyness... to just regret it when s**t happens...
Don't get mislead by the "guru" tag - I merely have some experience others may find useful. Or not. Applies to almost all of us.
I've told jeremy I'd be happy if the labels (and post count) were done away with altogether. But that's for other threads.
Bad attitude.
Backups are more important than encryption in the general scheme of things. Not much good having it all scrambled it you lose access to it (destroyed, not as in stolen).
OK. To follow up on this thread, I have successfully tested dmcrypt, moving a partition from one machine to another.
I unmounted a data partition from my Mandriva 2010.1 32 bit host, and defined that partition as belonging to one of my OpenSUSE 11.3 64 bit virtual machines.
I then booted that OpenSUSE system, did a cryptsetup luksOpen, entered the passphrase, then mounted the opened volume.
I browsed into the volume in OpenSUSE, played a video on the volume, and stored some data there.
I then dismounted the volume from OpenSUSE, remounted it on Mandriva, opened it, and read the data I had written from OpenSUSE.
Now, of course, we would certainly have expected this to work. So, that it works is really no surprise. But we never really know until we try, now do we.
And, given that these are encrypted partitions, if it DOESN'T work, it could cause all kinds of grief. Better to test it first.
I dont care about separate /boot partition, never needed one
I like (and suggest you too) to add a second OS partition - with some basic linux and all kinds of recovery stuff installed, few tar.xz's of the root partition / usefull packages / iso's of the CD of your distro. This way you can instantly recover your OS even if you have nothing at hand besides the computer itself
To minimize the space required for this partition you can store some of the stuff in /home (assuming you are going only to reinstall root ever)
You can go as far as installing a second grub in the root partition and chain loading it from the first grub. This way you garantee that whatever upgrade you do to the main OS you can only screw its grub and not the main grub that boots the recovery system
You can install the second partition system independent so that you can boot the hard drive in any other computer, and use it as a live-hdd (like live-cd) to recover another computer. Dont you just like all those multifunctional tools to be at your hand at all times ?
I dont care about separate /boot partition, never needed one
I like (and suggest you too) to add a second OS partition - with some basic linux and all kinds of recovery stuff installed, few tar.xz's of the root partition / usefull packages / iso's of the CD of your distro. This way you can instantly recover your OS even if you have nothing at hand besides the computer itself
To minimize the space required for this partition you can store some of the stuff in /home (assuming you are going only to reinstall root ever)
You can go as far as installing a second grub in the root partition and chain loading it from the first grub. This way you garantee that whatever upgrade you do to the main OS you can only screw its grub and not the main grub that boots the recovery system
You can install the second partition system independent so that you can boot the hard drive in any other computer, and use it as a live-hdd (like live-cd) to recover another computer. Dont you just like all those multifunctional tools to be at your hand at all times ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.