Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 08-18-2003, 02:15 PM   #1
Registered: Aug 2003
Distribution: Red Hat 9
Posts: 76

Rep: Reputation: 15
Question partitions suggestions for RH webserver

I was wondering if anyone can give me some guidelines on how I should partition my hard drive.

My server is a Dell PowerEdge 1650. ITs a Pentium 1266Mhz processor with 256MB RAM (do I need more??) and 20GB HD. It will be used as a web server. I will be hosting one website from this machine, and I am not storing any data. I don't really require home directories...

When I choose the automatic partition I get:
Device           Start  End    Size(MB)   Type    Mount Point  
  --/dev/sda1     1     6        47       ext3      /boot
  --/dev/sda2     7     2148   16802      ext3      /
  --/dev/sda3    2149   2213     510      swap
Is this sufficient and / or safe?? Basically I have the following needs of the web server:
1. Serve approx 100 static html pages with Apache
2. Serve approx 5 pages that run an OLDP transaction with our backend UNIX system.
3. Serve approx 10 JSP and run approx 10 Java programs with Tomcat

The website will be accepting payment for a service, and send data off to a processor. As I mentioned, I am not using any type of database to store any data (not storing cardholder data). The traffic won't be that heavy in the beginning. Later, we will be added an IVR system that will also use my web server to process credit card transactions.

Should I have my web app on a separate partition than everything else? (I'm not even sure if this is possible)

For example, have:
1)root partition
2)boot partition
3)swap partition
4)webapps partition (has all apache and tomcat config files, and pages/programs to be served)

I am not completely clear on the purpose of the partitions other than keeping data separated. I'm not sure if separating things on partitions help to make a more secure server? For example if my website gets hacked, and I have the webapp on a separate partition, can I prevent the rest of my server from being touched?

Thanks for the help.
Old 08-18-2003, 02:43 PM   #2
Registered: Jul 2003
Location: Louisville aka Derby City
Distribution: WinXP SP2 and SP3, W2K Server, Ubuntu
Posts: 313

Rep: Reputation: 30
One source (Maximum Linux Security) suggests that having data on separate partitions does protect other partitions should a program on anyone partition by pahcked. The author suggested SUID programs as a security risk if they occupy the same partition as root.

SUID programs executes with the owners privilages regardless of who runs them. If a SUID program is owned by root, it executes with root priviliges no matter who executes it. Some examples of SUID programs that are owned by root are:


To take advantage of the sparate partitions, you can go to fstab and mount the partitions 'no setuid'.

As to what partitions you should have, not sure. The example I see is:


all of separate partitions.
Old 08-18-2003, 02:55 PM   #3
Registered: Jul 2003
Location: Boston, MA, USA
Distribution: RedHat, SuSE, Gentoo, Slackware, Mandrake ...
Posts: 111

Rep: Reputation: 15
It doesn't really matter for your purposes. Creating a separate filesystem to put all your web server data on isn't going to make it any more secure. If someone cracks your system, they're going to be able to access any files on any mounted filesystem, regardless of what filesystem it is on.

Creating multiple filesystems can be useful if you expect to be running out of disk space. For example, if you have interactive users, you normally put all their home directories in a separate filesystem (/home). That way, if they fill it up, there's still space in the / filesystems for the system to use. If you didn't make /home a separate filesystem, then when users used up all your disk space, the system wouldn't even be able to log the errors and the whole thing would grind to a halt. Separating things into separate filesystems prevents such situations.

Because you're not expecting any dynamic creation of data on your web server, your disk is unlikely to fill up like this. The only thing that might make this happen is if you're not rotating your log files frequently enough and they fill up the disk. With 20GB to serve 100 pages, that's not going to happen if you rotate logs properly.

BTW: I'm saying "filesystem" here instead of "partition" because when you're talking about / or /boot or /home you're referring to the logical filesystem built within a disk partition (or spanning several disk partitions if you're using Logical Volume Management). Partitions refer to physical disk devices, such as /dev/hda3, while filesystems refer to the logical structure of your data. Just a minor distinction.
Old 08-18-2003, 03:02 PM   #4
Registered: Aug 2003
Distribution: Red Hat 9
Posts: 76

Original Poster
Rep: Reputation: 15
Thank you both for your posts. I'm actually not worried about running out of disk space. My concern was whether or not there was a way to restrict the access to the separate 'filesystems'.

If I understand you correctly, then the actual partition is the /dev/hda, and the /dev/hda1-3 are the filesystems??
Old 08-18-2003, 03:57 PM   #5
Registered: Jul 2003
Location: Boston, MA, USA
Distribution: RedHat, SuSE, Gentoo, Slackware, Mandrake ...
Posts: 111

Rep: Reputation: 15
>... the actual partition is the /dev/hda, and the /dev/hda1-3 are the filesystems??

Well, no. /dev/hda is the entire disk. /dev/hda1, /dev/hda2, etc. are partitions on that disk. You create filesystems within those partitions (with the mkfs command), and mount them at directory pathnames like / or /var or /home. Yeah, I misspoke: partitions refer to *parts* of the physical devices. Sorry about that.

jdruin is right about the SETUID thing; I had forgotten about that. The idea is that you put all directories that normal users can write to in filesystems mounted with the "nosetuid" option. Then even if they manage to create a file with the setuid permission bit on, the system will ignore it.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
/proc/partitions showing wrong partitions netstv Linux - General 1 07-10-2006 01:11 PM
suggestions Debian hard drive partitions bearbigears Linux - Newbie 8 03-02-2005 03:23 PM
FTP/webserver suggestions Atrocity *BSD 6 06-17-2004 01:42 PM
Create software RAID partitions first, then create filesystem partitions on top of th stefanlasiewski Linux - Software 1 04-28-2004 04:12 PM
Can't see WebServer from outside... Can see WebServer locally as http://localhost friddick Linux - Networking 13 08-19-2003 06:27 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:25 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration