Daniel Wright wrote:
As someone new to setting up an email server and actually in the process
of researching it, I have actually found the thread, "sendmail vs.
postfix" very interesting. The one thing that is not clear to me is the
partition scheme that is best for an email server.
I would like to here what people are using for their partition setup.
Anyone care to share?
/
/boot
/var
/usr
/tmp as tmpfs
/var/tmp as tmpfs
/home
/tmp and /var/tmp will be kept on memory filesystems, you can limit the
sizes (if you don't, default is half of your RAM). Advantage is that
when you reboot, they are gone. IMO, 64-128MB is more than enough for
each of them. Solaris has /tmp on tmpfs for eons. Don't know why it
hasn't become common practice in Linux world.
You can mount /boot and /usr read-only. Don't forget to remount
read-write when you actually need to install/update software.
You can also mount /boot, /var, /tmp, /var/tmp, and /home as nosuid and
noexec, as needed. They shouldn't contain executables anyhow.
Especially no setuid executables.
Do note that some of these do not play nicely with SELinux (yet). If
you run Apache under SELinux, you can't mount /var nosuid (or privilege
transitioning will not work on that partition, which is logical when
partition is mounted nosuid, therefore Apache will not work -- in that
case remove nosuid flag).
Also, if you want cgi-bin scripts in /var/www/cgi-bin, you can not mount
/var as noexec.
Also, PostgreSQL doesn't like /tmp being on tmpfs when run under SELinux
(bug in targeted policy, but there are many other targeted policy bugs
related to use of /tmp even if it is on regular disk-based file system,
so don't worry about it).
--
Aleksandar Milivojevic <amilivojevic-KM6NQS1Ds0I@xxxxxxxxxxxxxxxx> Pollard
Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
|
