HB Computer Security | Aide Memoire
  • Introduction
  • Core Technical Skills
    • Core Skills
      • Linux
        • Getting to Know Linux
          • Using the Shell
            • Shells, Terminals, and Virtual Consoles
            • Choose your Shell
            • Shell Commands
              • Non-PATH Commands
              • Command History
                • Command Line Editing
                  • Keystrokes for Navigating Command Lines
                  • Keystrokes for Editing Command Lines
                  • Keystrokes for Cutting and Pasting Text from within Command Lines
                • Command Line Recall
                  • Keystrokes for Command Line Recall
              • Connecting and Expanding Commands
                • Piping Between Commands
                • Sequential Commands
                • Expanding Commands
            • Shell Variables
              • Common Shell Variables
            • Aliases
            • Create your Own Shell Environment
              • Modification Ideas
          • Navigating the Linux File System (LFS)
            • Filesystem Commands
            • Listing Files and Directories
            • File Permissions and Ownership
              • Modifying Permissions with chmod
              • Modifying Default Permissions with umask
              • Change File Ownership with chown
            • Copying, Moving, and Removing Files
            • Finding Files
              • locate
              • find
              • grep
            • Downloading Files
              • axel
              • wget
              • curl
                • User-Agent: Googlebot
          • Working with Text Files
            • Using vim and vi to Edit Text Files
              • Starting with vi
              • Adding Text
              • Moving Around in the Text
            • Text Manipulation
        • System Administration
          • Installing Linux
            • Installing from Live Media
            • Installing in the Enterprise
            • Partitioning Hard Disks
              • Tips for Creating Partitions
          • Account Administration
            • The root Account
              • Becoming root with su
              • sudo
                • The /etc/sudoers File
                • Granting sudo privileges
                  • visudo Guidance
                • Useful sudo Hints
            • Other Administrative Accounts
            • Standard User Accounts
              • Risks of userdel: Orphaned Files
          • Graphical Remote Administration
            • Cockpit
              • Installation Guide
            • Remote Desktop Protocol with xrdp
              • Installation and Configuration
            • Remote Desktop with vnc
              • Installation and Configuration
              • Running VNC as a System Service
          • Managing Running Processes
            • Listing Processes
              • ps
              • top
              • htop
            • Backgrounding and Foregrounding
              • Starting a Background Process
              • Using Foreground and Background Commands
            • Killing and Recining Processes
              • kill and killall
          • Managing Software
            • Managing Software from the Desktop
            • Going Beyond the Limitations of Software Center
              • Debian Packages
                • Advanced Package Tool (apt)
                • Repositories
                • dpkg
        • Shell Scripting
          • Variables
            • Command Substitution
            • Arguments
          • Reading User Input
          • if, else, and elif
          • BOOLEAN Logic
          • Loops
            • for Loops
            • while Loops
          • Functions
          • Local Vs Global Variables
          • Summary
        • Securing Linux
      • Windows
        • Security Hardening
Powered by GitBook
On this page

Was this helpful?

  1. Core Technical Skills
  2. Core Skills
  3. Linux
  4. System Administration
  5. Installing Linux
  6. Partitioning Hard Disks

Tips for Creating Partitions

PreviousPartitioning Hard DisksNextAccount Administration

Last updated 1 year ago

Was this helpful?

Changing your disk partitions to handle multiple operating systems can be very tricky, in part because each operating system has its own ideas about how partitioning information should be handled, as well as different tools for doing it. Here are some tips to help you get it right:

  1. Operating System Installation Order When setting up a dual-boot environment with Windows and Linux, it's generally best to install Windows first. Windows' installation can overwrite the boot loader that recognizes Linux, making it challenging to boot into the Linux OS if it's installed first

  2. Partitioning Tools Use the partitioning tools native to each operating system to create its respective partitions. Windows has its own partitioning tools that understand its filesystems, and similarly, Linux distributions come with tools like fdisk or gparted. After the initial setup, avoid using Windows partitioning tools on a dual-boot system, as they may not be aware of Linux partitions and could cause data loss. Instead, use Linux fdisk, or a product made for multi-boot systems, such as

  3. Master Boot Record (MBR) vs. GUID Partition Table (GPT) MBR is limited to four primary partitions (one of which can be marked to contain 184 logical drives), but GPT allows for many more (up to 128 on most systems). For systems requiring numerous partitions, the use of GPT is recommended. Alternatively, on MBR disks, one can use LVM and create an extended partition to house multiple logical drives

For desktop users, a simple partitioning scheme is often sufficient. However, for servers or systems with multiple users, there are advantages to having separate partitions for areas like /home, /var, and /tmp. This approach can enhance security, simplify backup processes, and avoid system issues due to individual partitions filling up:

  • Protection from Attacks Denial-of-service attacks sometimes take actions that try to fill up your hard disk. If public areas, such as /var, are on separate partitions, a successful attack can fill up a partition without shutting down the whole computer.

Because /var is the default location for web and FTP servers, and is expected to hold lots of data, entire hard disks often are assigned to the /var filesystem alone

  • Protection from Corrupted Filesystems If you have only one filesystem (/), its corruption can cause the whole system to collapse. Corruption of a smaller partition is much easier to fix, and often allows the computer to stay in service while the correction is made.

The following table lists some directories that you may want to consider making into separate filesystem partitions:

Directory

Explanation

/boot

Sometimes, the BIOS in older PCs can access only the first 1024 cylinders of your hard disk. To make sure that the information in your /boot directory is accessible to the BIOS, create a separate disk partition for /boot. Even with several kernels installed, there is rarely a reason for /boot to be larger than 1024 MiB (mebibyte).

/usr

This directory structure contains most of the applications and utilities available to Linux users. The original theory was that if /usr were on a separate partition, you could mount that filesystem as read-only after the operating system had been installed. This would prevent attackers from replacing or removing important system applications with their own versions that may cause security problems. A separate /usr partition is also useful if you have diskless workstations on your local network. Using NFS, you can share /usr over the network with those workstations

/var

Your FTP (/var/ftp) and web server (/var/www) directories are, by default in many Linux systems, stored under /var. Having a separate /var partition can prevent an attack on those facilities from corrupting or filling up your entire hard disk

/home

Because your user account directories are located in this directory, having a separate /home partition can prevent a reckless user from filling up the entire hard disk. It also conveniently separates user data from your operating system for easy backups or new installs. Often, /home is created as an LVM logical volume, so it can grow in size as user demands increase. It may also be assigned user quotas to limit disk use

/tmp

Protecting /tmp from the rest of the hard disk by placing it on a separate partition can ensure that applications that need to write to temporary files in /tmp can complete their processing, even if the rest of the disk fills up

Summary

If you're dealing with a big Linux system that a lot of people use, or if it's a server that's out there on the web, having several partitions can be a real lifesaver. It helps to keep the damage to a minimum if things go sideways, whether it's because someone's up to no good, you've got users who are a bit clumsy, or just a spot of bad luck with the system getting corrupted. It's like putting up good fences in a massive garden; it keeps the chaos contained if something starts to go pear-shaped in one corner.

Acronis Disk Director