Partioning constraint


I’d like to know if there is some constraint about creating some partitions on an interworx box.

Indeed, to secure my box, I’d like to create some partitions as show hereunder :


/boot ==> no suid, ro

/ (root) = all under as /bin , /sbin, /mnt, /dev, /usbin (created)… ==> may have no write authority (mnt with read only)

/tmp = /tmp ==> no suid/sgid; noexec

/usr = /usr + all /root that need write authority (/usr/rootw/) ie:/sbin; /var ; /opt ; … ==> no suid/sgid

/home = /home => no suid/sgid (noexec ??);

I make a symlink /var /opt to /usr/rootw/var and /usr/rootw/opt

I copy all /usr/sbin/* in /usbin (under / (root)) to have the ability to have all /bin /sbin and /usr/sbin to mnt them with only read authority

In fact i’d like to have something like that in my /etc/fstab
/dev/hda6 swap swap defaults
/dev/hda1 / ext2 defaults
/dev/hda2 /tmp ext2 noexec
/dev/hda3 /boot ext2 nosuid,ro
/dev/hda4 /usr ext2 nosuid
/dev/hda5 /home ext2 noexec

Thank you for your help


As I understand it all InterWorx boxes have the same partitioning archetecture

/ /dev/hda3
/boot /dev/hda1

Servers bought from Sago are all partitioned identically. InterWorx-CP puts no restrictions on the partition layout HOWEVER only 1 partition is used for the quota calculation. InterWorx-CP uses linux system quotas to enforce disk quotas so if you have a /home partition and a /var partition then either web data OR mysql data will be used to count against the user’s quota since mysql lives at /var/lib and all web data lives on /home.

So just be careful about partitioning and disk quotas.


I stand corrected :wink: