3.2. 系统分区

3.2.1. 选择明智的分区方案

一份明智的分区方案依赖于机器的用途. 合理使用分区是一条不错的经验, 并注意一下因素:

  • Any directory tree which a user has write permissions to, such as e.g. /home, /tmp and /var/tmp/, should be on a separate partition. This reduces the risk of a user DoS by filling up your “/“ mount point and rendering the system unusable (Note: this is not strictly true, since there is always some space reserved for root which a normal user cannot fill), and it also prevents hardlink attacks. [2]

  • 变化较大的分区, /var (特别是 /var/log)/var 应该放在一个独立的分区上. 在 Debian 系统中, 您创建的 /var 应当比在其它系统中稍大一点, 因为下载的软件包( apt 缓存) 存放于 /var/cache/apt/archives 目录下.

  • 您打算安装 non-distribution 软件的任何分区都应是是独立的. 根据文件层次标准, 应当是 /opt/usr/local 目录. 如果这些在独立分区上, (必须)重装 Debian 系统时将不会被删除.

  • 从安全的角度考虑, 应当将静态数据放在独立的分区上, 并将此分区以只读的方式挂载. 将这些数据存放在只读介质上会更好. 后边会详细讲解.

In the case of a mail server it is important to have a separate partition for the mail spool. Remote users (either knowingly or unknowingly) can fill the mail spool (/var/mail and/or /var/spool/mail). If the spool is on a separate partition, this situation will not render the system unusable. Otherwise (if the spool directory is on the same partition as /var) the system might have important problems: log entries will not be created, packages cannot be installed, and some programs might even have problems starting up (if they use /var/run).

某些情况下您可能无法确定是否需要独立的分区, 可以安装逻辑卷管理器(Logical Volume Manager) (lvm-common 和您的内核所需的二进制程序, 可能是 lvm10, lvm6, 或 lvm5), 使用 lvm 可以创造扩展多物理容量的卷组.

3.2.2. 选择合适的文件系统

During the system partitioning you also have to decide which file system you want to use. The default file system[3] selected in the Debian installation for Linux partitions is ext3, a journaling file system. It is recommended that you always use a journaling file system, such as ext3, reiserfs, jfs or xfs, to minimize the problems derived from a system crash in the following cases:

  • 为膝上电脑安装任何文件系统. 在意外的电池耗尽或因为硬件问题(如一般的 X 配置问题) 引起系统锁死, 重起后可能丢失数据.

  • 对于存放大量数据的系统来说(象邮件服务器, ftp服务器, 网络文件系统…)推荐使用这些分区格式. 这样, 系统出现故障的时候, 系统用于恢复和检查文件系统的时间就会大大缩短, 同时数据丢失的可能也会降低.

Leaving aside the performance issues regarding journalling file systems (since this can sometimes turn into a religious war), it is usually better to use the ext3 file system. The reason for this is that it is backwards compatible with ext2, so if there are any issues with the journalling you can disable it and still have a working file system. Also, if you need to recover the system with a bootdisk (or CD-ROM) you do not need a custom kernel. If the kernel is 2.4 or 2.6 ext3 support is already available, if it is a 2.2 kernel you will be able to boot the file system even if you lose journalling capabilities. If you are using other journalling file systems you will find that you might not be able to recover unless you have a 2.4 or 2.6 kernel with the needed modules built-in. If you are stuck with a 2.2 kernel on the rescue disk, it might be even more difficult to have it access reiserfs or xfs.

无论怎样, 在 ext3 下数据完整性也许更好,因为它是真正的文件-数据记录, 而其它的仅仅是元-数据记录, 参见 http://lwn.net/2001/0802/a/ext3-modes.php3.

Notice, however, that there are some partitions that might not benefit from using a journaling filesystem. For example, if you are using a separate partition for /tmp/ you might be better off using a standard ext2 filesystem as it will be cleaned up when the system boots.


[2] A very good example of this kind of attacks using /tmp is detailed in http://www.hackinglinuxexposed.com/articles/20031111.html and http://www.hackinglinuxexposed.com/articles/20031214.html (notice that the incident is Debian-related). It is basicly an attack in which a local user stashes away a vulnerable setuid application by making a hard link to it, effectively avoiding any updates (or removal) of the binary itself made by the system administrator. Dpkg was recently fixed to prevent this (see http://bugs.debian.org/225692) but other setuid binaries (not controlled by the package manager) are at risk if partitions are not setup correctly.

[3] Since Debian GNU/Linux 4.0, codename etch