Re: Partitioning a Web Server

To: debian-isp@lists.debian.org
Subject: Re: Partitioning a Web Server
From: Tomàs Núñez Lirola <tomas@asertel.es>
Date: Thu, 3 Apr 2003 11:24:00 +0200
Message-id: <[🔎] 200304031124.03822.tomas@asertel.es>
In-reply-to: <[🔎] 20030403084916.GE4686@evbergen.xs4all.nl>
References: <[🔎] 200304022208.00647.mark@easymailings.com> <[🔎] 200304031016.13694.tomas@asertel.es> <[🔎] 20030403084916.GE4686@evbergen.xs4all.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I said I'd trust on kernel quota, but not on proftd and qmail quota.
Anyway, in kernel quota there is some human factor (you can change quotas 
size) and human factor is not reliable (even less if I'm this factor :P).

If you say partitioning wastes a lot of seek time (which I did not consider 
when I decided partitioning), I think I should evaluate if it's worth to 
waste this time for security or if (as it seems, and as you say) it's not.

PS: The 'grep' was only illustrative  :P I did this grep on my local machine, 
where there is no quota, not in the servers, so nothing happened. But this 
showed me how unreliable human factor is ;)

El Jueves, 3 de Abril de 2003 10:49, Emile van Bergen escribió:
> Hi,
>
> On Thu, Apr 03, 2003 at 10:15:51AM +0200, Tomàs Núñez Lirola wrote:
> > If no user can fill up the disk, logs can. At least I'd put /var/log in a
> > different partition, but anyway I'd partition the disk just in case quota
> > systems fail. I think it's not a good idea to trust on ftp and mail
> > servers to manage quota (some bug or some human misconfiguration can turn
> > it down). I'd trust on kernel quota... but it does not give me the same
> > security as partitioning does.
> >
> > If for some strange reason a program begins writing to disk, or if some
> > user find the way to turn down his quota, or if I forget to put quota on
> > a user, or if a 50GB file magically appears on the disk (I remember one
> > day I did a 'grep -r string * > file' and left it working, and the file
> > grew to 15GB untill I stopped it)... if some of this uncertain things
> > happens, I can be sure that not all the partitions will be affected (at
> > least the backup partition would be safe :) )
>
> Well, all this trouble goes away if you don't log as root and don't do
> those greps as root. Then you can trust your kernel's quota and root
> reservation.
>
> If you can't trust your filesystems to your kernel, all hope is lost
> anyway.
>
> Cheers,
>
>
> Emile.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+i/2yGOU6HQZ81TcRAoHKAKCk+39DQD68OFK/SnlNz3JlhRiy2gCaA9Xh
I8svFFKCPdNc/tktywfyxNE=
=jgJ3
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Partitioning a Web Server
  - From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>

References:
- Partitioning a Web Server
  - From: Mark Bucciarelli <mark@easymailings.com>
- Re: Partitioning a Web Server
  - From: Tomàs Núñez Lirola <tomas@asertel.es>
- Re: Partitioning a Web Server
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>

Prev by Date: Re: apt-get dist-upgrade problem
Next by Date: Re: Http server with authenticated user suexec cgi's
Previous by thread: Re: Partitioning a Web Server
Next by thread: Re: Partitioning a Web Server
Index(es):
- Date
- Thread