Digby Tarvin wrote: >Personally I only use RAID for non-static filesystems (root changes >relatively rarely, and is small, so I just make a fresh backup after any >change. In addition I have twice been involved in trying to recover >filesystems (thankfully not my own) that have been lost *because* of >faulty RAID technology that behaved badly when a disk failed, so I >prefer to make regular incremental backups to a second off-site >machine as a much safer option. > >
Did I mention I am running RAID0...so yeah, I take the 'make frequent backups' strategy to heart!! ;-> I rotate backups to a trio of USB hard disks, that are not stored at the same location, and the most recent one is never more than 48 hours out of date. >And as far as cryptograpic filesystems go, I usually only consider it >for user filesystems, as the system partitions are open source and >can be downloaded freely from the net. If I were really paranoid I >suppose I might want to encrypt the shadow password file, but the >main threat is hacking while system system is online, and the root >partition must be available unencrypted then. An encrypted root >partition would also get in the way of automated server recovery >if the system crashed while nobody was around. > > Well, if you have decent physical security of the machine (i.e., a server in a restricted access room, or even a typical desktop machine), then yes, your biggest concern would be over the network. But on my laptop, my biggest risk of data being compromised is if the laptop is stolen. How safe would you feel about an unencrypted /etc/shadow if you left one of those servers sitting outside on the street overnight! >Richard's partitioning scheme looks reasonable, except that my >understanding of the logic behind the Unix filesystem structure >is that none of the files in /usr are needed for booting, so I >prefer to keep /usr as a separate mounted partition. > >The only reason I know of for having both a /bin and a /usr/bin is >to separate the basic necesseties needed for booting (/bin) from >the ones that are not needed till you go into multi-user mode (/usr/bin). >Similarly for /lib vs /usr/lib. > > As you say, /[s]bin and /usr/[s]bin have different uses...single user vs. multi-user. But I consider 'booting' to be everything that happens between hitting the power switch and getting a login prompt for KDE. Again, probably just a difference in perspective between a server and a desktop/laptop. Also, pretty much all of the stuff in /usr/[s]bin, /usr/kde/*/bin, and so on loads libraries from both /usr/lib and /lib, so it made sense to me that all of this should be on a single partition. >P.S. One of the RAID snfau's went as follows: >a. company installs card based RAID solution and hence decides > it nolonger needs to make backups. >b. one of the hard disks fails, system continues running... >c. replacement drive is plugged in in place of failed drive, > controller proceeds to overwrite the surviving drive with > the contents of the new drive, destroying remaining copy of > companies data. >d. company throws away raid card and goes back to manual backups... > > FYI, the software RAID (when actually using the 'R' part of that acronym) driver in Linux is infinitely smarter than that! -Richard -- gentoo-user@gentoo.org mailing list
