You are not logged in.

#1 2009-10-20 18:01:22

milomouse
Member
Registered: 2009-03-24
Posts: 940
Website

Advice on drive Partitioning, Filesystems & Encryption (fresh install)

NOTE: This is not help-vampirism. I'm not asking for a complete walk-through; I already have an idea of what I want to do or accomplish but would still appreciate advice from those who have used the different filesystems and encryption ciphers, etc. Also, I've read the Wiki's and done multiple re-installs with different filesystems but I've been planning a complete overhaul for a few months now, hoping that this is to be "the ONE". I've also done some research on filesystems, encryption methods/ciphers, and partitioning but like I said; I still would appreicate advice from those who have used them. So, if you have the time, I'd like to open the floor to comments and opinion.

ALSO: It's not that I'm unsatisfied with my current setup, it's just that I think it could be more efficient or.. well, planned out. Right now my setup looks like this:

#: sfdisk -l -x /dev/sda

Disk /dev/sda: 30401 cylinders, 255 heads, 63 sectors/track
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0

   Device Boot Start     End   #cyls    #blocks   Id  System
/dev/sda1   *      0+      1       2-     16033+  83  Linux
/dev/sda2          2     272     271    2176807+  82  Linux swap / Solaris
/dev/sda3        273     812     540    4337550   83  Linux
/dev/sda4        813   30400   29588  237665610   83  Linux

Partitions right now are all Primary.
/dev/sda1 is ext2 >> 16MB >> /boot >> unencrypted  (Grub, no password)
/dev/sda2 is SWAP >> 2GB >> SWAP >> encrypted (LUKS, whirlpool cipher, random password on mount)
/dev/sda3 is ext4 >> 4GB >> /root >> encrypted (LUKS, aes-xts-plain cipher)
/dev/sda4 is ext4 >> 230GB >> /home >> encrypted (LUKS, aes-xts-plain cipher)

I don't like having so FEW partitions, seeing if something goes wrong I may possibly lose everything on the err'ed partition. I also want it to be cross-ready, so if I have an External HDD with a different OS on it, when I mount it it can use my current SWAP, /tmp, etc.

This is the bulk of the topic.
!!WHAT I'M PLANNING (this is the part I need advice on):

My proposed partition table looks like this (on a 250GB internal HDD with two 2GHz AMD64 processors, 4GB RAM, is Laptop)
(I also have two External HDDs: one is 250GB and the other is 1TB, in case I need to use those) :

/boot   | primary  | "     65 mb" | 83 Linux | sda1 | ext2 | unencrypted, with GRUB password protection
/       | primary  | "  10.95 gb" | 83 Linux | sda2 | ext4 | encrypted: [auto/PAM] aes-xts-plain + LUKS + dm-crypt
/home   | primary  | " 229.58 gb" | 83 Linux | sda3 | ext4 | encrypted: [auto/PAM] aes-xts-plain
EXTENDED -> sda4
/var    | logical  | "   6.46 gb" | 83 Linux | sda5 | reiserfs4 | encrypted: [auto/PAM] aes-xts-plain
/tmp    | logical  | "   2.00 gb" | 83 Linux | sda6 | ext4 | encrypted: [auto/PAM] aes-xts-plain
swap    | logical  | "   2.67 gb" | 82 swap  | sda7 | SWAP | encrypted: [auto/random] whirlpool

This is pretty basic and I was wanting to see if it's a good idea to use anything else, as it doesn't seem all that "well-rounded".

Parition Advice:

1. Is what I'm planning, as far as the actual PARITIONS, seem like it will work? I've never done any EXTENDED + LOGICAL partitions before, so I'm not sure if putting all my Temp stuff in one is a good idea or not. I know this is a vague and debatable question but I just want some honest opinions on the actual setup.
2. If something happens to a LOGICAL or the actual EXTENDED (?) parition, will I lose everything in the EXTENDED, or will it just be one of the LOGICAL parts that's messed up, leaving the other LOGICALS unaffected?
3. Since I rarely ever have to use my Swap (my RAM is 4GB), does it make sense to have one that matches my RAM size? Do I even need it--is there an alternative? I never Suspend or Hibernate on my laptop, as it has power-management that seems to work efficiently. I'm still thinking of keeping it 2GB in case I have an external HDD with a small unix-complient operating system on it that might need the Swap. Is this realistic, or do I even need it (as mentioned above)?
4. Should I just LINK /tmp to /var/tmp (or vise-versa)?? Is this a bad idea? Not sure how much of my stuff actually uses /tmp, as I monitor it all the time and rarely ever see anything there unless I put it there manually. All that's in there now is "aurvote-tmp-*" "plugtmp" and "yaourt-tmp-*" = 2.6MB. If I LINK /tmp and /var/tmp, could I supposedly have /var unencrypted and /var/tmp encrypted?
5. subcatagory: SIZE:
+++ /boot: I've had one at 16MB for some years and haven't had issues. I only had 1 IMG and 1 Fallback IMG. I've been wanting to experiment with different kernels, like 'bfs' and whatnot, and was wondering if I needed to expand my /boot partition size to accomodate this?
+++ / : I'm only using 2.5GB of my /root partition,but I foresee I might need more space than this for expanding my programming habits. I program in LUA, RUBY, and (sometimes) LISP. I haven't gone in-depth with these but they're what I focus on and build from, so I was wondering if anyone who uses these languages has to have at least a certain amount of space. I don't have any additional libs on my laptop right now because of space issues, so I'm wondering about the size I'll need.
+++ /var: Right now my /var is only 146MB. I don't use ABS right now because of my location (firewall issues, business internet, etc), but I'm about to move back to my house and I'm sure I can connect to ABS there, so I was wondering how big it should be? The Wiki says something like an example of 6-8GB's. Is this normal??
+++ /tmp: Like I said; I never see anything here. How big is it normally? I've always had it on the parition with /root (which was 4GB in it's entiriety).

Filesystems Advice:

1. For /boot... ext2 seems the way to go. Of course this is unencrypted, but I was wanting to password protect GRUB (not really related to filesystem, just FYI, for my proposal). Are there any special options to pass to "mkfs.ext2" that will boost reliability and system security? Speed isn't that big of an issue, mostly integrity.
2. For /... ext4 has worked great for me. I'm just wondering if ext4dev (says something about after kernel 2.6.31 it doesn't have the backwards capabilities) is allright for my main actual filesystem programs/bins/libs, etc. I'm planning on plain ole ext4, but was wondering if ext4dev has anything superb that I'm unaware of. Also, the backwards capabilities; do I need it? ALSO: I opened a "Mint Linux" Live CD, and opened GParted, and it couldn't recognize ext4. Is this common among other distros? I'm just wondering if I have to fix filesystem with Live CD (for whatever reason), if I'll be able to boot ext4. This is not a big deal though.
3. For /var... reiserfs4 seems good for many small files, and I've heard good things about using this for /var. If I LINK /tmp to /var/tmp, will this have an affect on programs using it? If so, would I need a different filesystem instead of reiserfs4?

Encryption Advice:

1. I've heard that overwriting the drive with "urandom" is better than "zeros", is this true? Something along the lines of being difficult to determine what's what from a mess of random data.
2. Is it better to use DIFFERENT encryption Ciphers or methods for different Partitions? Also, I saw that some support 1->2->3 on one partition. Would it be unwise to do a 1->2->3 differentially on EACH partition?
3. For /... I'm pretty comfortable with LUKS and dm-crypt, and haven't had any performance issues, but have heard things about TrueCrypt being able to create Hidden Paritions. Are these paritions actual paritions I have to consider when partitioning, or are they pseudo-paritions, only available on same parition as TrueCrypt was directed (like /dev/sda3 having a hidden partition INSIDE of it)? PS: I want to encrypt this for the sole purpose of protecting access to managing/controlling my computer.. is this reasonable or paranoid?
4. For /home...  I NEED parts of this encrypted. I don't care about movies, music, etc. The sensitive parts (not p/o.r/n).. should I simply make another parition and mount it manually? Like /dev/sda8 >> /mnt/secret, or would this be better suited for TrueCrypts Hidden Paritioning that I queried about in #2. I currently use Elettra to contain these sensitive files, but it's such a pain to have passwords for each and every file and having to remember which password goes to what. Still, my current /home is encrypted because of this and I don't want it to be, as I like to mount it on Live CDs, etc, without having to have dm-crypt available.
5. subcatagory: SIZE: CIPHERS
+++ AES-LOOP: I really want to use this and I've seen others talk about it (maybe they're refering to other distros they have?) but read that Arch doesn't support this. Is there a patch I can apply?, and if so, do I have to alter other aspects of my startup to cater to this patch?
+++ Filename-Encryption: I would realllllllly love this for my "sensitive data" partition (or /home, if I have to use that instead). I'm only aware of eCryptFS offering this. Am I mistaken? I followed a guide (can't remember where) to encrypt entire /home with this, and it seemed to work fine, but when the fsck ran it continued to error on /home (where eCryptFS encrypted). So, I'm weary of eCryptFS.. and was wondering if ANY other methods (or ciphers specifically) used Filename-Encryption?
+++ Asymmetric VS Symmetric: I've read Wikis, but can't seem to determine which would be better. From my understanding, Asymmetric uses one password to Lock and another password to Unlock, and Symmetric does not. Would I need a special function to lock and unlock my drive then, if I was able to use Asymmetric? I'm not sure what Encryption Methods support this. An example is that GPG uses El-Gamal, afaik, and is asymmetric. I'm currently using AES-XTS-PLAIN, which is Symmetric, and I only have to Unlock it, and PAM/dm-crypt/LUKS does the rest, as far as Shutting Down and unmounting. If I'm able to use an Asymmetrical encryption method, I was wondering if it's better.. I mean, I know there's differences within the field, but are more passwords better than one, or not, seeing as they just have to Unlock it (locking doesn't matter as much as unlocking, doing more once unlocked, and possibly [with full unlock/permission] figure out how to lock it back for a clean invasion, etc).

SOooo, I know this was a lot to digest and most people don't want to put the time into reading all this (tltr), and I have a pretty good idea of where I want to go with this, but like I mentioned (and as you can see I have a lot of inqueries I'm still figuring out the best method for) I would definitely love any tips and advice on the subject[s]. Granted, I don't expect EVERY person to reply to EVERYTHING, just what they're knowledgable on. And believe me, I do appreciate it! smile I will continue my side of the investigating and try to reduce as many questions as I can (posting my updates), so as not to clutter things up. If any of my questions or intents are unclear, please say so and I'll try to clarify (if possible). tongue

Last edited by milomouse (2009-10-20 18:09:04)

Offline

#2 2009-10-20 18:17:26

vacant
Member
From: downstairs
Registered: 2004-11-05
Posts: 816

Re: Advice on drive Partitioning, Filesystems & Encryption (fresh install)

I re-organised using this guide, except I have one more partition - vista on sda1. The only variation is I added "-C" when creating swap. Movies/mp3s are stored encrypted just because most of the drive is.

This knocks out any worries about the number and size of partitions.

Offline

#3 2009-10-20 19:22:25

milomouse
Member
Registered: 2009-03-24
Posts: 940
Website

Re: Advice on drive Partitioning, Filesystems & Encryption (fresh install)

LVM's seem like a great idea, but for some reason I'm weary. I kinda like the old-fashioned 1/mnt/per/partition. Thanks, though! That guide is really handy, I may take bits and parts of it to use. I'll post any updates in my First Post so that anyone following can see the progress. But right now I have to leave. I'm still at my working/living environment ontop of a mountain. I only get on the computer twice a week, and this is my last day for this week, but as stated before, at the end of the month I'll be down the mountain at my house and have internet there. I WILL BE BACK, please continue to respond with your opinions, please! My days off are Monday and Tuesday. smile

Offline

Board footer

Powered by FluxBB