From: R. Steve McKown Date: Wed, 15 Aug 2012 20:57:56 +0000 (-0600) Subject: Add read only root page X-Git-Url: https://oss.titaniummirror.com/gitweb?p=oss-web.git;a=commitdiff_plain;h=407f98e5b0626afb267f91e4f0ac02d2dcaa1b23 Add read only root page --- diff --git a/in/ro-root.md b/in/ro-root.md new file mode 100644 index 0000000..21a0a31 --- /dev/null +++ b/in/ro-root.md @@ -0,0 +1,96 @@ +title: Read Only Root +linktitle: ro-root +parent: Home +ctime: 2012-08-02 + +For GNU/Linux desktop installations, I prefer to have the root filesystem, +which mounts to /, be mostly read-only. This means that /home, /var and /tmp +need to be mounted elsewhere. The benefits of this approach are several, but +two in particular stand out for desktop use cases. + + * It is much easier to do a clean install the OS. User data in /home, and + in some cases application data in /var, need not be backed up and restored + in the process. Of course recent backups should still be available. + * A root fs that is rarely written to is a good candidate for SSD (solid state + disk) storage. This allows one the performance benefit of SSD while + mitigating a critical deficiency. Current SSD technology is not nearly + as reliable as mechanical disk in read/write environments, so reducing + writes to SSD is a productive strategy. + +Placing /home on a separate partition is easy, and GNU/Linux desktop installers +have supported this for some time. And thanks to the recent introduction of +/run (see [here](http://lwn.net/Articles/436012/) to learn more), migrating +/var to a separate filesystem is now pretty easy for desktop installs. + +Of course, with multiple partitions, there is the issue of what to do if one of +them fills up. A common solution is to use LVM. Volumes are given minimal +practical sizes, and then incrementally grown as required. LVM works fine on +the desktop, but requires a bit more knowledge and effort to administer. + +A simpler solution is to use bind mounts. By bind mounting /var from /home/var +and /tmp from /home/tmp, all user, variable and temporary data are on a single +partition. The root partition will be nearly static in content and size. I +currently use a 25 GB root partition on desktop installs, and that filesystem is +generally only about 25% full, even with a large number of development tools +installed. A swap partition is present of course, and the rest of the available +hard drive storage space is assigned to the home partition, which now holds the +contents of /var and /tmp. Essentially, /home, /var and /tmp share a common +large pool of storage, so there is less need for a volume manager. I am finding +this configuration to be quite optimal for developer desktops at my company. + +# Using bind mounts in a new installation + +These notes assume Xubuntu 12.04 desktop i386 installation, but a similar +process should work for other distributions and versions. + + * Boot from the xubuntu 12.04 desktop CD + * Run the installation + * Use a custom configuration when asked + * At least three partitions are required: root, swap and home + * Proceed with installation until the installer asks to reboot to continue + +Before rebooting, access a shell and type the following commands + + cd target # where the new root filesystem is currently mounted + cp -a var home/var # copy var to its new storage location + mv var var.old # can remove later + mkdir var # Need some dirs and symlinks during boot for some OSes + ln -s /run var/run + ln -s /run/lock var/lock + cp -a tmp home/tmp # copy tmp to its new storage location + mv tmp tmp.old + mkdir tmp + vi etc/fstab # add the following 2 bind mounts to end of /etc/fstab + /home/var /var bind defaults,bind,noatime,mode=0755 0 0 + /home/tmp /tmp bind defaults,bind,noatime,mode=1777 0 0 + sync + +Now allow the installer to reboot. The system should boot up using the bind +mounts for /var and /tmp, so their contents will actually be stored in the home +partition at locations /home/var and /home/tmp, respectively. Once the system +appears to be working OK, you may remove the /var.old and /tmp.old directories. + +# Upgrading to use bind mounts + +First, boot from a recovery or live CD, then run commands like the following +commands. + + mkdir /mnt + mount /dev/sda1 /mnt # replace /dev/sda1 with dev for your root + mount /dev/sda2 /mnt/home # replace /dev/sda2 with dev for your home + cd /mnt + cp -a var home/var # copy /var to its new storage location + mv var var.old # can remove later + mkdir var # Need some dirs and symlinks during boot for some OSes + ln -s /run var/run + ln -s /run/lock var/lock + cp -a tmp home/tmp # copyt /tmp to its new storage location + mv tmp tmp.old # can remove later + mkdir tmp + vi etc/fstab # add the following 2 bind mounts to end of /etc/fstab + /home/var /var bind defaults,bind,noatime,mode=0755 0 0 + /home/tmp /tmp bind defaults,bind,noatime,mode=1777 0 0 + sync + +Now remove the CD and reboot. You should be using bind mounts. Once the system +appears to be working OK, you may remove the /var.old and /tmp.old directories.