On 2/26/07, John Summerfield <debian at herakles.homelinux.org> wrote: > > Using swap by itself is generally a speed penalty. Using a file for it > > can be done, but it's not really something I'd do. > > Why not? Habit, and I have yet to hear a convincing argument for why it's worth the (admittedly minimal) trouble to configure as opposed to a normal swap partition. > OTOH anything bad you can do with /tmp you can do better with /var/tmp, > and making that noexec is not a realistic proposition. Very true, but applications like apache/php use /tmp as their default scratch/upload space. While mounting noexec won't stop determined folks, it may be a step that deters the more common automaded bot attacks. It's by no means a total solution, but it's a layer that can be used, and a layered security model is the best way to go in my opinion. I use this in conjunction with selinux and mod_security for my webservers which so far has been an excellent combination. > For a personal system, I go with one big partition (well, maybe plus a > little one for /boot). My home systems are the one I'm most concerned about /home on (as I tend to wipe and rebuild frequently) but I usually don't partition out much else than /home and /boot. > For a small server, same deal. If you don't know what you're doing, you > don't have any chance of getting it right for you. That's why he has us to ask :-P > With Xen, I'm now contemplating several small systems under Xen, with > shared storage (via NFS maybe, NFS should be fairly quick over virtual > wire) where sensible, extra virtual disk where they need more private > space. This is about what the Big Boys do with their zSeries. If you're going to go that route, finish it off and make yourself a virtual cluster with the CS/GFS stuff and use that for your shared storage. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell