[PC-BSD Testing] should /home be in default partitioning

Jesse Smith jessefrgsmith at yahoo.ca
Tue Mar 22 06:30:30 PDT 2011


-----Original Message-----
From: Kris Moore <kris at pcbsd.org>
Reply-to: kris at pcbsd.org, PC-BSD Testing list <testing at lists.pcbsd.org>
To: PC-BSD Testing list <testing at lists.pcbsd.org>,
testing at lists.pcbsd.org
Subject: Re: [PC-BSD Testing] should /home be in default partitioning
Date: Tue, 22 Mar 2011 06:17:48 -0700




On Tue 22/03/11  7:35 AM , Gour <gour at atmarama.net> wrote:

> On Mon, 21 Mar 2011 23:14:01 +0000
> Dru Lavigne  wrote:
> 
> > Currently, the encryption page of the PC-BSD Handbook suggests that
> > one should not encrypt /usr as most of its contents are known and
> > that could provide too much data for a cryptographic attack (this was
> > the result of a suggestion by cpercival last year). Yet, the
> > installer by default offers to encrypt /usr. Further, the default
> > partitioning scheme does not make /home which is probably what users
> > are interested in encrypting anyways.
> 
> Moreover, I can say that out if the 4 combinations which I tried to
> install under vbox, whenever I tried with separate & encrypted /home,
> installer fails.
> 
> The other failing combo is trying to setup mirror mode, while the only
> combination which works is: auto-setup partitioning, ZFS.eli.
> 
> > 1. the default partitioning scheme separates /usr and /home
> 
> +1
> 
> > 2. the default encryption option offers to encrypt /home instead
> > of /usr
> 

While I'm in agreement in wanting to see /home be encrypted separately, there are still some issues that need to be resolved before this is feasible. 

Applications / Software are installed to /usr, while user-data is located in /home, so a problem arises, in how much space do we allocate to each? Right now with /home being a sym-link to /usr/home, its not a problem, but when we create a separate /home partition, then we have a difficult choice to make, which needs more space? The problem is, no matter how we slice it, somebody is going to get short-changed by doing this. I can see the forum posts now: "I still have 300GB of free space in /home, why can't I install any more applications??"

Using ZFS lets us get past this, but then as you pointed out, there isn't a "zfs encrypt" command available for selectively encrypting a specific mount-point, so we are back to the same problem.

Does anybody see any ways around this prickly issue? 

Aside from that, I have made a note to look at and fix the installer bugs when using /home partitions, and ZFS with mirroring. Might get a chance to do that later this week, thanks for the logfile Gour!

--
Kris Moore
PC-BSD / iXsystems
Message sent via Atmail Open - http://atmail.org/






I wouldn't say I have a firm solution, but I have noticed that I can
install a large amount of software in less than 32GB of space. Probably
more than any one person (who doesn't know about partitions) is going to
use. Perhaps set /usr to have around 32GB and let /home take all the
remaining disk space? Chances are if a person needs more than 32GB
they're the sort of power user who will be able to resize/re-install the
OS without any problems.

Maybe if less than 32GB of space is available we could revert back to
including /home in /usr. If we only break them into separate slices when
we have greater than 32GB, I think that would make a sane set of
defaults.




More information about the Testing mailing list