1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

partitioning suggestions

Discussion in 'Plesk for Linux - 8.x and Older' started by dvdpa, Mar 27, 2007.

  1. dvdpa

    dvdpa Guest

    0
     
    Hi

    I want to migrate to a new box with more drive space and in the process upgrade the os from redhat 3es to redhat 4es.

    I have 145gb raid 1 and am looking for advice on how to best
    partition the drive.

    Thanks

    Chuck
     
  2. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    first partition, /boot, I keep this around 256-512MB. This is to ensure that the partition is on the first 1024 cylinders of the disk. Some older bioses cant handle booting if you're over that. The secret here is that it also lets you build raid mirrors AFTER the partitions have been set up.

    Second partition, swap, I go with between x1 and x2 the amount of ram.

    Last partition /, all remaining space goes there.
     
  3. dvdpa

    dvdpa Guest

    0
     
    Thanks for the info, I set myself short when I partitioned my server the first time, your partitioning will avoid that problem.

    What is the best way to move the sites to a new plesk setup?

    Use the backup manager and backup each client then restore to
    new machine? The new server will not have the same IPs is
    there something I will need to edit?

    I have 8.1.0 running mysql5 php5 rhat es 3 going to plesk 8.1.1
    rhat es 4.

    Thanks

    Chuck
     
  4. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    If you've got 2 servers, you can use the migration manager to do it. Thats generally the safest path, allowing you some testing time before you go live with the new system.
     
  5. dvdpa

    dvdpa Guest

    0
     
    One more question on the partitioning, should tmp be a folder or a partion in the / space?

    Thanks

    Chuck
     
  6. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Some people set up a separate /tmp directory so they can flip the noexec bit on it. Ostensibly thats to keep the badguys from uploading scripts to /tmp and running them through the web server. It doesnt actually work though, since they just call the script directly (sh /tmp/somebadguyscript).
     
  7. dvdpa

    dvdpa Guest

    0
     
    then I will just leave it as a folder.

    I will be using redhat 4 es since version 5 is not yet supported.
    I plan to get the ASL on this server, should I install selinux
    on the inital install and the firewall?

    Thanks

    Chuck
     
  8. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Yes, absolutely. As painful as SELinux is to configure, it really is a very powerful security system. It is as far as I know, the only actively developed trusted operating system on the market.

    That being said it is a mind-numbing excercise in some really escoteric security concepts. It's rooted in the world of data labeling and and role-based security used by intelligence agencies. Because of that, its existing security policies are built around labeling data, and controlling how it can move around in the operating system, rather than providing practical security controls for a web application hosting environment like Plesk. Its not that doesn't have that capability, its just that noone has had the time or motivation to really do it yet.
     
  9. shoggy24

    shoggy24 Regular Pleskian

    25
    57%
    Joined:
    Apr 5, 2007
    Messages:
    198
    Likes Received:
    0
    Atomic, is there any other way to secure the /tmp folder if partitioning with a noexec nosuid restrictions dosent really work.
     
  10. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    grsecurity has probably the most painless implementation, using Trusted Path Execution. Basically that means that an untrusted user (apache, or whoever) can only run things owned by root. The effect is the whole file system is like "noexec", for users that you stick in the "untrusted" group. It should be possible to get the same effect with SELinux, not that I've tried this, but by saying something along the lines of apache cant execute things in directories labeled tmpfs_t. Or maybe flip that around, and create a policy around apache that says what labels it can execute (unless allow, deny). One of the nice things about not having suPHP in the mix here is it simplifies making rules like this. Not that I think suphp is a bad idea, its just making security security policies around a single UID (apache) is a lot less time effort.
     
  11. shoggy24

    shoggy24 Regular Pleskian

    25
    57%
    Joined:
    Apr 5, 2007
    Messages:
    198
    Likes Received:
    0
    Thanks, i will research more on how to implement your suggestion.
     
Loading...