Is this enough space for the partitions?

[Dark Foo]

This will be for a laptop, with a 500GB hdd in it (well 465G),

[Frustie]

Dont forget your inodes

But yeah, generally an os can be installed on a 10G partition.

I would advise to use LVM though, just in case you run out of space.
_________________
If we ignore it maybe it will go away.

[Dark Foo]

[John R. Graham]

[Dark Foo]

Laptop

/dev/sda9 - /usr/portage/distfiles 10G
/dev/sda10 - /usr/portage/packages 10G

Desktop/storage PC

/dev/sda9 - /usr/portage/distfiles 30G
/dev/sda10 - /usr/portage/packages 30G

Think that should be fine for laptop, like you said if it gets bit too much i will have to trim, should be a problem though i hope
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.

[avx]

5GB for /opt is pretty big, 2-3gb should be more than enough. 10gb for /var is also a lot, except if you want to provide some service with large files (ie webserver, etc.)

Are you building and keeping that much packages that you need 10gb for it? Even a full-blown KDE-system shouldn't need that much and you may want to store these packages on another system anyway.

Having that much space for distfiles, too is - well - nuts, imho. Either store the distfiles or the packages, but both for 20gb is ridiculous, imho.

/tmp may be a little too small, depending on what you do, ie. some dvdrippers store tmp-data there, so you'd need to watch out for this.

To give you an overview, here's what I have on my desktop(!): / 1gb, /usr 10gb (5.6gb free), /usr/portage 4gb (including distfiles and packages), /var 4gb (currently 3.6gb free), /tmp 3gb (currently 2.8gb free), /opt 3gb (currently 2.1gb free)

Granted, I don't have KDE/GNOME, but still, most of this is free space anyway. On my notebook, everything except /home only is set up for 6gb and 3.2 of it are still free.

If you are unsure, just use LVM and resize on the fly as needed.

Edit, damn I'm slow, there where no answers when I started writing
_________________
Want to thank me for something? Send me a nice postcard(ask per pm for my address), thank you!

[Dark Foo]

as i say for desktop/storage im not to bothered, as mysql apache and a few others will be on there, laptop though i want to get right.

Revised version

/dev/sda1 - /boot 50M - ext4 - minus journal
/dev/sda2 - swap 4G
/dev/sda3 - / 1G
/dev/sda5 - /opt 5G
/dev/sda6 - /usr 10G
/dev/sda7 - /usr/local 2G
/dev/sda8 - /usr/portage 10G - ext4 - minus journel
/dev/sda9 - /tmp 2G - ext4 - minus journel
/dev/sda10 - /var 10G (libreoffice complains if its less than 6G)
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.

[keenblade]

[Dark Foo]

[krinn]

if i may, why are you doing all those partitions ?

Doing and use partitions make sense (well, ok, maybe just for me) if you do that with multi-disks, as a security to prevent hardware failure.
Ok, maybe doing 1 for boot as another security (more to prevent a "i'm tired and i'm playing with my boot partition that is mount and i will cry 2s later")
But using only 1 disk and all those partitions won't gave you any security, if your disk die, partitioned or not you'll loose everything.

[cach0rr0]

part of *my* reasoning for using multiple partitions:

-different mount options based on something's intended purpose (e.g. noexec,nosuid,nodev)
-if one partition fills up, you dont have to worry about a system that ceases functioning; you simply clean things up once you recognize the problem
-different filesystems may be ideal for different tasks.

...however having said that, some of the partitioning strategy here does seem strange to me, but i am not someone to tell people how they should configure their own system
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

[Dark Foo]

[krinn]

security and laptop ?
Are you speaking about a laptop: that nomad computer that you will connect everywhere you could, that small thing anyone will steal if you forget it on a table (lol or on purpose), that thing that use SSD, and that thing that you will keep online/offline every 2 minutes ?

You mean that really ?

[Dark Foo]

you think that threats only come by taking things out of the house, what about when its connected to the net? and the drives will be encrypted so makes no difference If your not going to bother posting anything of help don't bother posting at all
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.

[krinn]

Well i'm sorry if you didn't think it was to help, but it was for me, letting you rethink about your problem, just like a laptop online security will just be better secure because it will goes as i said online/offline every x minutes.
But you could use a laptop as server, but that's not its first usage generally.

[Dark Foo]

Sorry, I'm ill and a bit cranky, the laptop only ever leaves the house if i go to a friends or my brothers, so if i do leave it there and it goes missing, because the drives are encrypted the info is safe, and then i can claim on their insurance, so win win

I was advised to separate a single drive like that or in some form because you can use noexec,nosuid,nodev which is supposed to help, not fully up on it as im still reading up on it myself

edit: an example:

[krinn]

I'm just trying to show you that applying a rule for a desktop to a server or a server to a laptop is not the best solve.
desktop, server and laptop have different usage, and so different way to handle them.

Securing a laptop that goes online is a bit a waste of time (i'm not saying to make it open), like any mobile device, your security mostly will depend on the network it will be attach to, and you cannot be sure of the network if it's not your (your laptop security will mostly depend on your brother security level), in example: you might not get attack from internet, but just from the neightbor of your brother that hack into his network. Generally people using laptop use wireless connection, an insecure transport.

If an internet hacker consider your host :
- A laptop would be a dumb thing to hack to reuse as bot as it will be online/offline for small time and randomly, not the same as a server that should stay always online as more as it could (so it could work for him a lot and he can refind it easy).
So there's no real need to prevent anyone to run programs, noexec and all are mostly useless as a laptop is simply a weak target by its online reliability and avalaibility.
- and if he consider it for datas, well are you the NSA ? a bank ? Just a user, and even your private life is important to you, i don't think your life is so important that anyone will try to break into it to steal it, no offense here, i'm in the same position as you and as everyone here (except if you're a blonde famous babe to steal your private video and picture).
It's just better to not keep sensible datas in a laptop that many would like to steal or that you can lost, and i have 0 statistics to gave you, but for a laptop, i think it should be the top way to loose your datas than been hack from an internet hacker.

So using a one disk won't warrant your datas safety as that safety relly only on the hdd reliability, so the huge number of partitions is moslty a 0 security addition for a laptop, but sure a pain to handle with space attribution, just like your case show : you have create a thread to query people what size to attribute on each part.

It's funny to see how many partitions you've made, just to see you didn't make one for your /home

[Dark Foo]

i did make one for home the rest of the drive, i just wanted to get the other bits sorted, should have over 400GB for home.

The above partition list was changed

/boot
/
/opt
/usr
/usr/portage
/tmp
/var
/home

do people suggest to just use a 4 partition set up?

/boot
swap
/
/home

the other machine is mainly going to be a back up machine should main pc suffer any issues and to store stuff, i just want to sort things out before i move all my systems to Linux, if that means asking what some might deem stupid questions then so be it, if i don't know what i am doing i will ask people that do, if they chose to answer and help that is up to them, if not i have to go with what i can find on the net and hope for the best.

Re-installing the laptop or other PC wont be an issue i have plenty of time on my hands.
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.

[krinn]

I didn't catch the /home as it wasn't in the list

For a laptop, if i were you, i would even consider going down to only 3.
/, /home and swap
As /boot is just a security to not play too much with it, but for a laptop, i will upgrade the kernel only when it's a need for other tools, why cares to have the latest kernel running to get more hardware on a device that won't have its hardware change a lot.
And even if you wish upgrade a lot the kernel (because of bugfix, security holes, new FS version...), doing it with a tiny bit of awareness should suffice to not put hell on your /boot directory.

[Dark Foo]

and what would you suggest for a normal desktop - the same? 3 partitions?
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.

[Hu]

Many people treat laptops as a mobile desktop. As such, it makes quite a bit of sense to apply standard desktop security features as a baseline. Yes, the laptop will be exposed to threats a desktop will not face. However, that is no reason to ignore the threats which can affect both types of system. Using isolated filesystems for the benefits that cach0rr0 explained is a relatively cheap way to improve the system. When LVM is used as well, the major disadvantage of isolated filesystems is substantially reduced.

[Dark Foo]

[Hu]

Since /tmp is mostly wiped on reboot anyway, I have switched to making it a tmpfs and increasing the size of swap accordingly. In your case, I would make swap 6G instead of 4G, and mount a 2G tmpfs at /tmp.

[Dark Foo]

[Hu]

Yes, that would do what I describe. However, you should also add in appropriate security mount options for /tmp and your other partitions. Set nodev on everything except /dev. Set noexec on filesystems not normally used for executable content. Set nosuid on anything which requires exec, except for / and /usr, since those hold files that do need suid.