• Decipher0771@lemmy.ca
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    Depends on your system. Desktop have different requirements than servers.

    On both at minimum, I’d keep /home and /var/log separate. Those usually see the most writes, are least controlled, and so long as they’re separate partitions they can fill up accidentally and your system should still remain functional. /tmp and /var/tmp should usually be mounted separately, for similar reasons.

    /boot usually keep separate because bootloaders don’t always understand the every weird filesystem you might use elsewhere. It would also be the one unencrypted partition you need to boot off of.

    On a server, /opt and /srv would usually be separate, usually separate volumes for each directory within those as well, depending how you want to isolate each application/data store location. You could just use quotas; but mounting separately would also allow you to specify different flags, i.e. noexec, nosuid for volumes that should only ever contain data.

    /var/lib/docker and other stuff in /var/lib I usually like to keep on separate mounts. i.e. put /var/lib/mysql or other databases on a separate faster disk, use a different file system maybe, and again different mount options. In distant past, you’d mount /var/spool on a different filesystem with more inodes than usual.

    Highly secure systems usually require /var/log/audit to be separate, and needs to have enough space guaranteed that it won’t ever run out of space and lock the system out due to inability to audit log.

    Bottom line is its differnet depending on your requiremtns, but splitting unnecessarily is a good way to waste space and nothing else. Separate only if you need it on a different type of device, different mount options, different size guarantees etc, don’t do it for no reason.

    • Andrius Štikonas@lemmy.kde.social
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Regarding /boot, it can be encrypted as long as your bootloader can decrypt it, for example GRUB can decrypt LUKS encrypted partitions (albeit somewhat slowly). And the only partition that really has to be unencrypted is UEFI system partition (ESP), where bootloaders are located.