12

In studying for the lcpi exam, I met the following statement.

If multiple disks are available it is good practice to also have the /usr and /home directories on different partitions. http://en.wikibooks.org/wiki/LPI_Linux_Certification/Design_Hard_Disk_Layout

For desktop workstations, it makes sense to put your home directory on a separate drive or partition.

I've loged into a lot of linux servers, and I have never seen the system admin put these folders on separate partitions.

Is is common practice to separate these folders on linux servers?
What reasons might you separate /usr and /home? (Besides making reinstalling easier).

spuder
  • 18,053
  • You might want to make /usr read-only, or make it an NFS share across multiple installations. – jordanm Jul 29 '13 at 02:58
  • @JMoore thanks for the insight. Do you also have a swap partition? If so, do you place it at the beginning or end of the drive. See my other question http://unix.stackexchange.com/questions/84453/what-is-the-purpose-of-multiple-swap-files – spuder Jul 29 '13 at 13:55

4 Answers4

17

The 3 primary reasons you would create these as separate partitions are as follows:

  1. performance
  2. isolation
  3. security

Examples

  • By separating /home you can put this data on a shared network disk so that when UserA logs into servers in a given domain, their /home/$USER will be a single copy that follows them from machine to machine. This is typically done using NFS and automounts (aka. autofs).

  • By putting /usr data on it's own partition, it can be mounted read-only, offering a level of protection to the data under this directory so that it cannot be tampered with so easily.

  • Some additional reasoning for isolating /usr, is for making it easier to deploy identical systems, these partitions can be prepared one time and then replicated across systems more easily.

  • Also separating the data out can make it easier for backup cycles.

  • Finally separating volatile directories such as /home can protect a system from having it's primary disk fill up by either an accidental or malicious user.

Over the course of my 15+ years of doing this I've only ever seen /home separated (as a network share via NFS) and the /boot and /var directories as being isolated as separate partitions. Outside of some esoteric Solaris boxes I can't recall ever seeing a Linux system having a separate /usr - and note that if you don't have /usr mounted before init starts, your system will break in esoteric and silent ways.

strugee
  • 14,951
slm
  • 369,824
  • 2
    The difference with Solaris is correlation without causation. In the early 1990s, splitting off /usr was often a good idea, and Solaris was pretty common while Linux was barely starting. As Linux took over, splitting off /usr was becoming obsolete. – Gilles 'SO- stop being evil' Jul 30 '13 at 01:24
  • 1
    IIRC debian-installer, if you select autopartitioning and select the option to split the most folders, will put /usr on a separate partition (along with /home, /var, /etc (I think), /boot and one or two others that I can't remember – strugee Jul 30 '13 at 02:58
  • Performance? making different partitions from one disk doesn't offer better performance but creating partition from different disk can. – MaXi32 Dec 13 '20 at 18:15
11

Putting /home on a separate partition is fairly common. That typically splits system files (/) and user files (/home). The two filesystems may have different performance trade-offs, different backup policies, different quotas, different security policies, etc. Also this way the OS can be reinstalled or reimaged independently of the user data. Splitting /home is a good idea both for single-user workstations and for multi-user systems that store user files. I'd only keep /home on the same partition on a server that has no user files beyond the administrators' configuration files (but there might be a separate partition for whatever that machine is about — /var/mail, or a database, etc.), or on a quick-and-simple installation especially on a laptop which isn't going to be rebalanced to use a second disk.

Putting /usr on a separate partition used to be common, back when the OS used a large amount of disk space (say, 300MB out of 1GB). This partition could be made read-only, might be shared over the network. Making /usr read-only had the advantage that in case of a power loss, it wouldn't need an fsck. Nowadays all major filesystems use a journal and don't require any lengthy fsck, and disk sizes have increased a lot more than OS sizes — 30GB out of 1TB is peanuts, so it doesn't need to be shared. There is no good reason to split /usr from the rest of the system (/bin, /etc, /var, …). If you see advice to split /usr, it's grossly obsolete.

9

It is common to separate /usr and /home. There are a number of reasons for this. Here are a few:

Encryption

Although encrypting the contents of /usr can have some benefits, it is common to dedicate full encrypted partitions to /home directories and leave /usr unencrypted.

Different drives

I am currently using a laptop that has a small SSD and a large hard drive. The root partition, which includes /usr, is on the SSD. /home is on the hard drive. SSDs wear down relatively quickly as they are written to. Putting volatile directories such as /home and /var on the SSD would decrease its lifespan significantly. Putting my root partition on the SSD decreases my machine's boot time.

Security

It is common to mount /home directories with the nosetuid option. This option disallows the execution of setuid files on a mount. Setting this option makes it more difficult for users to hide away root-owned setuid shells.

  • Thanks for the info. I did not know about nosetuid. Sure enough, I was able to run a script as root after finding this blog http://www.tuxation.com/setuid-on-shell-scripts.html – spuder Jul 29 '13 at 04:13
  • Putting /usr in a different partition can actually disrupt the init process, which will usually be looking for files there, when it might not have been mounted yet. – Dalker Apr 28 '19 at 13:09
  • If I understood you correctly, the root should be on the SSD, to decrease boot time, and /usr and /home should be on the SSD because they get a lot of writes

    So what should go on the HDD?

    – blockhead Nov 04 '19 at 11:08
2

another reason I have found is due to filesystem optimizations. /usr includes shared objects and some other common resources used during runtime by applications so you may want to separate it to put a filesystem better fit for frequent use. Likewise with /home you may also use it for a filesystem well suited for large data