One small /boot which is also my EFI system partition.
And a partition for / which covers all the rest of the drive.
Partitioning only limits flexibility. At some time you will regret your choice of partition sizes.
Tbf, you can mitigate this problem by using lvm or btrfs with subvolumes.
I did that years ago and then kept fiddling with the lfs subvolume sizes. I see absolutely no advantages to make things more complicated than needed.
I dan’t know if this is still valid but I used to be told to have different partitions for your system, logs and data (home directories) … and have the swap-partition located in between them. This was to limit the distance the head has to move when reading from your system starts swapping.
But if you use a SSD drive, that is not valid anymore of course :-)
Kr.
Nowadays you don’t even need a /boot unless you’re doing full disk encryption and I actually recommend keeping /boot on / if you’re doing BTRFS root snapshots. Being able to include your kernel images in your snapshots makes rollbacks painlessly easy.
UEFI forum made it a requirement for motherboard constructors (hp, dell, msi…) to make their UEFI implementation to be able to at least read fat(12/16/32) filesystems. That is why you need a fat(12/16/32) partition flagged ESP (efi system partition) for holding your boot files.
So, I dont think you can do that unless you fall back to the old outdated BIOS or you have some *nix filesystem in your uefi implementation which I dont trust.
You’re only partially correct.
/boot
doesn’t have to also be your EFI partition. In fact, most distros by default will separate the two, with the EFI partition mounted at/boot/efi
and/boot
being a separateext4
based partition. My suggestion is that, if you’re running BTRFS, you should merge/boot
and/
as one partition. You’re still free to have a FAT32-based EFI mounted at/boot/efi
or better yet/efi
.I use systemd-boot and my mount point is /efi. /efi/EFI/ is where my bootloaders live.
If I rollback to an old enough snapshot, I have to reinstall my kernels from a chroot. It’d be cool if I could get around that.
Where’s your /boot?
Separate FAT32 part.
It has been a while since I used grub that I forgot tgat esp could only be used to hold the boot files residing on /boot/efi.
I am guessing you’re on systemd-boot? Yeah, one of the reasons why I hesitate to use it is how it requires EFI contain the kernel images. I am currently using refind.
Yeah, I’m on systemd-boot, it requires the kernel to be located in the ESP partition which I mount in /boot, resulting in cleaner setup.
Full disk encryption can be done without a separate /boot if your bootloader is modern enough. It’ll ask you for your password before the GRUB/sysyemd-boot/rEFInd OS selection screen.
I’ve made this work on Manjaro and Ubuntu without too much effort. My only mistake was not putting swap in a separate partition, leading to some painful problems when it comes to hibernating the system.
I’ve heard that you have to put in your encryption pw twice if you do it that way no?
Out of curiosity, what’s stopping you from shrinking the partition and adding a swap partition?
If you use the same LUKS container for the swap file and the root partition, you’ll only need to enter your password once to unlock the single LUKS container. The UEFI bootloader can then load the kernel and initramfs from the encrypted partition without a separate boot partition.
If all you’re trying to protect against is someone ripping out the SSD and running away with it, you can even go as far as have an encrypted filesystem without ever having to enter any password by leveraging the TPM. A TPM can also help strengthen a password encrypted partition, but the password free encryption makes encryption as easy as Bitlocker on Windows 11. Sadly, there’s not a lot of support for this in most distro installers.
Shrinking partitions is quite annoying already because you have to do that offline, and my LUKS+BTRFS setup isn’t very well suited for advanced partition operations. I’d also need to enter my password twice if I don’t retroactively add LVM to the mix. BTRFS works perfectly fine, but its management tools aren’t as reliable and mature as their ext4 counterparts.
That is why one small (512Mib) ESP and one BTRFS partition occupying the rest of my drive is my go, I can isolate the root (/), var and home partitions using subvolumes.
Users who distro hope may need a separate /home partition.
Aaaand your server just crashed because of a spammy log. You lost the company $222 million overnight, the database is corrupt, and every 9 minutes the company looses another $1 million.
Good job.
systemd resets the logs when they get big, this isn’t the 2000s anymore. But if you want to limit the size of /var/log, any modern filesystem has disk quotas per-directory
I found out the hard way that this isn’t always true. The vacuum task runs occasionally, but if the logs get spammed hard enough (i.e. faulty hardware) you can get 50GB of log files.
That said, this problem can be prevented using a little extra configuration. I just didn’t expect this to be a problem on a vanilla Ubuntu install, lol.
If the server is that important, monitoring should’ve woken up the emergency response team long before the database crashed.
It’s annoying to see Linux still doesn’t have usable disk quotas the way Windows 2000 had them, but the same is true for ACLs and many other things other operating systems have implemented decades before. I suppose you could repartition your disk to compensate for the lack of quote support by default, but there are better options.
Sorry to ask but why is get/set facl not sufficient for acls on linux?
Aside from the group/user facl, Windows also has ACL inheritance (making changing ACLs for a directory much faster), separate delete permissions (rather than write permissions on the parent directory), permissions regarding who can change permissions (again, rather than write permissions to the parent directory). It can also manage who can alter attributes like “read only”, for example to act as a share locking mechanism.
set/getfacl comes close but doesn’t provide the same freedom of configuration NTFS provides. There’s no “users of group X can temporarily take ownership of a folder and all subfolders” without recursively going through every object, which can be very painful over the network.
Furthermore, the Windows SID system is much more practical for shared networks than the incremental user IDs Linux generates per install. You can centrally allocate user IDs in Linux, but it’s not an integral part of the system like it is on Windows, where even local accounts have unique user IDs.
It really depends on your requirements…
But a few useful points:
- Use GPT partition table and not MBR. Everything will be simpler, no need for extended/logical partitions.
- If you need to be able to do online (mounted) partition resizing, pick btrfs. Ext4 can only grow them online but not shrink.
- Make sure your partition boundaries are 1 MiB aligned.
- If you need more advanced setups, consider using LVM.
About lvm though, experiment with it before jumping in with your daily driver.
Indeed, it’s a bit more complex setup, you won’t be able to boot without initramfs. But in certain cases (e.g. encryption or partitions spanning multiple devices) it is very useful.
A lot of distros default to booting with an initramfs or initrd by default, anyway. If only because you can set up an encrypted drive at installation time, so may as well have it but not need it rather than the reverse.
1Gb EFI, rest of the disk LUKS with a single BTRFS inside. Use BTRFS subvols to divide things up. Swap as a swap file on BTRFS (be sure to set it as no_cow).
Same, except ZFS instead of BTRFS for me.
And / is tmpfs, /home is tmpfs, /nix, /etc/nixos, /var/log, /home/$username/downloads, /home/$username/documents, and some other directories are ZFS subvolumes bind-mounted at boot. That’s only an option for NixOS or Guix though, so don’t worry about opt-in state on other distros.
Swap on BTRFS makes setting up hibernation very difficult. It can be done if the swap file is contiguous and you can find the exact offset of the bytes on disk, but it’s not very reliable in my experience.
My ideal setup would be 1GB EFI + LUKS, containing LVM for an encrypted swap partition + the OS partition.
In many of my laptop setups I’ve also solidified around similar setup: 200 or 500 mb efi + luks with lvm with root and home volumes. Swap is a file which makes everything easy without having to care about another partition and is automatically encrypted since it stays on root.
Partition formats is always ext4 since there’s no need for anything else. Tried btrfs in the past and it had problems, more than it solved, and xfs years ago regularly had problems corrupting files when power went off. I swore on never using any of those 2 again.
I prefer a very small EFI partition mounted at /boot/efi, that way the kernels and initrds sit at /boot alongside the rest ot the files (though if you also want encryption you need to add your encryption keys to initrd so you don’t have to enter the password twice)
Some distributions (e.g. NixOS) store their kernels on the EFI partition, going small will bite you on those. 1GB is a good size. The Windows default of 100MB is only enough to store two kernels.
Edit: This might actually be
systemd-boot
specific.This is true. I used a 1gb boot partition on my Nixos install and every time I update it I need to delete all the old kernels/initrd and sometimes I even delete the one that’s currently running.
I use NixOS, and read my comment again. /boot/efi is only for GRUB. /boot is where the actual kernels reside, and it isn’t on the EFI partition.
Might actually be
systemd-boot
thing, not a NixOS specific thing, either way, this is where my kernels are:/boot/EFI/nixos/vnmrdbd7a5rg6482d6p8zxc57xf2nxqb-linux-6.1.44-bzImage.efi
/boot is straight up the EFI partition, there is no separate /boot partition.
yeah that’s probably because systemd-boot only supports FAT
*FAT32
I doubt it doesn’t support FAT16
i usually have efi boot partition (512mb), / (linux root), /home (i usually make this pretty big) , and swap partition.
Same, except I also keep /var on a separate partition (old FreeBSD habit), as the I/O characteristics of /var are usually very different from rest of /
Same: EFI, then / is small like 50GB, and home is the remaining of disk. My swap is the size of RAM so I could hibernate but in fact never use it really, as my system either sleep or if shutdowned, can boot in a few seconds. You cannot go wrong with the setup from @[email protected].
There was a time when I had (and we needed) complicated partition… one for / really small like a few MB, and basically one for bin, etc, var, use, home, tmp (not a lot of RAM at the time so tmp was on disk, not in ram) etc.
Usually, I do the simplest thing: all the stuff goes on one big ext4 partition. I don’t make a separate partition for /home. I’ll make a swap partition if I can remember but I’ve forgotten to do that before and nothing bad happened. The bootloader goes on a fat32 /boot/efi on the same drive as whatever the Linux install is on. This way I can swap around the drive to different pcs if I have to or easily change/upgrade drives without having to reinstall all my stuff.
This strategy works for dual booting Windows also. I’ll put the windows install all on its own separate drive so it won’t try to erase grub during a disk check or something. That happened one time. Also, by putting Windows and Linux on separate drives you can use the bios to boot between Windows or Linux if you mess up one of the bootloaders.
The two drives thing is an interesting strategy. I might look into implementing that. Thinking of switching to an arch based Linux from debian.
I also use this method and it’s worked great for a long time.
Not saying my practice is the best one, but here’s what I do:
- EFI system partition is mounted on /boot
- kernel is held here. In case of distros like NixOS etc that keep around old kernels, a small ESP might run out of space. I make mine at least 1GB.
- the rest of the disk is one luks2 volume
- inside the encrypted volume, there’s a BTRFS volume
- there’s a subvolume for /home
- and a subvolume for every distro I have (which is usually 1, but sometimes I tinker or switch)
- Kernel command line parameters specify the btrfs subvol with the right distro to boot.
- for NixOS, you need a bootloader (to choose the right kernel). Systemd-boot works well, and its configuration is easily readable. I never figured out how to work with GRUB2, its configuration is just too confusing.
- or if you like Arch, dispense with bootloaders and just use EFISTUB. You can put kernel cmdline params into EFI bootloader options with
efibootmgr
.
Simple yet complete. Efficient, and extensible - for example, now that everything is a subvolume, I can easily snapshot it, then create backups with rsync off the snapshot, to avoid inconsistent state between backed-up files.
- EFI system partition is mounted on /boot
I think you’re going to get a wide variety of responses here. It comes down to a lot of factors.
For me personally, I’ve been shifting everything I have to Btrfs, so I can tell you what I’ve done recently and why.
A big caveat is that many of my systems have multiple physical drives. This means I’m often setting things up based on the speed and capacity of those disks.
But, I do have one system with a single drive shared for booting, root, and home. It’s set up like this:
-
A FAT32 partition for /boot. 512 MB.
-
A single Btrfs partition across the rest of the drive.
-
Btrfs subvolumes: @ mounted at /, @home mounted at /home. @snapshots mounted at /.snapshots.
I could go crazy with other subvols (e.g. for /var/log), but ultimately it is sufficient for me to be able to snapshot / and /home separately.
For some of my other systems, I’ll have / and /home on different drives. In that case, each has their own @snapshots with their own mount point. I tend still to throw the EFI boot partition mounted at /boot on the same drive as /.
It’s very easy to simply change /etc/fstab as needed and point to another snapshot, effectively rolling back the drive to some former point as necessary.
I’ve had some wild issues that I can’t even begin to explain with btrfs. I landed on using xfs for / partition and btrfs on /home
Fair, I’ve not had any issues but I’m sure they exist. One or the other is faster based on workload, too, so it’s not really that one is objectively better all the time.
tbh I’m pretty sure the issue I ran into was user error anyways, but once I finally figured out what I was doing, I decided to land on xfs for root and btrfs for home for the following reasons.
- xfs is supposedly more performant and common in data centers
- having a separate partition mounted at /home allows for os reinstalls or even distro swaps while retaining my home directory contents (assuming my user is the same)
- most of the contents I want backed up are held in /home. I don’t want snapshots of my entire system laying around
- I like being extra
I’m sure a lot of them existed 10 years ago but today it is a really good FS. I’m using btrfs on my server and laptop for a few years and had 0 issues. Today’s opinions on largly btrfs base on bugs and FUD from the past which is a shame.
Except RAID5 and 6. Don’t use them with btrfs :)
-
Depends on your system. Desktop have different requirements than servers.
On both at minimum, I’d keep /home and /var/log separate. Those usually see the most writes, are least controlled, and so long as they’re separate partitions they can fill up accidentally and your system should still remain functional. /tmp and /var/tmp should usually be mounted separately, for similar reasons.
/boot usually keep separate because bootloaders don’t always understand the every weird filesystem you might use elsewhere. It would also be the one unencrypted partition you need to boot off of.
On a server, /opt and /srv would usually be separate, usually separate volumes for each directory within those as well, depending how you want to isolate each application/data store location. You could just use quotas; but mounting separately would also allow you to specify different flags, i.e. noexec, nosuid for volumes that should only ever contain data.
/var/lib/docker and other stuff in /var/lib I usually like to keep on separate mounts. i.e. put /var/lib/mysql or other databases on a separate faster disk, use a different file system maybe, and again different mount options. In distant past, you’d mount /var/spool on a different filesystem with more inodes than usual.
Highly secure systems usually require /var/log/audit to be separate, and needs to have enough space guaranteed that it won’t ever run out of space and lock the system out due to inability to audit log.
Bottom line is its differnet depending on your requiremtns, but splitting unnecessarily is a good way to waste space and nothing else. Separate only if you need it on a different type of device, different mount options, different size guarantees etc, don’t do it for no reason.
Regarding /boot, it can be encrypted as long as your bootloader can decrypt it, for example GRUB can decrypt LUKS encrypted partitions (albeit somewhat slowly). And the only partition that really has to be unencrypted is UEFI system partition (ESP), where bootloaders are located.
- 500mb-600mb fat32 /boot partition
- 40gb - 100gb ext4 or btrfs / partition (if you know you’re gonna install a lot of software, go bigger)
- 1x - 2x ram as swap
- rest of disk as ext4 /home partition
Why not BRTFS for the /home partition?
I haven’t had swap since I started using 32GB of ram and I’ve been fine. Might be worthwhile to use LVM for a more adjustable partitioning just in case. I made the mistake of making root 50G and I’ve been fighting with it for a while.
swap is there so u can hibernate rather than shutdown
Yeah, 32g is barely enough for what I do daily at work, so I have similar amount of ram combined with similar amount of swap file so I can safely hibernate even when the ram is full.
My initramfs and kernel have grown to about 300MB per version. With most distro keeping at least one old kernel+initramfs as backup in case of boot failure, I’d go for a much bigger boot partition.
- 1 GiB FAT32 EFI, rest in your preferred filesystem for root
- If you are dualbooting and accessing all files / games from Windows is a concern, make Linux root partition around 50 GiB
- I use zram instead of swapfile or partition but setting up zswap (NOT zram) with swapfile is a better idea.
- You didn’t mention encryption. Are you considering it?
Use zram instead of a SWAP partititon. Zram compresses and keeps in RAM. It’s default on Fedora and a few others iirc.
Can you still hibernate and suspend?
Suspend to RAM works fine.
Suspend to disk (hibernate) doesn’t work without a persistent swap partition, no.
Depends on environment.
Real hardware separate for a server partitions for: /home, /var, swap, sometimes /usr, sometimes /var/log/audit Depends on deployment requirements, and if a system is expected to run after filling up audit.
Real hardware for a at home desktop: /var, swap, maybe /home, or just one partition for / and one for swap.
Cloud: all one partition, put swap in a file if it is needed. Cloud images are easy to grow if it is just one partition. Cloud-init will handle that automatically with the right packages installed, no configuration needed. Swap partitions are unlikely to be the right size as they vary according to memory and memory varies according to instance/guest sizes. Swap makes auto growing root partition harder (cloud-init custom config injection required). Best practice is to size workload and instances to not need swap whenever possible.
I personally have a tiny fat32 EFI partition, a small ext4 root, and everything else allocated to LVM2. Then LVs for every large path, like /home, /var, etc. I leave most of the extents unallocated until I need more space.