| Jeff McAdams on 19 Dec 2007 11:53:22 -0800 |
|
brent saner wrote:
> Dan Widyono wrote:
>> Make sure you protect access to swap with appropriate permissions if you use
>> a file.
> dan brings up an important point. no matter what you use, file or
> partition, remember that if someone really wants to crack their way into
> it, swap can be (semi-)readable. so permissions should definitely always
> be kept in mind if it's a file, and lockdown to mount and other assorted
> system utilities should always be an important part of your system if
> it's a partition (well, they should be locked down regardless).
>
> as for me personally, if it's on an older box, i use swap as a partition
> (and as the first partition on the disk, because that has the fastest
> spin-up time), usually twice the size of physical RAM. if it's on a more
> recent box that i know has enough physical RAM to play nicely, i'll add
> a swap partition ("just in case") about half the size of physical RAM
> and i'm not as concerned about placement of the partition on the disk,
> since at that point swap is just a contingency.
Also keep in mind that Linux' swap system is really quite sophisticated.
Start with a swap partition that you think will be sufficient. If it
turns out its not, you can always add a swap file later. Linux is quite
capable of using more than one swap location. It also has a priority on
a swap locations, so you can tell it to use the slightly faster swap
partition in preference to the swap file.
We've done this where I work, on occasion. We have some commercial apps
(aren't they always the problem children?) that insist on having x
amount of swap space available on the system, regardless of whether
there's ever any real chance of even touching it. So we use dd to
create a big file of the size needed, mkswap it, and swapon it at a
priority level that it'll never get used. Badly behaved commercial apps
are happy, and the only thing we're out is some disk space that'll never
get touched. Shoot...if you can swing a way to create the file as a
sparse file, there's a pretty good chance that most of that disk space
will never actually get allocated anyway!
--
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin
Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|