# "partitioning" var with zfs



## pL1277 (Oct 15, 2013)

Hello.  I did use the forum search so I apologize in advance if I just missed this.  

I'm setting up a new server with 9.2-stable and using ZFS on root.  I'm using the basic 3 part GPT layout boot/swap/zfsroot.

I notice (from these forums and Google searches) that most people make separate usr and var (and maybe tmp or use tmpfs) datasets.  This is consistent with what I'm used to on a UFS machine.  Then most people seem to make separate ones for ports and src so they can be compressed.  This also makes some sense to me.  I run poudriere (which uses a few more datasets) and I have a separate multimedia dataset (music, movies, etc).  I will also set up jails for a few processes (mailer, webserver, radius server).  At this point, I have probably 10-15 datasets which makes `df` and `zfs list` somewhat tedious to parse and figure what's going on on the system as time goes by, but I'll get used to it.

My question is about /var.  I notice that most people seem to be splitting /var up into multiple partitions (var/spool, /var/empty, /var/db, /var/run, /var/crash, /var/db/pkg, /var/log, /var/mail, /var/tmp in the example I most recently saw).  While I realize the advantages about being able to set and fine-tune compression, read-only, noexec, setuid, etc, it seems this makes administration of the server much more cumbersome.  Is there a consensus on whether this is all necessary?  Does it really provide any noticeable performance or security gains?  I'm tempted to use a single var dataset and compress the whole thing.  It will be a fairly low traffic home and media server (so I'm probably over thinking this whole thing, but I'm curious anyway).  The system it's replacing only has about 1.1 GB in /var and was first put together in 2008.

Again, I'm mostly thinking of the long-term maintenance of the machine.  I'm interested in your comments.


----------



## ShelLuser (Oct 15, 2013)

pL1277 said:
			
		

> I notice that most people seem to be splitting /var up into multiple partitions (var/spool, /var/empty, /var/db, /var/run, /var/crash, /var/db/pkg, /var/log, /var/mail, /var/tmp in the example I most recently saw).  While I realize the advantages about being able to set and fine-tune compression, read-only, noexec, setuid, etc, it seems this makes administration of the server much more cumbersome.


Not exactly sure I can follow your reasoning here. All those options which can be set are usually set once and then never bothered with again. I most certainly agree that it takes more time to set it all up, but it hardly has any impact on the administration of the whole thing.



			
				pl1277 said:
			
		

> Is there a consensus on whether this is all necessary?  Does it really provide any noticeable performance or security gains?  I'm tempted to use a single var dataset and compress the whole thing.


This approach could turn into a resource hog, depending on what you're going to do with the server. For example]/var/db[/FILE]. If you compress that then this also means that the file system may have to deal with some pretty big files, which could also be used quite often, thus putting more impact on your system.

Then there's /var/db/pkg, /var/db/portsnap or what to think about /var/spool?

But once again; it all depends on the eventual use of the system.


----------



## pL1277 (Oct 15, 2013)

Yes I agree for SQL.  I don't plan to use any databases.  I guess the nice thing about ZFS is I can change my mind later.


----------



## Savagedlight (Oct 15, 2013)

When it comes to SQL databases, you should make individual file systems for them either way (i.e. not just dump them on /var, but configure several sub file systems of /var with specific options), as ZFS requires a bit of tuning to work optimally with them.


----------

