New Partition and Filesystem Setup
I have just completed the implementation of my new partition setup for my 40 gigabyte Acer Laptop. I had a chronic shortage of space, and a home directory that was mostly archives so I decided to compress my /home using squafs and liberated a number of gigs that way. I also compressed user. Squashfs is read only, so to get around not being to write to /home and /usr, I created unionfs entries where if any files are added to /home and /usr, they are actually added on a separate filesystem.
An unintended consequence to this is that I have more security in the preservation in the files in my /home. By creating a squashfs disk image, I now have a static backup of the home directory, static backups were not part of my backup regime prior to this, I simply copied my entire filesystem using rsync. I did this because it was simple, but it put my files at risk in the event where they would become corrupted or if I accidentily deleted a branch of files which would be automatically deleted in my backup.
The other major alteration that I made to my setup was to re-encrypt all of the partitions on my filesystem. Luckily, Ubuntu now bundles cryptsetup in its initrds which made my filesystem encryption much easier. I wanted to scramble all of the filesystems on my disk and wanted to scramble even the root. To encrypt the root I had to make a custom initrd that allows me to decrypt the root. The custom initrd also contains the necessary key to decrypt the filesystem. I used
my old notes as to how to setup the encrypted block devices and setup the initrd necessary to encrypt the drive. I now carry the laptop key much like I would carry a car key in the form of a mini-cd.
Making your own grub cd is very easy, instructions can be found
here
This is the relevant sections of my resulting fstab:
//begin fstab//
#
proc /proc proc defaults 0 0
/dev/mapper/root / ext3 defaults,user_xattr,errors=remount-ro 0 1
/dev/mapper/swap none swap sw 0 0
/dev/cdrom /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/mapper/home /mnt/home squashfs auto 0 0
/dev/mapper/usr /mnt/usr squashfs auto 0 0
none /home unionfs dirs=/home/=rw:/mnt/home=ro,auto 0 0
none /usr/ unionfs dirs=/usr/=rw:/mnt/usr=ro,auto 0 0
//end fstab//
I now have a much more secure albeit much slower and more complicated setup in my Linux laptop.