Filesystem choice in secure server installation
Hi, I was reading the SLES8_EAL2_SecurityGuide.pdf http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf On page 8 it stated to have the "/" partion as ext3. If I remember correctly SuSE had ReiserFS since 6.4 and and it has been the default choice of filesystem for quite a time. So want I want to understand is what makes "ext3" as a better choice for the meeting of criteria and what are the reasons reiserfs fails. I do not want to start a flame war but I want to understand the facts in making such a decision. Thanks and greetings from Stuttgart -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't put me in TO/CC. Nisi defectum, haud refiecendum
Hi! Am Mittwoch, 21. Januar 2004 18:26 schrieb Togan Muftuoglu:
Hi,
I was reading the SLES8_EAL2_SecurityGuide.pdf http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf
On page 8 it stated to have the "/" partion as ext3. If I remember correctly SuSE had ReiserFS since 6.4 and and it has been the default choice of filesystem for quite a time.
So want I want to understand is what makes "ext3" as a better choice for the meeting of criteria and what are the reasons reiserfs fails.
As far as I know ext3 is much more reliable in the aspect of File and data consistency. ReiserFS sometimes tends to losing data or attributes, which can be fatal in a server environment. Also the journaling of ext3 is AFAIK much better.
I do not want to start a flame war but I want to understand the facts in making such a decision.
Wouldnt count it as starting a flame war. Its good to know what you are doing, so ask if you are not sure about anything. There are no stupid questions, just stupid answers.
Thanks and greetings from Stuttgart --
Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
Igor Puschner DIV Systeme GmbH
Quoting Togan Muftuoglu
I was reading the SLES8_EAL2_SecurityGuide.pdf http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf
On page 8 it stated to have the "/" partion as ext3. If I remember correctly SuSE had ReiserFS since 6.4 and and it has been the default choice of filesystem for quite a time.
So want I want to understand is what makes "ext3" as a better choice for the meeting of criteria and what are the reasons reiserfs fails.
I do not want to start a flame war but I want to understand the facts in making such a decision.
I have no direct knowledge, but I'm guessing it has something to do with cutting down the work required to get EAL certification. EXT3 has the advantage of being somewhat simpler than reiser, it's essentially just a journaling system tagged onto the venerable ext2. ext2 had probably been vetted before, so getting ext3 in was easier than getting reiser in. I would be surprised if there was any technical reason; I believe it was just a way to streamline the certification. (and I'm someone who only uses ext3, not reiser, out of sheer bloody-minded stubborness and an irrational fear that reiser is not entirely stable)
I am a long time reiser user. And, I never had any problems with it until I replaced a Suse 7.0 server I have been using with reiserfs without any problems for years with a 9.0 Suse with reiserfs. It's a fresh install on a different but very similar machine. Everything works fine except one legacy Unixware application I have been using with the help of iBCS compatibility modules. The application periodically polls a directory, grabs any new files there, processes them and then deletes them. When the filesystem that contains the directory is reiserfs, it never sees some files. Moving, touching doesn't help, they are just invisible to the program. And, it only happens randomly and with a very small percentage of files created in the directory. Placing the directory in a loopback ext2 filesystem solves the problem, and the program never misses any files. The stranger thing is that the same program never had any problems with the reiserfs on 7.0. Selcuk suse@rio.vg wrote:
Quoting Togan Muftuoglu
: I was reading the SLES8_EAL2_SecurityGuide.pdf http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf
On page 8 it stated to have the "/" partion as ext3. If I remember correctly SuSE had ReiserFS since 6.4 and and it has been the default choice of filesystem for quite a time.
So want I want to understand is what makes "ext3" as a better choice for the meeting of criteria and what are the reasons reiserfs fails.
I do not want to start a flame war but I want to understand the facts in making such a decision.
I have no direct knowledge, but I'm guessing it has something to do with cutting down the work required to get EAL certification. EXT3 has the advantage of being somewhat simpler than reiser, it's essentially just a journaling system tagged onto the venerable ext2. ext2 had probably been vetted before, so getting ext3 in was easier than getting reiser in.
I would be surprised if there was any technical reason; I believe it was just a way to streamline the certification.
(and I'm someone who only uses ext3, not reiser, out of sheer bloody-minded stubborness and an irrational fear that reiser is not entirely stable)
I have definitely had stability problems with a server using ReiserFS.
This was in SuSE 7.2 so might be better now but it caused a lot of lost time
and embarassment for me. Any processes accessing either certain files or
certain directories - fairly randomly this occurred - would hang and be
unkillable - going to state "D" in ps (I think this is called
uninterruptible wait and represent the fact that the process cannot receive
semaphores or signals and will never be scheduled until the I/O kernel
operation performed has completed - it never completes - this seems to be a
classic symptom of a buggy kernel driver).
Since then my business partner and I have agreed a moritorium on ReiserFS on
our server(s).
I recently upgraded the box to SuSE 8.2 and took the opportunity to move the
root fs to ext3. This has one major benefit - if all else fails you can
mount it as ext2. That's what I did after a recent server crash caused by
faulty RAID kernel drivers supplied by the company that made the RAID card.
Personally, I would definitely recommend ext3 and possibly even ext2
exclusively for a server environment.
Regards,
Carl
----- Original Message -----
From:
Quoting Togan Muftuoglu
: I was reading the SLES8_EAL2_SecurityGuide.pdf http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf
On page 8 it stated to have the "/" partion as ext3. If I remember correctly SuSE had ReiserFS since 6.4 and and it has been the default choice of filesystem for quite a time.
So want I want to understand is what makes "ext3" as a better choice for the meeting of criteria and what are the reasons reiserfs fails.
I do not want to start a flame war but I want to understand the facts in making such a decision.
I have no direct knowledge, but I'm guessing it has something to do with cutting down the work required to get EAL certification. EXT3 has the advantage of being somewhat simpler than reiser, it's essentially just a journaling system tagged onto the venerable ext2. ext2 had probably been vetted before, so getting ext3 in was easier than getting reiser in.
I would be surprised if there was any technical reason; I believe it was just a way to streamline the certification.
(and I'm someone who only uses ext3, not reiser, out of sheer bloody-minded stubborness and an irrational fear that reiser is not entirely stable)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Thursday 22 January 2004 18:18, Carl Peto wrote:
I have definitely had stability problems with a server using ReiserFS.
This was in SuSE 7.2 so might be better now but it caused a lot of lost time and embarassment for me. Any processes accessing either certain files or certain directories - fairly randomly this occurred - would hang and be unkillable - going to state "D" in ps (I think this is called uninterruptible wait and represent the fact that the process cannot receive semaphores or signals and will never be scheduled until the I/O kernel operation performed has completed - it never completes - this seems to be a classic symptom of a buggy kernel driver).
Be that as it may, I currently have 16 systems all running the exact same Suse version, 7.2, and all are equipped with reiserfs (ext2 on /boot, and all of /, /var /usr /home are reiserfs). I have never ever had a FS problem and they have been running almost 3 years now. All are still in -sometimes heavy- use, 24/7. Apart from that I almost exclusively deploy reiserfs since it was included in SuSE, without a glitch. So, you may have had problems with it, but it is not per se reiserfs that is at fault. It may be hardware, or software, or any combination thereof.
Since then my business partner and I have agreed a moritorium on ReiserFS on our server(s).
your prerogative, of course.
I recently upgraded the box to SuSE 8.2 and took the opportunity to move the root fs to ext3. This has one major benefit - if all else fails you can mount it as ext2. That's what I did after a recent server crash caused by faulty RAID kernel drivers supplied by the company that made the RAID card.
My experiences are the exact opposite of yours. I once built a raid-5 ext3 fileserver with close to 400GiB diskspace. We later found out that whenever a servercrash occurred, the ext3 FS malfunctioned in such a way that it did not replay its journal (as reiser does) but instead started a 'normal' ext2 full fsck. Now you can imagine how long a 400GiB fsck check takes, so you also can imagine we kicked ext3 off of that machine SO fast that its head spinned...! A very bad experience, all in all, and quite frustrating. (nothing is more frustrating than having to wait, unable to do anything!) We tried to fix things with tunefs but to no avail; after booting the ext3 partition stubbornly insisted it was ext3 and with fully working journaling. And at boot time it persisted in acting like an ext2 volume.
Personally, I would definitely recommend ext3 and possibly even ext2 exclusively for a server environment.
Ext2 ??? You must be joking. Try sitting watching a lengthy e2fsck run, with management staring over your shoulder while you try to explain the downtime. Ext2 is for <2GB HDDs. I do trust you're not using disks that old anymore...?
Regards, Carl
----- Original Message ----- From:
To: Sent: Wednesday, January 21, 2004 5:48 PM Subject: Re: [suse-security] Filesystem choice in secure serverinstallation Quoting Togan Muftuoglu
: I was reading the SLES8_EAL2_SecurityGuide.pdf http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf
On page 8 it stated to have the "/" partion as ext3. If I remember correctly SuSE had ReiserFS since 6.4 and and it has been the default choice of filesystem for quite a time.
So want I want to understand is what makes "ext3" as a better choice for the meeting of criteria and what are the reasons reiserfs fails.
I do not want to start a flame war but I want to understand the facts in making such a decision.
I have no direct knowledge, but I'm guessing it has something to do with
cutting
down the work required to get EAL certification. EXT3 has the advantage
of
being somewhat simpler than reiser, it's essentially just a journaling
system
tagged onto the venerable ext2. ext2 had probably been vetted before, so getting ext3 in was easier than getting reiser in.
I would be surprised if there was any technical reason; I believe it was
just a
way to streamline the certification.
(and I'm someone who only uses ext3, not reiser, out of sheer
bloody-minded
stubborness and an irrational fear that reiser is not entirely stable)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
So want I want to understand is what makes "ext3" as a better choice for the meeting of criteria and what are the reasons reiserfs fails.
Being a long time user of both, I have found that ReiserFS is easier to recover from failure, but EXT3 is less prone to failure. Looking in the SuSE 8.2 Professional Manual, there are some very concise and clear definitions of what the pro's and con's of the various different filesystems are. I would suggest reading through something like this to give you a better understanding of what the differences are. (Especially when it comes to maximum allowable partitions/filesizes etc) barry
* Barry Gill; on 22 Jan, 2004 wrote:
Being a long time user of both, I have found that ReiserFS is easier to recover from failure, but EXT3 is less prone to failure.
Looking in the SuSE 8.2 Professional Manual, there are some very concise and clear definitions of what the pro's and con's of the various different filesystems are.
It is interesting to discover how one can read things and not pay attention to discover later it has been there for ages
I would suggest reading through something like this to give you a better understanding of what the differences are.
(Especially when it comes to maximum allowable partitions/filesizes etc)
According to the 8.2 Admin guide page 490(pdf version) "Ext3 is designed to take care of both metadata and data.The degree of care can be customized.Enabling Ext3 in the data=journal mode offers maximum security (i.e., data integrity), but can slow down the system as both metadata and data are journaled.A relatively new approach is to use the data=ordered mode, which ensures both data and metadata integrity, but uses journaling only for metadata.The file system driver collects all data blocks that correspond to one metadata update.These blocks are grouped as a transaction and will be written to disk before the metadata is updated.As a result, consistency is achieved for metadata and data without sacrificing" "ReiserFS has proven to be a powerful alternative to the old Ext2.Its key assets are better disk space utilization, better disk access performance, and faster crash recovery.However, there is a minor drawback:ReiserFS pays great care to metadata but not to the data itself.Future generations of ReiserFS will include data journaling (both metadata and actual data are written to the journal) as well as ordered writes." So my understanding from the above is the lack of caring for the data itself causes reiserfs to be drawn awya from the filesystem choice. Since Ext3 can take care of metadata and data itself becomes a winner. -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
On Thursday 22 January 2004 11:44, Togan Muftuoglu wrote:
Since Ext3 can take care of metadata and data itself becomes a winner.
It also becomes very slow, because essentially all data has to be written twice. You do not want to use data=journal in a production environment. Should you need data=journal in such an environment, you should look at how you create your business processes (because you have single copies of important data on just a single machine and no recovery procedure from such data losses). Kristian
Absolutely, if data integrity is that important you should be using a battery powered RAID adapter and storing everything in a transaction aware database--neither of which are all the expensive now days. As a side note, one reason to support Reiser is that Hans is probably among the most innovative open source programmer out there. While his artwork much more of an acquired taste, his views on the future of file systems is very interesting. Kristian Köhntopp wrote:
On Thursday 22 January 2004 11:44, Togan Muftuoglu wrote:
Since Ext3 can take care of metadata and data itself becomes a winner.
It also becomes very slow, because essentially all data has to be written twice. You do not want to use data=journal in a production environment. Should you need data=journal in such an environment, you should look at how you create your business processes (because you have single copies of important data on just a single machine and no recovery procedure from such data losses).
Kristian
On Friday 23 January 2004 07:36, Brandon Hines wrote:
As a side note, one reason to support Reiser is that Hans is probably among the most innovative open source programmer out there. While his artwork much more of an acquired taste, his views on the future of file systems is very interesting.
This is leaving the intended scope of discussion for this list fast, but I believe the artwork is his mothers, if I remember correctly. On reiserfs4, I'd like to see a comparison of the reiserfs4 concepts to the LFS work that John Ousterhout (sp?) explored in Sprite and Margo Selzer later ported and improved in BSD. Is Hans Reiser aware of these works, and how does he differentiate himself from that? On reiserfs 4 and logs: reiserfs4 is essentially data=journal all the time, but with a single write, because the Log _is_ the filesystem, as it was in LFS. Also as in LFS, reiserfs4 seems to have a repacker process that tries to defragment the structure of the file system when the system is otherwise idle (so it is not actually single write, it is just that the second write is optional, and deferred). Kristian
* Kristian Köhntopp;
On Friday 23 January 2004 07:36, Brandon Hines wrote:
As a side note, one reason to support Reiser is that Hans is probably among the most innovative open source programmer out there. While his artwork much more of an acquired taste, his views on the future of file systems is very interesting.
This is leaving the intended scope of discussion for this list fast, but I believe the artwork is his mothers, if I remember correctly.
I agree and I want to understand the technical reasons not personal experiences ( I value them all, yet they do not give me the reasoning why Ext3 was choosen in during the certification process) Thanks for all the responses so far and yes I will make a summary of the whole thing. ps. As a side note there is a similar discussion on postfix-user list, So I am watching that thread with interest as well Greetings from Stuttgart -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
participants (9)
-
Barry Gill
-
BoeserRiese@gmx.de
-
Brandon Hines
-
Carl Peto
-
Kristian Köhntopp
-
maarten van den Berg
-
Selcuk Ozturk
-
suse@rio.vg
-
Togan Muftuoglu