Non-hard drive partitions on locked down server?

I am working on setting up a server that will be locked away in a
physically inaccessible place, and am trying to take some precautionary
measures to minimize downtime. The server doesn't have to do much, really
just a log in server for ssh/ssl/vnc gateway purposes. Minor storage.

I want to have no hard drives on this system.

The bulk of the filesystem can be loaded off of CD-ROMs. This is of course
read-only and physically unalterable. A reboot would restore the system
state. Persistent intruders would be (nearly) impossible.

Does anyone have any experience using something like a USB flash drive for
non-volatile storage on such a setup? I know I could use RAM drives but I
need persistent storage (log files, home directories) and don't care much
about speed at all. The disk access will be minor.

As I understand it, many USB flash drives insist on carrying FAT file
systems. If that is the case then how can I go about introducing multiple
filesystem mount points within a SINGLE physical flash drive?

Would it work to, within a single FAT partition for the flash drive, create
multiple files to use as loopback mounts? I presume this will safely offer
all the UNIX permissions I need once those loopbacks are mounted.

Or any other ideas for how to do persistent r/w storage without using a
hard drive? I also don't have any network storage, must be local.

--
Jem Berkes
Windows, UNIX software and system design
http://www.sysdesign.ca/

On Tue, 08 Mar 2005 03:51:01 +0000, Jem Berkes wrote:

> I am working on setting up a server that will be locked away in a
> physically inaccessible place, and am trying to take some precautionary
> measures to minimize downtime. The server doesn't have to do much, really
> just a log in server for ssh/ssl/vnc gateway purposes. Minor storage.
>
> I want to have no hard drives on this system.
>
> The bulk of the filesystem can be loaded off of CD-ROMs. This is of course
> read-only and physically unalterable. A reboot would restore the system
> state. Persistent intruders would be (nearly) impossible.
>
> Does anyone have any experience using something like a USB flash drive for
> non-volatile storage on such a setup? I know I could use RAM drives but I
> need persistent storage (log files, home directories) and don't care much
> about speed at all. The disk access will be minor.
>
Hi Jem. No such experience here. In appreciation of your past
intelligent and helpful messages, I thought you should get some speedy and
hopefully helpful responses. Maybe this could be a "sounding board" for
some other, more knowledgeable or helpful replies.

> As I understand it, many USB flash drives insist on carrying FAT file
> systems. If that is the case then how can I go about introducing multiple
> filesystem mount points within a SINGLE physical flash drive?
>
Not sure anyone thought of that before. I think in this case that
"conventional wisdom" says each physical device needs its own and only one
mount point. Naturally, you could have software on CD or USB that could
over-ride that using sym-links or some other magic, IDK.

> Would it work to, within a single FAT partition for the flash drive, create
> multiple files to use as loopback mounts? I presume this will safely offer
> all the UNIX permissions I need once those loopbacks are mounted.
>
Sorry, I couldn't say, that's over my head.

> Or any other ideas for how to do persistent r/w storage without using a
> hard drive? I also don't have any network storage, must be local.

Well, you did say a single flash drive, but maybe you might want consider
more than one flash drive for different purposes, directories or mount
points. USB hubs for 4, 8(, 16 ?) flash drives are becoming more
available and less expensive (and no moving parts !! 8-) ) Just a
thought.

I hope someone else can follow up with something more useful, insightful
or just plain experienced or smart, "out-of-the-box" to help you get this
done, and just as quickly as possible. Also hope the good results you
achieve will trickle down to all the rest of us who are looking for any
major or minor "silver bullets". Please continue to help keep us informed.

Thanks again and best wishes.

On 2005-03-08, Jem Berkes <jb@users.pc9.org> wrote:
>
> Or any other ideas for how to do persistent r/w storage without using a
> hard drive? I also don't have any network storage, must be local.

Have you considered something like a Zip drive? It'll be dog-slow, but
you said you don't really need speed. (I'm assuming that a floppy will
be too small; if not, you could use that, maybe with a minix or FAT fs.)

In a worst-case scenario, a Zip disk can be ejected from the drive,
which may or may not be a feature for your setup.

--keith

--
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

>> Or any other ideas for how to do persistent r/w storage without using a
>> hard drive? I also don't have any network storage, must be local.
>
> Have you considered something like a Zip drive? It'll be dog-slow, but
> you said you don't really need speed. (I'm assuming that a floppy will
> be too small; if not, you could use that, maybe with a minix or FAT fs.)
>
> In a worst-case scenario, a Zip disk can be ejected from the drive,
> which may or may not be a feature for your setup.

Zip sounds like another possibility, then. I don't have any experience with
the devices personally. Do they tend to be resistant to corruption? For
instance, I really wouldn't trust a floppy disk for r/w over long periods
-- add to that the possibility of abrupt power loss. Do Zip drives tend to
corrupt data in such situations?

--
Jem Berkes
Windows, UNIX software and system design
http://www.sysdesign.ca/

Jem Berkes wrote:

> I am working on setting up a server that will be locked away in a
> physically inaccessible place, and am trying to take some precautionary
> measures to minimize downtime. The server doesn't have to do much, really
> just a log in server for ssh/ssl/vnc gateway purposes. Minor storage.
>
> I want to have no hard drives on this system.
>
Hmm. Hard drives are still the most durable and reliable option from the
ones you describe.

> The bulk of the filesystem can be loaded off of CD-ROMs. This is of course
> read-only and physically unalterable. A reboot would restore the system
> state. Persistent intruders would be (nearly) impossible.
>
Depending upon the amount of reads/laser head repositionings and spin
up/downs, your cd drives might wear out rather quick. Combined with a
possible problem with dust in that location, I would not give your cdrom
drive(s) much more then a few months of lifetime.

> Does anyone have any experience using something like a USB flash drive for
> non-volatile storage on such a setup? I know I could use RAM drives but I
> need persistent storage (log files, home directories) and don't care much
> about speed at all. The disk access will be minor.
>
Even flash drives have limitations in rewriteability. Most are specified for
100000 rewrites, which may be soon exhausted for constantly changing
directory entries or atimes. Unlike packet writing there is no scheme to
shift physical areas for such entries on the flashdisk. At least you will
have to make heavy use of ram cache and the "noatime" option.
Having said that, there are a lot of embedded linux devices (routers and
such) working from flash memory.

> As I understand it, many USB flash drives insist on carrying FAT file
> systems. If that is the case then how can I go about introducing multiple
> filesystem mount points within a SINGLE physical flash drive?
>
Never noticed that. A flash drive should be transparent enough to allow
multiple partitions and filesystems on it.

> Would it work to, within a single FAT partition for the flash drive,
> create multiple files to use as loopback mounts? I presume this will
> safely offer all the UNIX permissions I need once those loopbacks are
> mounted.
>
It is not necessary at all. Now, you would have to put your fstab on some
unchangeable (cd or whatever) boot media.

> Or any other ideas for how to do persistent r/w storage without using a
> hard drive? I also don't have any network storage, must be local.
>
You can put it all on one or two usb sticks (might need a 1GB version to
store logfiles, but I would at least use a remote syslog server) and get
one of these low-power boards but make sure they boot from usb, and use the
noatime and plenty of ram, with write cache to minimize actual
write-to-flash cycles. Low-power boards may even be powered by DC from a
buffer accumulator-electronic transformer combination.
--
Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
detected penguin patterns on mousepad. Partition scan in progress
*to*remove*offending*incompatible*products.**React ivate*MS*software.
Linux woodpecker.homnet.at 2.6.11-mm1[LinuxCounter#295241,ICQ#4918962]

On 2005-03-08, Jem Berkes <jb@users.pc9.org> wrote:

> Zip sounds like another possibility, then. I don't have any experience with
> the devices personally. Do they tend to be resistant to corruption? For
> instance, I really wouldn't trust a floppy disk for r/w over long periods
> -- add to that the possibility of abrupt power loss. Do Zip drives tend to
> corrupt data in such situations?

I've heard good and bad about Zip. I've used them lightly for a few
years now, and haven't had any difficulty--certainly not as bad as
regular floppies. But YMMGV[0].

--keith

[0] your mileage may greatly vary

--
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

On Tue, 08 Mar 2005 06:11:56 +0000, Jem Berkes wrote:

>>> Or any other ideas for how to do persistent r/w storage without using
>>> a hard drive? I also don't have any network storage, must be local.
>>
>> Have you considered something like a Zip drive? It'll be dog-slow, but
>> you said you don't really need speed. (I'm assuming that a floppy will
>> be too small; if not, you could use that, maybe with a minix or FAT
>> fs.)
>>
>> In a worst-case scenario, a Zip disk can be ejected from the drive,
>> which may or may not be a feature for your setup.
>
> Zip sounds like another possibility, then. I don't have any experience
> with the devices personally. Do they tend to be resistant to corruption?
> For instance, I really wouldn't trust a floppy disk for r/w over long
> periods -- add to that the possibility of abrupt power loss. Do Zip
> drives tend to corrupt data in such situations?

http://www.iomega.com/software/linuxtools.html

I spent several hundred dollars on Iomega hardware, software and media,
all for windoze platforms. Includes Zip and tape drives. None was ever
really 100% satisfactory in any long-term sense. Could have been (might
have been) all my fault, but anecdotal accounts tell that I have not been
alone in these experiences. It was due to software faults and
incompatibilities. The stuff that I recorded was not reliably
retrievable.

The link above goes to (new) Linux support that was not available the last
time that I used any of their products (a long time ago). This may give
better results than I experienced. Their Linux products may be far better
than the windoze junk that I struggled with, and if it works for you then
more power to you. I have hardware to sell you cheap. e-mail me at wtnsp
pghmail com if you want to buy it all. _I'll_ _*never*_ spend another
minute trying to make it work for me.

The hardware and the media were OK I think(, but you might want to read
grc.com on this.). The windoze software was junk, crap and puke from the
start and it was worse than a scam because I entrusted my data to it/them.
And I lost my data and my money. Send me address and offer and shipping
costs for a zip drive and a tape drive (software included if I can find
it) including any attached cables and docs that I can find. Ask for more
details as you wish.

Price it out and make an offer. Media will go into the fire, thank you.
If your offer doesn't inspire me the hardware will go into the fire, too.
I don't have room in my short life for junk, junk and more junk.

" --
Fool me once, shame on you. Fool me twice, shame on me. "

The hardware works OK, but I'll never use it again. You can have it if
you want it.

Best wishes.

Jem Berkes <jb@users.pc9.org> wrote:
> I am working on setting up a server that will be locked away in a
> physically inaccessible place, and am trying to take some precautionary
> measures to minimize downtime. The server doesn't have to do much, really
> just a log in server for ssh/ssl/vnc gateway purposes. Minor storage.
>
> I want to have no hard drives on this system.
>
> The bulk of the filesystem can be loaded off of CD-ROMs. This is of course
> read-only and physically unalterable. A reboot would restore the system
> state. Persistent intruders would be (nearly) impossible.
>
> Does anyone have any experience using something like a USB flash drive for
> non-volatile storage on such a setup? I know I could use RAM drives but I
> need persistent storage (log files, home directories) and don't care much
> about speed at all. The disk access will be minor.
>
> As I understand it, many USB flash drives insist on carrying FAT file
> systems. If that is the case then how can I go about introducing multiple
> filesystem mount points within a SINGLE physical flash drive?
>
> Would it work to, within a single FAT partition for the flash drive, create
> multiple files to use as loopback mounts? I presume this will safely offer
> all the UNIX permissions I need once those loopbacks are mounted.
>
> Or any other ideas for how to do persistent r/w storage without using a
> hard drive? I also don't have any network storage, must be local.

You can 'fake' partitions by using losetup with an offset, presuming an
USB key is just a block device (which it is, no?). Generating a
filesystem on such a loopback device is a bit tricky (it will, by
default, extend to the end of the block device - it's probably easiest
to work with loopback-ed files and dd skip=XXX these into place), but
possible.

Once you have the filesystem, just mount /dev/loopX as you would
normally. The filesystem layer will make sure the kernel does not write
'out of bounds'.

Mind you, this scheme is a bit of a hack and I wouldn't recommend trying
to mount it under Windows or somesuch. However, I've tried it with a
mockup (`partitioned' file mounted on a loopback device), and it seems
to work.

I don't really see the benefit over a (removable) hard drive, but it is
possible...

Using files on a FAT partition works as well, presuming the originals
are readable only by root, at least.

I think someone mentioned packet writing - never actually tried it, but
it might be useful for logging (hard to tamper with those logfiles), as
long as you can figure out a way to rotate disks without interrupting
logging (custom logging driver - log to a pipe and have some simple
program listen on that pipe, storing the logs in memory unless they can
be written...)

Joachim

Jem Berkes wrote:
> I am working on setting up a server that will be locked away in a
> physically inaccessible place, and am trying to take some precautionary
> measures to minimize downtime. The server doesn't have to do much, really
> just a log in server for ssh/ssl/vnc gateway purposes. Minor storage.
>
> I want to have no hard drives on this system.
>
> The bulk of the filesystem can be loaded off of CD-ROMs. This is of course
> read-only and physically unalterable. A reboot would restore the system
> state. Persistent intruders would be (nearly) impossible.
>
> Does anyone have any experience using something like a USB flash drive for
> non-volatile storage on such a setup? I know I could use RAM drives but I
> need persistent storage (log files, home directories) and don't care much
> about speed at all. The disk access will be minor.
>
> As I understand it, many USB flash drives insist on carrying FAT file
> systems. If that is the case then how can I go about introducing multiple
> filesystem mount points within a SINGLE physical flash drive?
>
> Would it work to, within a single FAT partition for the flash drive, create
> multiple files to use as loopback mounts? I presume this will safely offer
> all the UNIX permissions I need once those loopbacks are mounted.
>
> Or any other ideas for how to do persistent r/w storage without using a
> hard drive? I also don't have any network storage, must be local.
>

Compact flash card loaded into an IDE adapter?

--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted,
submitted to anti-spam sites and proably burn in hell.

On 8 Mar 2005 06:11:56 GMT, Jem Berkes <jb@users.pc9.org> wrote:
>
> Zip sounds like another possibility, then. I don't have any experience with
> the devices personally. Do they tend to be resistant to corruption? For
> instance, I really wouldn't trust a floppy disk for r/w over long periods
> -- add to that the possibility of abrupt power loss. Do Zip drives tend to
> corrupt data in such situations?

I, personally, wouldn't use a zip in this situation. The physical
media is much like a floppy's. We use them a fair amount for
user-level backup of small sections of data that are fairly rapidly
changing (i.e. a weekly full backup and an incremental or two is not
sufficient). They work pretty well for that, but over time their
performance degrades and the disk eventually becomes unreadable. This
is over a time period where large chunks of the disk are overwritten
on the order of 100-200 times.

On the couple of occasions that I've needed to do something like what
was originally stated, I usually wind up leaving the hard drive in the
system and only partitioning a small fraction of it.


Mike

--
Michael Zawrotny
Institute of Molecular Biophysics
Florida State University | email: zawrotny@sb.fsu.edu
Tallahassee, FL 32306-4380 | phone: (850) 644-0069