Ubuntu – Partitioning /home for desktop workstation (HDD+SSD)

filesystemhome-directorymountpartitioninguser-management

I just switched my wife's home computer to Ubuntu 18.04 from Windows 10, and she's liking the transition so far. It's an Ubuntu-only machine (no dual boot, only one OS distro, may need to set up a VM for certain Windows-specific applications).

One last thing to figure out and set up is how to handle the two drives (480GBb SSD, 1TB HDD). Tried installing with LVM enabled, but ran into the lvmetad issue and had to go with standard ext4 partitions (i.e., just /efi and / on the SSD, single unmounted ext4 partition on the HDD that has the archive of her user data). She has almost 500gb of archaeological research data (many confidential/proprietary photos, .pdf's, and other data files) that would obviously overwhelm the SSD.

I'm trying to figure out how to set up so that /home stays on the ssd (for speed, etc), with the bulk of the archival on the HDD. I'm not sure I want to just mount the HDD (e.g., as /archive) with links to /home, though, since I want whatever is pushed off to the HDD to also be exclusively part of her user space (i.e., not just generic storage accessible/visible to any other user account). Ideally, what I want is to create a subspace of ~/home on the HDD and have it usable and understandable to someone that has no interest in filesystem management and needs it to "just work" so that she can get to her data.

So far, all the two+ drive solutions I've seen just mount the HDD as bulk storage symlinked under /home, sets up /home as an LVM pseudo-RAID across the two (opinions vary whether that is a good idea, and lvmetad prevents it for now anyway), or sets up an actual RAID (which I don't want to get into).

Unfortunately, all of this a hair beyond my understanding of Linux filesytems and it is very possible that I'm just not understanding this all correctly.

Desired setup:

  • Allow setup of multi-user system, with \home on the SSD and individual user access to large-file storage on the HDD
  • user files and directories on HDD accessible only to that user, and linked under the user's /home
  • /home/[user]/[extra storage] on the SSD linked to [hdd mount point]/[user] visible/accessible only to [user] as ~/[extra storage]
  • quotas not necessary but possible storage for space on the HDD

Basically, separate and secure individual user shares on the bulk storage device — extending the user's home directory — without pushing all of /home to that second device.

Is there a way to set up what I'm describing, or can someone please point out where my thinking about the user filesystem structure is off-base?

Best Answer

The following steps describe how to mount the partition on your HDD below /mnt/archive and then add bind mounts to the home directories of two users, alice and bob. The home directories themselves are still on another partition.

All commands must be issued as user root.

  1. Determine UUID of archive partition:

    lsblk -fs
NAME      FSTYPE      LABEL       UUID                                 MOUNTPOINT
sda5      ext4        slash       467ddc36-vvvv-xxxx-yyyy-zzzzzzzzzzzz /
└─sda                                                                  
sda6      ext4        home        a87c2c2d-vvvv-xxxx-yyyy-zzzzzzzzzzzz /home
└─sda                                                                  
sdb8      ext4        archive     291bd44c-vvvv-xxxx-yyyy-zzzzzzzzzzzz 
└─sdb                                                                  
...

    In my case, I have / and /home on sda and an unmounted partition labelled archive on sdb8. For the purpose of this post we assume sda is an SSD and sdb is an HDD.

  2. Mount the archive partition into an empty directory, say /mnt/archive:

    mkdir /mnt/archive
mount UUID=291bd44c-vvvv-xxxx-yyyy-zzzzzzzzzzzz /mnt/archive
chown root:root /mnt/archive
chmod 750 /mnt/archive

  3. Create user specific folders below /mnt/archive (i.e. on the HDD) for users alice and bob and adjust the permissions so that only they can access these directories. Note that the directories are now on the partition archive on the HDD:

    mkdir /mnt/archive/alice
chown alice:alice /mnt/archive/alice
chmod 750 /mnt/archive/alice

mkdir /mnt/archive/bob
chown bob:bob /mnt/archive/bob
chmod 750 /mnt/archive/bob

  4. Create archive folders in their home directories. Don't worry because the directories are owned by root. This does not hurt because alice isnt't supposed to put anything in that directory. The directory /home/alice/archive only serves as a location where to bind-mount the actual /mnt/archive/alice to and when it is mounted, the permissions and ownership of /mnt/archive/alice apply.

    mkdir /home/alice/archive
mkdir /home/bob/archive

  5. bind mount /mnt/archive/alice to /home/alice/archive:

    mount -o bind /mnt/archive/alice /home/alice/archive
mount -o bind /mnt/archive/bob /home/bob/archive

  6. When satified, add the following lines to /etc/fstab to mount the partition automatically upon boot:

    # The /archive partition
UUID=291bd44c-vvvv-xxxx-yyyy-zzzzzzzzzzzz /mnt/archive  ext4 defaults  0  2

# bind mounts for alice and bob:
/mnt/archive/alice /home/alice/archive  none  bind  0  0
/mnt/archive/bob   /home/bob/archive    none  bind  0  0

Before the bind mount is done, alice will just see a directory owned by root in her home directory. The directory is empty and she cannot (and should not) put files in there:

alice@ubuntu:~$ ll
total 16
drwxr-xr-x 2 root  root  4096 Jan 25 12:51 archive
-rw-r--r-- 1 alice alice 8980 Jan 25 12:43 examples.desktop

After the bind mount is done (mount -o bind /mnt/archive/alice /home/alice/archive), alice will see the directory /mnt/archive/alice in her home directory instead, including the permissions of /mnt/archive/alice:

alice@ubuntu:~$ ll
total 16
drwxr-x--- 2 alice alice 4096 Jan 25 13:06 archive
-rw-r--r-- 1 alice alice 8980 Jan 25 12:43 examples.desktop

She can do whatever she likes in and with that archive directory and everything will happen on the partition on the HDD.

To undo the above steps, use the following commands:

# undo bind-mounts:
umount /home/alice/archive
umount /home/bob/archive

# unmount actual partition:
umount /mnt/archive
Related Question