Hello members of StackExchange,
I am running a Debian 8.0 server with Full-Disk-Encryption and while I was doing some hardening I went through the /etc/fstab
and I was wondering if some partitions were really necessary to be mounted automatically.
After some research I found out that apparently it is not necessary to auto-mount the /boot
partition since it is being read otherwise and I would not want some program potentially writing in this rather critical area.
But since my filesystem is encrypted, I am not sure if that is still the case and if in general that answer was correct.
I would be happy if someone could give me an answer on that.
Thanks in advance!
The
/boot
partition, while not strictly need for system startup, is an important one and should be mounted. Let me do two simple examples of when it is needed:1) Kernel recompile: you will find that your boot partition hosts some files called
config-*
. These files describe the kernel configuration, and are re-read when issuingmake menuconfig
(and similar) when recompiling your kernel. While it is true that this is not the only method to store kernel configuration, it surely is one of the most used/common.2) Upgrades: when you upgrade your distro, the packet manager will eventually download a new kernel and install it under
/boot
. If/boot
is not mounted, these boot files will be placed in the wrong filesystem and Grub will not recognize them.In the end, while you surely can have a running system without
/boot
, this is not a good idea. At least, you should always mount it when needed - if you know that.