6

I'm a bit confused about what goes inside /srv and looking for good practices about its usage on Debian.

Acording to the FHS: "/srv contains site-specific data which is served by this system".

However I'm not sure if things like MySQL data files, munin's rrd files and stuff like that can/should be stored in /srv since they are not "served" directly.

I'm not asking if it's possible or how can it be accomplished, I'm asking about your experiences and good practices.

Cristian Ciupitu
  • 6,226
  • 2
  • 41
  • 55
L. Lopez
  • 93
  • 4

1 Answers1

6

I personally use the /srv hierarchy to serve:

  • web server static content under /srv/www. In Debian (and RHEL derivatives) where SELinux compliance is important, this path is listed as httpd_sys_content by default:

    /srv/([^/]*/)?www(/.*)? all files  system_u:object_r:httpd_sys_content_t:s0

  • NFSv4 exports. These filesystems are mounted under var/exports and bind-mounted under /srv/nfsv4/$export, and /srv/nfsv4 is configured to be the fsid=0. This path is also considered in the default SELinux policy:

    /srv/([^/]*/)?nfsv4(/.*)? all files  system_u:object_r:nfs_t:s0

  • in Debian systems (i.e., no cobbler) I used to host all my tftp structure for provisioning, under /srv/tftpd/.

Another usual practice is to dedicate a logical volume to each of these services, this way you can specify mount options to help hardening your system, e.g., by mounting /srv/tftpd with ro,nodev,nosuid,noexec.

dawud
  • 14,918
  • 3
  • 41
  • 61
  • Thanks for your comments and recomendations, they are very useful. What about other data like mysql databases or git repositories? Do you consider it srv material? – L. Lopez Sep 26 '13 at 08:16
  • WRT `git`, that's a very personal choice, and depends on whether you use `gitblit`, `gitolite` or any other management tool. I have used `/srv/git` to host repos using plain `git` and `git-shell` + pubkey auth in the past and still do in boxes with low resources or not very demanding environments. WRT MySQL, I don't think it fits this definition of "site-specific data to be served", as it is not _served_, but rather used through the MySQL engine process. – dawud Sep 26 '13 at 08:59
  • Did you mean `/var/exports`? Also, what happens if you want to share something that's not mounted under it, e.g. `/mnt/cdrom` or `/media/cdrom`? – Cristian Ciupitu Apr 20 '14 at 00:30
  • I usually use `/var/exports` to mount dedicated LVs for NFSv4. I bind mount them on `/srv/nfsv4`, though. It is not a common requirement in enterprise environments to share a CDROM. – dawud Apr 20 '14 at 07:21
  • @dawud, why not mount them directly under `/srv/nfs4`? – Cristian Ciupitu Apr 21 '14 at 14:16