Disk Partitions and Backups 229 frequently tripling or quadrupling the tape used for backups. Another addi- tional cost of running a Unix system. Partitions: Twice the Fun Because of Unix’s tendency to trash its own file system, early Unix gurus developed a workaround to keep some of their files from getting regularly trashed: partition the disk into separate spaces. If the system crashes, and you get lucky, only half your data will be gone. The file system gets trashed because the free list on disk is usually incon- sistent. When Unix crashes, the disks with the most activity get the most corrupted, because those are the most inconsistent disks—that is, they had the greatest amount of information in memory and not on the disk. The gurus decided to partition the disks instead, dividing a single physical disk into several, smaller, virtual disks, each with its own file system. The rational behind disk partitions is to keep enough of the operating sys- tem intact after a system crash (a routine occurrence) to ensure a reboot (after which the file system is repaired). By the same reasoning, it was bet- ter to have a crashing Unix corrupt a user’s files than the operating system, since you needed the operating system for recovery. (Of course, the fact that the user’s files are probably not backed up and that there are copies of the operating system on the distribution tape have nothing to do with this decision. The originalversion of Unix sent outside of Bell Labs didn’t come on distribution tapes: Dennis Ritchie hand-built each one with a note that said, “Here’s your rk05, Love, Dennis.” (The rk05 was an early removable

230 System Administration disk pack.) According to Andy Tannenbaum, “If Unix crapped on your rk05, you’d write to Dennis for another.”)1 Most Unix systems come equipped with a special partition called the “swap partition” that is used for virtual memory. Early Unix didn’t use the file system for swapping because the Unix file system was too slow. The problem with having a swap partition is that the partition is either too small, and your Unix craps out when you try to work on problems that are too large, or the swap partition is too large, and you waste space for the 99% of the time that you aren’t running 800-megabyte quantum field dynamics simulations. There are two simple rules that should be obeyed when partitioning disks:2 1. Partitions must not overlap. 2. Each partition must be allocated for only one purpose. Otherwise, Unix will act like an S&L and start loaning out the same disk space to several different users at once. When more than one user uses “their” disk space, disaster will result. In 1985, the MIT Media Lab had a large VAX system with six large disk drives and over 64 megabytes of memory. They noticed that the “c” partition on disk #2 was unused and gave Unix permission to use that partition for swapping. A few weeks later the VAX crashed with a system panic. A day or two after that, somebody who had stored some files on disk #2 reported file cor- ruption. A day later, the VAX crashed again. The system administrators (a group of three undergraduates) eventually discovered that the “c” partition on disk #2 overlapped with another parti- tion on disk #2 that stored user files. This error lay dormant because the VAX had so much memory that swap- ping was rare. Only after a new person started working on a large image- processing project, requiring lots of memory, did the VAX swap to the “c” partition on disk #2. When it did, it corrupted the file system—usually resulting in a panic. 1Andy Tannenbaum, “Politics of UNIX,” Washington, DC USENIX Conference, 1984. (Reprinted from a reference in Life With Unix, p. 13) 2Indeed, there are so many problems with partitioning in Unix that at least one ven- dor (NeXT, Inc.) recommends that disks be equipped with only a single partition. This is probably because NeXT’s Mach kernel can swap to the Unix file system, rather than requiring a special preallocated space on the system’s hard disk.