Debian post installation settings

STATUS: Frozen (2019-11-17)

No more updates for this guide.

Please refer to the TOC page.

This guide shows some post system install steps and tweaks.


Feedbacks from 2nd; add fstab checks by findmnt --verify.

First boot to tweak filesystem

Boot with the encryption password.

  1. "Please unlock disk sdX_crypt": (enter the passphrase of LUKS.)
  2. Login as root then enter rescue.target.
root# systemctl isolate rescue.target
(follow the message and re-login)

Check /var/mail owner and permission

In this method, /var/mail seems not to be configured right.

root# ls -ld /var/mail
drwxrwxr-x 3 root root ... (if this is shown, then,)
root# chown root:mail /var/mail
root# chmod 2775 /var/mail
root# ls -ld /var/mail
drwxrwsr-x 3 root mail (this is correct.)


Stretch 9.9 and buster 10.0.0 ISO image still has this issue.

Setup tmpfs /tmp (optional)

To do this, you should have enough DRAM; the amount depends what you do. Anyway, since this is a modern amd64 case, you at least have 4GB DRAM.


Raspberry Pi 3 which has 1GB DRAM can run Raspbian Chromium with tmpfs /tmp.



root# rm /tmp/* -fr # Be careful!
root# nano /etc/fstab # add a line below
tmpfs /tmp tmpfs noatime,nodev,nosuid,noexec 0 0
root# findmnt --verify # and check it.
root# mount /tmp
root# findmnt # confirm /tmp is tmpfs now, and its mount options.

Commit interval shifting (optional)

Commit interval shifting and data=writeback seems to provide very slight I/O performance improvement.

Add commit=N and data=writeback options if you want.

Basically, stay on 5.

Use small, different prime numbers if you change those commit values.

root# nano /etc/fstab # and edit options
root# findmnt --verify # and check them.
MOUNTPOINT ext4 commit sample values
/home data=writeback # NEVER INCREASE COMMIT VALUE
/var/cache commit=17,data=writeback
/var/mail commit=11
/var/spool commit=7
/var/tmp commit=23,data=writeback

What "man ext4" says about "data=writeback"

It guarantees internal filesystem integrity, however it can allow old data to appear in files after a crash and journal recovery.

So, it is not so much dangerous to apply it on /home, provided you stay on commit=5 (initial value.)


However, those long commit intervals could be potential risk of data loss on power failure, etc.

Hence, you MUST NOT combine longer commit value and data=writeback for "/home", and other important mount points such as "/", "/var", "/var/log", and "/var/spool".

SSD/NVMe TRIM (discard) over LVM over dm-crypt

Debian Buster Status

Buster automatically detect NVMe and add discard option for /etc/crypttab.

root# nano /etc/crypttab # add option "discard"
yourdevice_crypt UUID=<UUID> none luks,discard

root# nano /etc/lvm/lvm.conf # find (Ctrl-W) and change the value.
issue_discards = 1

root# update-initramfs -u # NEVER FORGET THIS!


Every time you edit those settings, you must do update-initramfs -u.

Second boot to setup rest

root# reboot -n


It boot up as emergency mode if there are any mistake. In that case, follow the information displayed and fix them.

Confirm mount points and their options

root# findmnt # don't use ``mount`` for checking.

Confirm TRIM


Do this TRIM manually sometimes (per month or after upgrades.)

root# fstrim -av

Keep proceeding "Next", please.

published: MODIFIED: