Originally Posted by grey_1
protection from loss of data through breakage rather than hardening an existing install
It's my understanding that setting up separate partitions for /tmp and /var can protect a system if a process begins uncontrollable writes...
/home I'll have on it's own partition anyway, but for backup purposes /home and /etc are really the only *must haves*, but that backing up /etc alone doesn't preserve program updates.
It is indeed useful to have separate /home for number of reasons, but the rest mostly depends on your goals. Separate /home prevents you from rendering your system unusable by filling up /var, and makes it easier to make backups for data that really matters. Having a separate /tmp can also be a good idea, but from my experience it is extremely rare for size of /tmp to become a problem. If you worry about /tmp, you may also want to worry about /var/tmp, which is often used for boot-presistent temporary data.
/etc is probably the most interesting directory after /home. Backing up /etc does not automatically allow you to restore a lost system to its former self. Restoring /etc ofter requires deeper knowledge of the system. Information about (system wide) installed applications is often stored under /var/lib or such, but this is package manager and/or distribution dependant. On Debian-based systems, this information can be easily backed up, but having a copy of /var/lib is not the way. Preserving program updates is more harmful than it is useful. It is often easier and safer to restore a system with no applications than a system with broken or compromised applications.
Best practices depend on your distribution, but as for file system alone, File Hierarchy Standard
is the way to go. Wikipedia links to number of webpages about distribution specific policies.
Finally, you obviously want to run backups on a separate disk, or remote host if possible. Having backups on local disk only protects from innocent accidents (e.g. rm), not from rogue applications (if mounted read-write), or kernel space and hardware failures.
My workstation basically has 32 GiB root (/) and 40 GiB home. The rest of disk is split between /wrk (~518 GiB), Windows (one 100 GiB partition), and an experimental 4 GiB partition to make it easy to play with file systems. /wrk contains non-critical data such as media and games. Only /home and /wrk/pics (i.e. user created data) are backed up. I used to separate /tmp and root filesystem, but I always ended up filling up the other. Then again, disk space is cheap.
My server, on the other hand, has the following partition layout.
2064208 215944 1743408 12% /
tmpfs 496976 0 496976 0% /lib/init/rw
udev 10240 724 9516 8% /dev
tmpfs 496976 0 496976 0% /dev/shm
/dev/sda1 241116 24634 204034 11% /boot
8256952 363400 7809668 5% /home
/dev/mapper/vg00-tmp 2064208 68696 1890656 4% /tmp
/dev/mapper/vg00-usr 4128448 885184 3033552 23% /usr
/dev/mapper/vg00-var 4128448 773712 3145024 20% /var
/dev/mapper/vg00-log 2064208 128284 1831068 7% /var/log
2064208 68772 1890580 4% /var/spool
/dev/mapper/vg00-www 82569904 5496468 75395716 7% /var/www
/dev/mapper/vg00-wrk 130852396 111108952 18414048 86% /wrk
/dev/md0 307663736 199341436 92693872 69% /raid
This layout separates critical system components (/bin, /lib, /etc, mounted under /) from security components (/var/log, also for remote workstation logging), http-server (/var/www, which also runs chrooted) and mail daemon (/var/spool) from the rest of the system. Separate /boot is mostly legacy, but it makes recovering a LVM system much easier. /raid contains RAID-1-mirrored space for workstation backups only. Running backups to such a system is dangerous, but considering current options that's the best I have. /wrk can be remotely mounted and is shared for intra. Technically this layout would allow me to run most of the filesystems read-only, but so far I've been lacking the motivation.