It has often been said that some distributions are bloated or not as minimal as others like Arch, Gentoo, Void or OpenBSD.

Even though most major distributions, either BSD or Linux, can’t really be considered bloated, it can be argued that some desktop-oriented setups or flavors are far from minimal in their default configurations.

Having said that, nothing really stops a user from making a bare bones install that will take very few resources. This principle applies to most major distributions, which often provide minimal installation processes where the system can be tailored to the user’s needs.

In this post, we will try to get a lightweight system using Debian’s readily minimal installation options.

Installing the base system

Doing a netboot install

The easiest way to get a minimal Debian installation is to use the mini.iso file, commonly known as netboot (a portmanteau of network boot). We can download the latest ISO from Debian’s website:


We will be using QEMU to do the installation, so we pass both the ISO file and the destination device (e.g. /dev/sdi) as arguments to the executable:

qemu-system-x86_64 -m 256 -drive file=mini.iso,media=cdrom -drive file=/dev/sdi,format=raw,cache=none

From here on we can use most of the defaults. We just have to make sure nothing is selected during the Software selection step of the installation process:

Debian software selection

Using debootstrap

An alternative option is to use the package debootstrap to create a bare installation. To install the necessary packages in our local system, we run:

sudo apt install debootstrap

Since there is no installer to help us create the partitions, we must create them manually. We can use GParted, fdisk or any other partitioning tool for this:

printf 'o\nn\np\n1\n\n\nw\n' | sudo fdisk /dev/sdi

We must then create an ext4 file system with the command:

sudo mkfs.ext4 /dev/sdi1
mke2fs 1.43.4 (31-Jan-2017)
Creating filesystem with 61049389 4k blocks and 15269888 inodes
Filesystem UUID: 60bb0786-b320-4285-abc0-95efce9ac10b
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done

Now, let’s mount the partition:

sudo mount /dev/sdi1 /mnt/debian

And use debootstrap to copy the base system:

sudo debootstrap --arch amd64 stretch /mnt/debian

This will take a few minutes since it has to download the required packages and copy them on to the disk.

Configuring the system

Now we will chroot into our newly created system to apply some finishing touches. But before doing this, we need to recreate some basic file system hierarchy:

sudo mount -t proc /proc /mnt/debian/proc && \
sudo mount --rbind --make-rslave /dev /mnt/debian/dev && \
sudo mount --rbind --make-rslave /sys /mnt/debian/sys && \
sudo mount --rbind --make-rslave /run /mnt/debian/run

Now we can safely use chroot:

sudo chroot /mnt/debian /bin/bash

First of all, let’s change the hostname:

echo 'debianlight' > /etc/hostname && \
echo -e '\tdebianlight' >> /etc/hosts

By default, /etc/fstab is empty, so we must add the disk with the UUID of the file system we created earlier. We can use the command blkid to see it:

/dev/sdi1: UUID="60bb0786-b320-4285-abc0-95efce9ac10b" TYPE="ext4" PARTUUID="17a30f04-01"

So let’s create the appropriate entry:

cat <<- 'EOF' > /etc/fstab
UUID=60bb0786-b320-4285-abc0-95efce9ac10b / ext4 defaults 0 0

For Debian’s stable release, updates to stuff like virus scanners or timezone data are delivered via the updates repository. Therefore, it’s a good idea to add it to our sources.list:

cat <<- 'EOF' >> /etc/apt/sources.list
deb stretch-updates main

We should also make sure to enable the security updates, especially if this system is to be online. For this, we need to add the repository for Debian’s security team:

cat <<- 'EOF' >> /etc/apt/sources.list
deb stretch/updates main

Let’s get our system up to date:

apt update && apt upgrade --no-install-recommends

A debootstrap installation is mainly used for chroots or containers, therefore it’s missing a few fundamental packages. To have a bootable system, we must install them before we boot the machine for the first time.

First let’s install and configure the locales to avoid some annoying error messages:

apt install --no-install-recommends locales && dpkg-reconfigure locales

Since no timezone is configured, the time and date may be reported erroneously. Let’s fix that:

dpkg-reconfigure tzdata

Of course, we shouldn’t forget about installing a kernel:

apt install --no-install-recommends linux-image-amd64

Also, we have to install a boot loader on our disk (e.g. /dev/sdi) so the system can be booted:

apt install --no-install-recommends grub-pc && update-grub

And replace all entries in grub.cfg with the UUID for our disk:

sed -i 's,root=/dev/sdi[0-9],root=UUID=60bb0786-b320-4285-abc0-95efce9ac10b,' /boot/grub/grub.cfg

At the moment, we are using our system’s network connection inside the chroot, but this won’t be available once we boot this new system by itself. We need to add a configuration for our network card in the /etc/network/interfaces.d directory. Since we are going to test the installation with QEMU, we can use the default interface’s name:

cat <<- 'EOF' > /etc/network/interfaces.d/ens3
allow-hotplug ens3
iface ens3 inet dhcp

In order to login as root, we’ll need to set a password:

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Finally, let’s clean up and exit the chroot so we can boot into our new system:

apt clean; exit

Although first we should cleanly unmount the file hierarchy we previously set up:

sudo umount -R /mnt/debian

Booting the system

Now, let’s boot up with QEMU:

qemu-system-x86_64 -m 256 -drive file=/dev/sdi,format=raw,cache=none -net user,hostfwd=tcp::2222-:22 -net nic

Manually entering commands in QEMU’s console is not very efficient (it’s not possible to copy and paste), so it’s always a good idea to install SSH so we can access the system remotely. After logging in as root, we can install it:

apt install --no-install-recommends ssh

We must also enable root access by modifying /etc/ssh/sshd_config:

cat <<- 'EOF' >> /etc/ssh/sshd_config
PermitRootLogin yes

Once we have rebooted the virtual machine, we should be able to connect from our own machine using SSH:

ssh -p 2222 root@localhost

System resources usage

Let’s see how much of the system’s resources we are using. For instance, for the netboot install:

df -h --output=source,used,target /
Filesystem      Used Mounted on
/dev/sda1       635M /
free -ht | grep ^Total
Total:  240M  26M 168M
dpkg -l | grep ^ii | wc -l

And for the debootstrap install:

df -h --output=source,used,target /
Filesystem      Used Mounted on
/dev/sda1       579M /
free -ht | grep ^Total
Total:  240M  26M 169M
dpkg -l | grep ^ii | wc -l

Not bad! But we can do better.

Avoiding unnecessary packages

Since we are trying to make this system as minimal as possible, we should make sure only the required packages are installed without having to provide the --no-install-recommends option every time:

cat <<- 'EOF' >> /etc/apt/apt.conf.d/99local
APT::Install-Suggests "0";
APT::Install-Recommends "0";

Removing some fluff

Now, we can trim some disk space by deleting unused locales. We can just use a one-liner to do this:

find /usr/share/locale -mindepth 1 -maxdepth 1 ! -name 'en*' -exec rm -r {} \;

To prevent packages from installing unwanted locales, we can force dpkg to ignore them:

cat <<- 'EOF' > /etc/dpkg/dpkg.cfg.d/01_nolocales
path-exclude /usr/share/locale/*
path-include /usr/share/locale/en*

The same thing can be done for documentation files:

find /usr/share/doc -depth -type f ! -name copyright -delete
find /usr/share/doc -empty -delete
rm -rf /usr/share/man /usr/share/groff /usr/share/info /usr/share/lintian /usr/share/linda /var/cache/man

And to prevent them from being installed at all:

cat <<- 'EOF' > /etc/dpkg/dpkg.cfg.d/01_nodocs
path-exclude /usr/share/doc/*
path-include /usr/share/doc/*/copyright
path-exclude /usr/share/man/*
path-exclude /usr/share/groff/*
path-exclude /usr/share/info/*
path-exclude /usr/share/lintian/*
path-exclude /usr/share/linda/*

We can even get more space by removing some unnecessary packages:

apt purge --auto-remove apt-listchanges aptitude aspell* at avahi-autoipd avahi-daemon bc bluetooth debconf-i18n debian-faq* doc-debian eject exim4-base groff iamerican ibritish info installation-report ispell* krb5-locales logrotate manpages modemmanager nano os-prober pcscd ppp popularity-contest reportbug rsyslog util-linux-locales wamerican

To remove old logs, we can run the following command:

find /var/log -type f -cmin +10 -delete

Final comparison

What does our system looks like after all these improvements? Let’s see how the netboot install fares:

df -h --output=source,used,target /
Filesystem      Used Mounted on
/dev/sda1       544M /
free -ht | grep ^Total
Total:  240M  25M 170M
dpkg -l | grep ^ii | wc -l

And for the debootstrap install:

df -h --output=source,used,target /
Filesystem      Used Mounted on
/dev/sda1       503M /
free -ht | grep ^Total
Total:  240M  25M 171M
dpkg -l | grep ^ii | wc -l

We can see that the netboot install adds some extra packages that we could easily remove, although the improvement would be marginal:

apt purge --auto-remove busybox discover kbd keyboard-configuration laptop-detect pciutils task-english

Other tweaks

Removing systemd

If we are no fans of systemd and aren’t using any of its features, we can remove it and install a different init system in its place. For this example, we will install SysV:

apt install --purge --auto-remove --no-install-recommends sysvinit-core

Then, let’s create an inittab file:

cp /usr/share/sysvinit/inittab /etc/inittab

After a reboot using the new init system, we can purge systemd:

apt purge --auto-remove systemd libpam-systemd

To avoid installing any systemd package in the future, we will configure APT accordingly:

cat <<- 'EOF' >> /etc/apt/preferences.d/nosystemd
Package: libsystemd0
Pin: release *
Pin-Priority: 500

Package: *systemd*
Pin: release *
Pin-Priority: -1

Without systemd, we get a slight improvement on memory usage and we also get below the 500MB mark of disk usage:

df -h --output=source,used,target /
Filesystem      Used Mounted on
/dev/sda1       495M /
free -ht | grep ^Total
Total:  240M  21M 96M

Using dropbear

dropbear is a lightweight SSH server designed for small memory environments. We can install it by running:

apt install --no-install-recommends dropbear-run

We must also enable the service so it starts during boot:

sed -i 's,^NO_START=1,NO_START=0,' /etc/default/dropbear

Now, we can remove OpenSSH:

apt purge --auto-remove ssh

Going really minimal

If we are really short on disk space, we can run debootstrap with the --variant=minbase option:

sudo debootstrap --arch amd64 --variant=minbase stretch /mnt/debian

This option, according to debootstrap’s manual page, only installs the essential packages:

Currently, the variants supported are minbase, which only includes essential packages and apt; buildd, which installs the build-essential packages into TARGET; and fakechroot, which installs the packages without root privileges. The default, with no --variant=X argument, is to create a base Debian installation in TARGET.


Along with the usual debootstrap configuration, in order to have a functional environment, we need to install an init system (such as SysV) and some network tools so we can connect to the network:

apt install --no-install-recommends ifupdown iproute2 isc-dhcp-client netbase

In the end, we should be able to shave off a few megabytes of disk space by having less packages than the default debootstrap variant, and also use less memory:

df -h --output=source,used,target /
Filesystem      Used Mounted on
/dev/sda1       453M /
free -ht | grep ^Total
Total:  240M  19M 182M
dpkg -l | grep ^ii | wc -l