Linux mount tmp directory

tmpfs

tmpfs is a temporary filesystem that resides in memory and/or swap partition(s). Mounting directories as tmpfs can be an effective way of speeding up accesses to their files, or to ensure that their contents are automatically cleared upon reboot.

Contents

Usage

Some directories where tmpfs(5) is commonly used are /tmp, /var/lock and /var/run. Do not use it on /var/tmp, because that folder is meant for temporary files that are preserved across reboots.

Arch uses a tmpfs /run directory, with /var/run and /var/lock simply existing as symlinks for compatibility. It is also used for /tmp by the default systemd setup and does not require an entry in fstab unless a specific configuration is needed.

glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for POSIX shared memory. Mounting tmpfs at /dev/shm is handled automatically by systemd and manual configuration in fstab is not necessary.

Generally, tasks and programs that run frequent read/write operations can benefit from using a tmpfs folder. Some applications can even receive a substantial gain by offloading some (or all) of their data onto the shared memory. For example, relocating the Firefox profile into RAM shows a significant improvement in performance.

Examples

By default, a tmpfs partition has its maximum size set to half of the available RAM, however it is possible to overrule this value. To explicitly set a maximum size, in this example to override the default /tmp mount, use the size mount option:

To specify a more secure mounting, specify the following mount option:

See the tmpfs(5) man page and Security#File systems for more information.

Reboot for the changes to take effect. Note that although it may be tempting to simply run mount -a to make the changes effective immediately, this will make any files currently residing in these directories inaccessible (this is especially problematic for running programs with lockfiles, for example). However, if all of them are empty, it should be safe to run mount -a instead of rebooting (or mount them individually).

After applying changes, verify that they took effect by looking at /proc/mounts and using findmnt :

The tmpfs can also be temporarily resized without the need to reboot, for example when a large compile job needs to run soon. In this case, run:

Disable automatic mount

Under systemd, /tmp is automatically mounted as a tmpfs, if it is not already a dedicated mountpoint (either tmpfs or on-disk) in /etc/fstab . To disable the automatic mount, mask the tmp.mount systemd unit.

Files will no longer be stored in a tmpfs, but on the block device instead. The /tmp contents will now be preserved between reboots, which might not be the desired behavior. To regain the previous behavior and clean the /tmp folder automatically when restarting, consider using tmpfiles.d(5) :

Troubleshooting

Opening symlinks in tmpfs as root fails

Considering /tmp is using tmpfs, change the current directory to /tmp , then create a file and create a symlink to that file in the same /tmp directory. Permission denied errors are to be expected when attempting to read the symlink due to /tmp having the sticky bit set.

Источник

Linux: Create /tmp And Mount as Partition File With the noexec, nosuid, And nodev

H ow do I mount /tmp as a separate filesystem (/root/images/tmpfile.bin) with the noexec,nosuid, nodev options under Linux like operating systems?

Linux and Unix like operating system can mount system partitions with additional options. These options can cane enhances the security of your server. These options are set in the file /etc/fstab. You can use the following option to control malicious behavior or make it difficult for attackers to exploit your server:

Tutorial details
Difficulty level	Intermediate
Root privileges	Yes
Requirements	Linux
Est. reading time	N/A

1. nodev – Do not interpret character or block special devices on the file system.
2. noexec – Do not allow direct execution of any binaries on the mounted filesystem.
3. nosuid – Do not allow set-user-identifier or set-group-identifier bits to take effect.

Commands

First, create a file called /root/images/tmpfile.bin as follows :
# mkdir -p /root/images/
# dd if=/dev/zero of=/root/images/tmpfile.bin bs=1 count=0 seek=4G

Format the file system using the mkfs.ext4 command:
# mkfs.ext4 /root/images/tmpfile.bin
Sample outputs:

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Add nodev, nosuid, and noexec options and mount the file system at /tmp
# mount -o loop,rw,nodev,nosuid,noexec /root/images/tmpfile.bin /tmp
# chmod 1777 /tmp

Type the following command to bind mount the /var/tmp directory onto /tmp:
# mount -o rw,noexec,nosuid,nodev,bind /tmp /var/tmp

Update /etc/fstab

Edit the file /etc/fstab , enter:
# vi /etc/fstab
Modify /tmp line as follows:

Append the following line:

Save and close the file.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

appears that after a reboot the partitions get unmounted despite that i edited on fstab, any clue why?

Great writeup. Small error: When modifying the /etc/fstab, you don’t want to bind-mount the file to /tmp because its not a directory. The line should actually look like:
/root/images/tmpfile.bin /tmp ext4 rw,noexec,nosuid,nodev,bind 0 0

Great writeup. Small error: When modifying the /etc/fstab, you don’t want to bind-mount the file to /tmp because its not a directory. The line should actually look like:
/root/images/tmpfile.bin /tmp ext4 rw,noexec,nosuid,nodev 0 0

Sorry about posting twice. First comment had an error

In addition to Ben’s comment, you may also need to add the loop option for the file system to mount correctly at boot. You may be getting errors such as:

mount: /root/images/tmpfile.bin is not a block device (maybe try `-o loop’?)

To fix, just change the line in /etc/fstab to:

/root/images/tmpfile.bin /tmp ext4 loop,rw,noexec,nosuid,nodev 0 0

Also, you can check the fstab file with the command:

Fix any errors before rebooting so that your new tmp will be mounted at boot

Источник

Manage the Linux /tmp directory like a boss

More Linux resources

By a show of hands, how many of you like to reboot your servers? I don’t see any hands.

Long uptimes are impressive, aren’t they? It makes you one of the cool kids to brag about your 853-day uptime on a production system. What’s not so cool is that your users like to use /tmp as their personal dumping ground without regard for the overall system’s health, or your uptime bragging rights. And rebooting doesn’t get rid of user files, only system ones—even that relief is temporary until services restart and users open applications.

Note: An exception to not deleting user temp files after a reboot is to enable tmp.mount , but that’s a topic for a different article. Plus, there are system housekeeping scripts in place for RHEL 7 and later.

It’s impossible to force users to comply with the policy of removing files from the /tmp directory in a timely manner. So, what’s a frustrated system administrator to do when you have dozens, hundreds, or even thousands of /tmp directories and users to deal with? The answer is to deploy user file housekeeping scripts.

You can create housekeeping scripts and place them in crontab to periodically remove user files from the /tmp directory. It’s an unfortunate but necessary service to provide for your users. Most seasoned system administrators will tell you that you shouldn’t remove files from /tmp unless you know that they’re not being used, though. That’s good advice. Some services write lock files to /tmp , some applications use it, and users use it. So, how do you determine which files your housekeeping script can sweep away without any issue?

How about filtering files by last accessed time? It’s a good choice if you have a time limit on files left in /tmp . For example, if you warn your users that files left in the /tmp directory will be removed if they haven’t been accessed in two days, on a rolling basis, they should take notice. Using the last accessed time for user files solves the problem if you also exclude files owned by the root user. For example, use:

find /tmp -type f \( ! -user root \) -atime +2

This script displays all files in the /tmp directory not owned by root that have been accessed more than two days ago. Now to add the command’s removal switch:

find /tmp -type f \( ! -user root \) -atime +2 -delete

Copy that text into a file, make it executable, and create a crontab entry that runs this script every eight hours. For example, you might add this to your crontab :

This script and schedule ensure that your /tmp directory is kept relatively free of garbage. It isn’t foolproof, however. If a user decides to dump a huge amount of data into the /tmp directory, this action can cause other problems, such as not being able to log into the system via SSH.

Maintaining the /tmp directory isn’t easy. Users love to dump files into /tmp and leave them there indefinitely. Fortunately, for repeat offenders, there’s always the possibility of locking their account or sending a strongly worded email about losing access to a system until the matter is cleared through their manager. These tactics usually get the user’s attention and further offenses are rare.

Источник

When to mount /tmp (and other temporary directories)

When is the right time to mount /tmp (on Debian)? For /home I would not feel bad just to echo «/dev/foo /home type defaults 0 0» >>/etc/fstab — but can I be sure that /tmp is not used by any programs when the fstab is applied?

I am using either Ubuntu or plain Debian or Debian/Grml — this would not make much difference I guess.

What I have read so far:

The internet is full of advice to just add tmpfs /tmp tmpfs 0 0 — but I am unsure.

I found this answer on what to do when /tmp is full without rebooting (in short: It’s best to reboot anyway, except maybe for a union mount).

The [Deban policy] does not explain where to add the mount, or when the first access to /tmp may happen. More helpful are /etc/init.d/README and /etc/rcS/README on my Ubuntu (read them online).

Background: I am going to use some Debian flavor on my Netbook (no HD, 8 GB SSD, 1 GB RAM — will double the RAM when neccessary). I am not low on memory. Some tasks are much too slow (building medium-sized C programs or compiling PDF from TeX both take 5+ seonds), but they take no time on a tmpfs. I want to mount a tmpfs on /tmp to accelerate them.

4 Answers 4

This doesn’t appear to be explicitly specified by the Debian policy, but Debian does support making /tmp a separate filesystem (as well as /home , /var and /usr ). This is traditionally supported by unix systems. And I can confirm that making /tmp a tmpfs filesystem, and mounting it automatically via /etc/fstab , does work on Debian.

There is some difficulty in transitioning to /tmp on tmpfs on a live system, because of the files that are already in /tmp and cannot be copied. But no file in /tmp is expected to be saved across reboots. It is safe to mount a different filesystem to /tmp at the time the partitions in /etc/fstab are mounted.

In general, you should telinit 1 before mounting over your current /tmp directory. In single-user mode, there should be no files in /tmp that are required for system operation, so you should be able to clean out the directory, unmount it (if it’s a separate partition), and then mount something else at that mount point before returning to multi-user mode.

To ensure /tmp is not in use:

1. When /tmp is a mounted filesystem, fuser -m /tmp will verify that no processes are currently using the mount point before you modify it.
2. When /tmp is not a separate filesystem, find /tmp -print0 | xargs -0 fuser will give you similar results.

You might also consider mounting a separate tmpfs filesystem, and exporting TMPDIR (or your compiler’s similar environment variables) to make use of it. That would give you the benefit of a tmpfs scratch space without requiring system-wide changes.

Источник