[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /tmp on multi-FS set-ups, or: block users from using /tmp?



On Sat, May 26, 2012 at 02:32:15PM -0400, Ted Ts'o wrote:
> These days I'd argue that multi-user is such a corner case that it's
> not worth optimizing for it as far as defaults are concerned.  If
> you're trying to run a secure multi-user system, you need to be an
> expert system administrator, keep up with all security patches, and
> even then, good luck to you.  (The reality is that these days, no
> matter what OS you're talking about, shell == root.  And that's
> probably even true on the most unusably locked down SELinux system.)

I work for a company that develops software for shared-hosting
providers.  I can guarantee you that multi-user is far from a corner
case.  We employ 135 people and are growing, as is the shared-hosting
market.

For my personal purposes, tmpfs on /tmp is fine.  For shared-hosting
purposes, tmpfs on /tmp is a DoS waiting to happen.  Many web hosting
companies overprovision their servers (the business is cutthroat) and
memory is very tight.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature


Reply to: