[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

2012/6/15 Jean-Christophe Dubacq wrote:

>>> This is often seen as not a good move to have a user-writable directory
>>> on the system partition(s), since this provides for easy DOS
>> DoS like what? /tmp on disk have a 5% safety limit available for system,
>> user can "DoS" only his own processes, and he can do that anyway. But
>> /tmp on tmpfs is even worse move, since it does not have 5% safety.
> 1) With 2TB disks, I certainly do not use 5% any more

How is that? Isn't it a default value for 2TB disks any more? Or you mean
that you manually reduced it to e.g. 1%?

> 2) Mysql, apache, postfix, all kind of vital systems, do not run as
> root. And if /tmp is full (and mounted on /), / is full (and so is
> /var). All kind of mayhem may happen there (I have seen it).

You talk about mysql/apache/postfix, so I assume you mean a server.
And since it's about users filling /tmp I assume it's a multiuser server
(or rather at-least-one-user server). Then putting /tmp on tmpfs is a bad
idea there, because doing that will force users to use /var/tmp for large
files and will (not "can", but "will", since /var/tmp is not cleaned)
eventually fill /var partition, which is exactly what you need to prevent.

To solve this problem I can suggest:
1. Leave /tmp on /, but have separate /var partition (common for servers),
filling /tmp will not fill /var then. Optionally symlink /var/tmp to /tmp.
2. Have *both* /tmp and /var/tmp mount-bound to /home/tmp.
3. Configure quotas for /tmp, wherever it is. Obviously it must be on disk,
quotas don't work for tmpfs (it's just ~5 commands to set up quotas).

These do not solve the problem completely, there other ways to fill /var
without using /tmp. But it should at least save it from accidental fill.
And they don't need tmpfs-like resizes. :)

>>> (even involuntary; I know of people daily working with 30GB files, and
>>> this easily fills the / partition).
>> Is there anything better for them than /tmp on disk? If it's a desktop with
>> single disk I would suggested them a single root partition (with /tmp on it).
>> If it's a server with small root but large /home on RAIDs then I would
>> mount-bind /tmp to /home/tmp...
> Learning not to use /tmp to place large files. Setting TMPDIR=/home/tmp
> is a start, indeed.

Hm. But that's almost the same as mount-bind /tmp to /home/tmp. Actually
mount-bind is even better, because you don't have to explain users when
they should set TMPDIR, just say "Use default (/tmp) and don't worry, admins
will decide on which partition/ram/swap the files will end up".


Reply to: