[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: putting "/tmp" to memory help

On Sun, 2011-01-23 at 05:47 -0800, kellyremo wrote:
> "to memory" means: mounting a ~2 GByte filesystem [ tmpfs?, or
> ramfs? ], and put the "/tmp" on it. [ e.g.: 4 GByte ram in the pc ].
> what to write in the "/etc/fstab"?
> I would like to collect the [ answers too:P ]:
> Advantages:
> - Memory is way faster then HDD/SSD, so it could speed things up
> - "SSD amortization" is less
> Disadvantages: 
> - Security? [ how to set this up to be secure? any clear howtos/links
> regarding it? :O ]
> Really thank you for any good help...
Another advantage you have is that it is on a separate partition and one
can thus remove many of the attack vectors used to run malicious
software.  For example, we run ours with:
none    /tmp            tmpfs   size=128m,mode=1777,noexec,nosuid,nodev 0 0

The noexec,nosuid,nodev apparently does a good job of stopping malware
from running in /tmp.  However, it also keeps legitimate execution from
happening in /tmp.  For example, before we install or update packages,
we need to remount it exec,suid,dev (probably just the first two are
necessary) in order for the package configuration scripts to run - John

Reply to: