Home / server / Questions / 211838
Accepted
Lekensteyn
Asked: 2010-12-13 15:32:16 +0800 CST

What is the most efficient way to handle /tmp and disk quotas on Linux

  • 772

I'm running a VPS with a webserver (Apache+PHP), a database (MySQL) and smtp server (Exim). OS: Debian Lenny. RAM: 512MB. Using (quota](http://packages.debian.org/lenny/quota).

At the moment, I've /tmp mounted as tmpfs. This is not ideal, as I've only 512MB RAM and thus, /tmp is only 256MB. I've decided to create a 1GB ext3 partition file (or whatever it's called) on /var/tmpdisk. (the decision on using ext3 was made after reading Askubuntu.com: Good filesystem for /tmp?)

For keeping /tmp clean while running, I've found tmpreaper: serverfault.com: Cleanup of /tmp

What would be recommended for quickly wiping /var/tmpdisk, while retaining the quota settings?

Currently, I'm thinking of doing the following on startup (/etc/rc.local?):

  1. Check for the existence of /var/tmpdisk. if it does not exist, run dd if=/dev/zero of=/var/tmpdisk bs=1K count=1000000
  2. Create the ext3 filesystem in /var/tmpdisk. This was the fastest way for me on clearing the "disk". Command: mkfs.ext3 -F /var/tmpdisk
  3. Mount it on /tmp: mount -t ext3 -o loop,rw,nodev,noexec,nosuid,quota /var/tmpdisk /tmp

In this draft, I have not added a way for keeping the quota settings. Any ideas?

linux quota tmp

1 Answers

  1. Best Answer

    Most of my requirements have already been available in Debian.

    By default, /etc/default/rcS sets environment variable TMPTIME=0.

    $ man rcS:

    TMPTIME

    On boot the files in /tmp will be deleted if their modification time is more than TMPTIME days ago. A value of 0 means that files are removed regardless of age. If you don't want the system to clean /tmp then set TMPTIME to a negative value (e.g., -1) or to the word infinite.

    Looking in /lib/init/bootclean.sh, I found out that the quota file './aquota.user(owned by root) is excluded from removing. Conclusion: quota settings will persist during reboots andTMPTIME=0can safely be set in/etc/default/rcS`.

    To keep /tmp clean while running, I installed tmpreaper. To activate it, SHOWWARNING=true should be commented. Furthermore, TMPREAPER_TIME=7d should be uncommented in order to clean files older than 7 days.

    A 1GB temp disk was created and formatted ext3 with:

    # dd if=/dev/zero of=/var/tmpdisk bs=1K count=1000000
# mkfs.ext3 -F /var/tmpdisk

    Mounting it at boot-time required a change in /etc/fstab:

    # /var/tmpdisk /tmp ext3 loop,rw,nosuid,noexec,nodev,quota 0 0

    Since /var/tmpdisk is not a real device, it should be mounted as loop device, hence loop. nosuid,noexec,nodev have been added as a layer of security to prevent common exploit kits from abusing /tmp. Finally, quota enables quota for the disk.

    After modifying /etc/fstab, I ran mount -a to mount the new /tmp disk. Since /tmp should be world-writable, and users should not be able to delete files they do not own, the directory permissions should be changed too:

    # chmod 1777 /tmp

    Activate quotas:

    # quotacheck /tmp
# quotaon /tmp

    Now /tmp fully suits my needs with quotas activated and auto-cleaning junk files. The only thing I have to do is adding quotas for each user by running edquota username.

    • 2