2012/6/15 Jean-Christophe Dubacq wrote: >>> This is often seen as not a good move to have a user-writable directory >>> on the system partition(s), since this provides for easy DOS >> >> DoS like what? /tmp on disk have a 5% safety limit available for system, >> user can "DoS" only his own processes, and he can do that anyway. But >> /tmp on tmpfs is even worse move, since it does not have 5% safety. > > 1) With 2TB disks, I certainly do not use 5% any more
How is that? Isn't it a default value for 2TB disks any more? Or you mean that you manually reduced it to e.g. 1%? > 2) Mysql, apache, postfix, all kind of vital systems, do not run as > root. And if /tmp is full (and mounted on /), / is full (and so is > /var). All kind of mayhem may happen there (I have seen it). You talk about mysql/apache/postfix, so I assume you mean a server. And since it's about users filling /tmp I assume it's a multiuser server (or rather at-least-one-user server). Then putting /tmp on tmpfs is a bad idea there, because doing that will force users to use /var/tmp for large files and will (not "can", but "will", since /var/tmp is not cleaned) eventually fill /var partition, which is exactly what you need to prevent. To solve this problem I can suggest: 1. Leave /tmp on /, but have separate /var partition (common for servers), filling /tmp will not fill /var then. Optionally symlink /var/tmp to /tmp. 2. Have *both* /tmp and /var/tmp mount-bound to /home/tmp. 3. Configure quotas for /tmp, wherever it is. Obviously it must be on disk, quotas don't work for tmpfs (it's just ~5 commands to set up quotas). These do not solve the problem completely, there other ways to fill /var without using /tmp. But it should at least save it from accidental fill. And they don't need tmpfs-like resizes. :) >>> (even involuntary; I know of people daily working with 30GB files, and >>> this easily fills the / partition). >> >> Is there anything better for them than /tmp on disk? If it's a desktop with >> single disk I would suggested them a single root partition (with /tmp on it). >> If it's a server with small root but large /home on RAIDs then I would >> mount-bind /tmp to /home/tmp... > > Learning not to use /tmp to place large files. Setting TMPDIR=/home/tmp > is a start, indeed. Hm. But that's almost the same as mount-bind /tmp to /home/tmp. Actually mount-bind is even better, because you don't have to explain users when they should set TMPDIR, just say "Use default (/tmp) and don't worry, admins will decide on which partition/ram/swap the files will end up". -- Serge -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caovenepobubu0gr6ewqeuk5fabsbt8zqnperedvd2ap5rup...@mail.gmail.com