Results 1 to 4 of 4

Thread: Securing /tmp, /var/tmp, /dev/shm

  1. #1
    Join Date
    Dec 2010

    Wink Securing /tmp, /var/tmp, /dev/shm

    I used to create seperate partitions for /tmp, /var/tmp, /dev/shm on centos 7 setup till today to mount them with nosuid, noexec options.
    Also centos 7 needs /boot to be a seperate partition. So in total, it makes 5 partitions with the "/" root directory. Few days ago, I needed to extend the partition of a centos 7 machine but I was unable to do it since extending a partition requires adding another primary partition and then extend the old one into the new one and it is impossible to create more than 4 primary partitions.
    Can any of you describe me how do you overcome this issue in shared hosting machines? I am sure you must be extending disks instead of setting up a new machine for shared host servers, I know you do

    Kind Regards.

  2. #2
    Join Date
    Jul 2008
    I just never use seperate partitions for /home and /usr when creating a server. So I never have to mess with directory's.

    There are sure more, or maybe even better idea's about how to do this. But this is my 2 cents.
    So in total, it makes 5 partitions with the "/" root directory.
    No it doesn't. There is only 1 partition called / and it's a partition, not a directory if all is correct. Because /boot is not a / partition (or directory) it's a seperate partition.

    This is my fairly default setup with directory's:
    [root@server22: ~]# df -h
    /dev/md2        1.8T   15G  1.7T   1% /
    devtmpfs         16G     0   16G   0% /dev
    tmpfs            16G   28K   16G   1% /dev/shm
    tmpfs            16G  169M   16G   2% /run
    tmpfs            16G     0   16G   0% /sys/fs/cgroup
    /dev/loop0      4.6G   20M  4.3G   1% /tmp
    /dev/md1        488M  335M  128M  73% /boot
    tmpfs           3.2G     0  3.2G   0% /run/user/0
    And this explains that in my case there are in fact only 3 partitions made, it's the /etc/fstab, see the /dev/md* because it's a raid system:
    proc /proc proc defaults 0 0
    devpts /dev/pts devpts gid=5,mode=620 0 0
    tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
    sysfs /sys sysfs defaults 0 0
    /dev/md/0 none swap sw 0 0
    /dev/md/1 /boot ext3 defaults 0 0
    /dev/md/2                       /                       ext4    defaults,usrquota,grpquota      0 0
    /var/tmpMnt   /tmp   ext4   loop,noexec,nosuid,nodev,rw   0   0
    Als you can see the /tmp and /dev/shm is still protected. And only a / root partition, a /swap partition and a /boot partition exist.

    All directory needed for DA are all created as directory's and not as partitions from within the / root partition. So in this case there is no need to extend space. If your / directory it's full then your disk is full.
    And in case of urgency you might take some left over gigabytes which are here given to /dev and /dev/shm and /run. However, it's better to get a new disk then because it won't help for long.
    Greetings, Richard.

  3. #3
    Join Date
    Apr 2005
    GMT +7.00

    You can have only 4 primary partitions (3 if you decide to have an extended partition), whereas you can have an arbitrary number of logical partitions.

    Thus you might need to convert one primary partition to a logical partition first. So you delete /tmp or /var/tmp and create an Extended partition, after it you create logical partitions.

    Check what one of our servers has:

       Device Boot      Start         End      Blocks   Id  System/dev/vda1   *           3         409      204800   83  Linux
    Partition 1 does not end on cylinder boundary.
    /dev/vda2             409       19133     9437184   83  Linux
    /dev/vda3           19133       35778     8388608   83  Linux
    /dev/vda4           35778      312077   139254784    5  Extended
    /dev/vda5           35780       39941     2097152   83  Linux
    /dev/vda6           39943       44104     2097152   82  Linux swap / Solaris
    /dev/vda7           44106      208051    82628608   83  Linux
    /dev/vda8          208051      312077    52428768+  83  Linux

  4. #4
    Join Date
    Jul 2006
    I will recommend you to create partition for that.

    and link this folders to /tmp

    PM if you need help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts