Securing /tmp, /var/tmp, /dev/shm

orkinoks

Verified User
Joined
Dec 24, 2010
Messages
62
Hi,
I used to create seperate partitions for /tmp, /var/tmp, /dev/shm on centos 7 setup till today to mount them with nosuid, noexec options.
Also centos 7 needs /boot to be a seperate partition. So in total, it makes 5 partitions with the "/" root directory. Few days ago, I needed to extend the partition of a centos 7 machine but I was unable to do it since extending a partition requires adding another primary partition and then extend the old one into the new one and it is impossible to create more than 4 primary partitions.
Can any of you describe me how do you overcome this issue in shared hosting machines? I am sure you must be extending disks instead of setting up a new machine for shared host servers, I know you do :)

Kind Regards.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,217
Location
Maastricht
I just never use seperate partitions for /home and /usr when creating a server. So I never have to mess with directory's.

There are sure more, or maybe even better idea's about how to do this. But this is my 2 cents.
So in total, it makes 5 partitions with the "/" root directory.
No it doesn't. There is only 1 partition called / and it's a partition, not a directory if all is correct. Because /boot is not a / partition (or directory) it's a seperate partition.

This is my fairly default setup with directory's:
Code:
[root@server22: ~]# df -h
/dev/md2        1.8T   15G  1.7T   1% /
devtmpfs         16G     0   16G   0% /dev
tmpfs            16G   28K   16G   1% /dev/shm
tmpfs            16G  169M   16G   2% /run
tmpfs            16G     0   16G   0% /sys/fs/cgroup
/dev/loop0      4.6G   20M  4.3G   1% /tmp
/dev/md1        488M  335M  128M  73% /boot
tmpfs           3.2G     0  3.2G   0% /run/user/0
And this explains that in my case there are in fact only 3 partitions made, it's the /etc/fstab, see the /dev/md* because it's a raid system:
Code:
proc /proc proc defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
sysfs /sys sysfs defaults 0 0
/dev/md/0 none swap sw 0 0
/dev/md/1 /boot ext3 defaults 0 0
/dev/md/2                       /                       ext4    defaults,usrquota,grpquota      0 0
/var/tmpMnt   /tmp   ext4   loop,noexec,nosuid,nodev,rw   0   0
Als you can see the /tmp and /dev/shm is still protected. And only a / root partition, a /swap partition and a /boot partition exist.

All directory needed for DA are all created as directory's and not as partitions from within the / root partition. So in this case there is no need to extend space. If your / directory it's full then your disk is full.
And in case of urgency you might take some left over gigabytes which are here given to /dev and /dev/shm and /run. However, it's better to get a new disk then because it won't help for long.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
Hello,

You can have only 4 primary partitions (3 if you decide to have an extended partition), whereas you can have an arbitrary number of logical partitions.

Thus you might need to convert one primary partition to a logical partition first. So you delete /tmp or /var/tmp and create an Extended partition, after it you create logical partitions.

Check what one of our servers has:


Code:
   Device Boot      Start         End      Blocks   Id  System/dev/vda1   *           3         409      204800   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/vda2             409       19133     9437184   83  Linux
/dev/vda3           19133       35778     8388608   83  Linux
/dev/vda4           35778      312077   139254784    5  Extended
/dev/vda5           35780       39941     2097152   83  Linux
/dev/vda6           39943       44104     2097152   82  Linux swap / Solaris
/dev/vda7           44106      208051    82628608   83  Linux
/dev/vda8          208051      312077    52428768+  83  Linux
 

ben29

Verified User
Joined
Jul 20, 2006
Messages
473
Location
isreal
I will recommend you to create partition for that.

and link this folders to /tmp

PM if you need help
 

orkinoks

Verified User
Joined
Dec 24, 2010
Messages
62
Hello,

You can have only 4 primary partitions (3 if you decide to have an extended partition), whereas you can have an arbitrary number of logical partitions.

Thus you might need to convert one primary partition to a logical partition first. So you delete /tmp or /var/tmp and create an Extended partition, after it you create logical partitions.

Check what one of our servers has:


Code:
   Device Boot      Start         End      Blocks   Id  System/dev/vda1   *           3         409      204800   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/vda2             409       19133     9437184   83  Linux
/dev/vda3           19133       35778     8388608   83  Linux
/dev/vda4           35778      312077   139254784    5  Extended
/dev/vda5           35780       39941     2097152   83  Linux
/dev/vda6           39943       44104     2097152   82  Linux swap / Solaris
/dev/vda7           44106      208051    82628608   83  Linux
/dev/vda8          208051      312077    52428768+  83  Linux
I wasn't able to create an extended partition in standard centos GUI setup.
So you are probably creating this structure after the installation of OS and before the directadmin setup right?
 
Top