alphawolf50

Well-Known Member
Apr 28, 2011
186
2
68
cPanel Access Level
Root Administrator
A little background... I had been looking into the possibility of placing /tmp on a tmpfs instead of the dedicated partition I had been using. As CentOS 5.9 has come out, I decided to reboot a server in order to utilize the newest kernel. Upon reboot, I noticed that my /etc/fstab had been changed, and that /tmp was now mounted on /usr/tmpDSK instead of the dedicated partition. I don't remember having done anything what would have caused this... but I decided to take this as an opportunity to mount /tmp to on a tmpfs.

I also decided I'd like /var/tmp mounted on the original dedicated /tmp partition. I commented out the associated lines in /etc/fstab, added the desired mounts for /tmp and /var/tmp, and rebooted the server. Upon reboot, /tmp was mounted correctly on tmpfs, but my setting for /var/tmp was overruled, and was mounted on /tmp.

Is there a reason I'm being overruled? How do I prevent this?
 

alphawolf50

Well-Known Member
Apr 28, 2011
186
2
68
cPanel Access Level
Root Administrator
Sooo... should I assume by the lack of response that there is no way to mount /var/tmp separately from /tmp? I'm finding this hard to believe. There's got to be a script somewhere that I can edit or disable. Or do I need to file a feature request?
 

Greenhost

Well-Known Member
Jan 22, 2013
92
0
6
cPanel Access Level
Root Administrator
When you are installing the OS, you can mount /var/tmp separately from /tmp.
Fore installed server I found the answer from md3v.com - check here
1. Stop all services including Plesk, MySQL, Apache, Postgres, SpamAssassin and any other service utilizing the /tmp file system.

2. Copy all of the files in /tmp to a holding directory:

# cp -Rp /tmp /tmp-backup

3. If /tmp is a separate partition on the server, you only need to edit /etc/fstab and add 'noexec' and 'nosuid' options for /tmp (see step 5). Then remount the partition:

# mount -o remount /tmp

If the tmp file is not a separate partition (check using '# df -h') then you will need to follow steps 4 - 10 below. Else, skip to step 11.

4. If /tmp directory resides on / partition, it is better to create new partition for /tmp, for example with size 1 GB:

# cd /var
# dd if=/dev/zero of=tmpMnt bs=1024 count=1048576
# mkfs.ext3 -j /var/tmpMnt

5. Add the string into /etc/fstab:

# cp /etc/fstab /etc/fstab~
# echo “/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0″ >> /etc/fstab

6. Mount new /tmp partition:

# mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

7. /tmp should be chmod 0777:

# chmod 0777 /tmp

8. /tmp ownership should be root:root :

# chown root:root /tmp

9. Copy the old tmp files to the new tmp directory:

# cp -Rp /tmp-backup/* /tmp/
# rm -rf /tmp-backup

10. Remove and re-link old /var/tmp file:

# rm -rf /var/tmp/
# ln -s /tmp/ /var/tmp

11. Confirm that /tmp is mounted with noexec and nosuid:

# mount

Look for: "/dev/sdaX on /tmp type ext3 (rw,noexec,nosuid)"

12. Restart the services you previously shut down.

NOTE: This article was updated on April 5th 2011 to include a more optimized process.
 

alphawolf50

Well-Known Member
Apr 28, 2011
186
2
68
cPanel Access Level
Root Administrator
Hi Greenhost,

Thanks for the response... but that won't solve the problem. The setting for /var/tmp in /etc/fstab is being overruled. I'm assuming cPanel is remounting /var/tmp on /tmp later in the boot process. Also, the instructions you posted essentially mount /var/tmp on /tmp:
Code:
# ln -s /tmp/ /var/tmp
... that's a symbolic link. I appreciate the attempt, but this doesn't help.
 

alphawolf50

Well-Known Member
Apr 28, 2011
186
2
68
cPanel Access Level
Root Administrator
/etc/fstab:
Code:
/dev/VolGroup00/lv_root /                       ext3    defaults,usrquota,noatime        1 1
/dev/VolGroup00/lv_backup /backup               ext4    defaults,nodev,nosuid,noexec,noatime,noauto        1 2
/dev/VolGroup00/lv_home /home                   ext4    defaults,usrquota,nodev,nosuid,noatime        1 2
# /dev/VolGroup00/lv_tmp  /tmp                    ext4    defaults,nodev,noexec,nosuid,relatime        1 2
tmpfs                   /tmp                    tmpfs   nodev,noexec,nosuid,mode=1777,size=1024M                0 0
/dev/VolGroup00/lv_var  /var                    ext4    defaults,usrquota,nodev,nosuid,noatime        1 2
/dev/VolGroup00/lv_usr  /usr                    ext4    defaults,usrquota,nodev,noatime        1 2
LABEL=/boot             /boot                   ext3    defaults,nodev,nosuid,noexec,noatime        1 2
tmpfs                   /dev/shm                tmpfs   noexec,nosuid,ro        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/lv_swap swap                    swap    defaults        0 0
# /tmp             /var/tmp                       ext4    defaults,usrquota,bind,nodev,nosuid,noexec,noauto        0 0
/dev/VolGroup00/lv_tmp  /var/tmp                ext4    defaults,usrquota,nodev,noexec,nosuid,relatime        1 2
# /usr/tmpDSK             /tmp                    ext3    defaults,noauto        0 0
 

alphawolf50

Well-Known Member
Apr 28, 2011
186
2
68
cPanel Access Level
Root Administrator
Hi Greenhost,

There aren't any errors -- after reboot, /var/tmp is not mounted as specified in /etc/fstab as it should be. Instead, it is bind mounted to /tmp. Here's the output of "mount":

Code:
# mount
/dev/mapper/VolGroup00-lv_root on / type ext3 (rw,noatime,usrquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/mapper/VolGroup00-lv_home on /home type ext4 (rw,nosuid,nodev,noatime,usrquota)
tmpfs on /tmp type tmpfs (rw,noexec,nosuid,nodev,mode=1777,size=1024M)
/dev/mapper/VolGroup00-lv_var on /var type ext4 (rw,nosuid,nodev,noatime,usrquota)
/dev/mapper/VolGroup00-lv_usr on /usr type ext4 (rw,nodev,noatime,usrquota)
/dev/sda1 on /boot type ext3 (rw,noexec,nosuid,nodev,noatime)
tmpfs on /dev/shm type tmpfs (ro,noexec,nosuid)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/tmp on /var/tmp type none (rw,noexec,nosuid,bind)
At this point I'm really looking for a cPanel representative to explain why /etc/fstab is being ignored for /var/tmp, and what can be done to prevent this.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
I suspect our securetmp utility is at play here. You can disable this by touching the following file:

/var/cpanel/version/securetmp_disabled

Unfortunately you'll have to do a reboot to determine whether that fixed the problem.
 

XenomediaBV

Well-Known Member
Sep 3, 2009
60
0
56
The Netherlands
cPanel Access Level
Root Administrator
I'm glad to hear that worked for you :)
Just a note. As of cPanel version 11.36 there is no /var/cpanel/version/securetmp_disabled

If you have configured a /tmp partition during your OS installation and secured it through /etc/fstab you might want to symlink /var/tmp to your /tmp mount. Therefore securetmp must be disabled.

Test to see if securetmp is active. If you get the below line it is active:
Code:
# mount
...
/tmp on /var/tmp type none (rw,noexec,nosuid,bind)
To disable do the following:
Code:
# /scripts/securetmp
*** Notice *** No loop module detected
If the loopback block device is built as a module, try running `modprobe loop` as root via ssh and running this script again.
If the loopback block device is built into the kernel itself, you can ignore this message.
Would you like to secure /tmp & /var/tmp at boot time? (y/n) n
securetmp will not be added to system startup at this time.
Would you like to disable securetmp from the system startup? (y/n) y
Would you like to secure /tmp & /var/tmp now? (y/n) n
/tmp & /var/tmp will not be secured at this time.
... and then reboot.

Now the cPanel /var/tmp mount is disabled and you can symlink /var/tmp to /tmp:
Code:
# rm -f /var/tmp
# ln -s /tmp /var/tmp
 

JonTheWong

Active Member
Oct 8, 2013
38
2
58
Montreal, Quebec
cPanel Access Level
Root Administrator
Twitter
Was investigating moving my /tmp system onto a tmpfs in hopes to improve nginx cache / memcache.
i found the securetmp file in /scripts/securetmp or specifically /usr/local/cpanel/scripts/securetmp

While doing my tests on CentOS 6, i noticed that the tmp filesystem was on

/dev/loop0 on /tmp type ext3 (rw,seclabel,nosuid,noexec,relatime,errors=continue,barrier=1,data=ordered)
/dev/loop0 on /var/tmp type ext3 (rw,seclabel,nosuid,noexec,relatime,errors=continue,barrier=1,data=ordered)

I did not find any mention in my fstab but after coming to this post i was able to deduce the location of the file in question.


Just wanted to say thanks for the help in finding the specific file that created the tmp filesystem.