The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Separating /var/tmp from /tmp

Discussion in 'General Discussion' started by alphawolf50, Jan 20, 2013.

  1. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    A little background... I had been looking into the possibility of placing /tmp on a tmpfs instead of the dedicated partition I had been using. As CentOS 5.9 has come out, I decided to reboot a server in order to utilize the newest kernel. Upon reboot, I noticed that my /etc/fstab had been changed, and that /tmp was now mounted on /usr/tmpDSK instead of the dedicated partition. I don't remember having done anything what would have caused this... but I decided to take this as an opportunity to mount /tmp to on a tmpfs.

    I also decided I'd like /var/tmp mounted on the original dedicated /tmp partition. I commented out the associated lines in /etc/fstab, added the desired mounts for /tmp and /var/tmp, and rebooted the server. Upon reboot, /tmp was mounted correctly on tmpfs, but my setting for /var/tmp was overruled, and was mounted on /tmp.

    Is there a reason I'm being overruled? How do I prevent this?
     
  2. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Sooo... should I assume by the lack of response that there is no way to mount /var/tmp separately from /tmp? I'm finding this hard to believe. There's got to be a script somewhere that I can edit or disable. Or do I need to file a feature request?
     
  3. Greenhost

    Greenhost Well-Known Member

    Joined:
    Jan 22, 2013
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    When you are installing the OS, you can mount /var/tmp separately from /tmp.
    Fore installed server I found the answer from md3v.com - check here
    1. Stop all services including Plesk, MySQL, Apache, Postgres, SpamAssassin and any other service utilizing the /tmp file system.

    2. Copy all of the files in /tmp to a holding directory:

    # cp -Rp /tmp /tmp-backup

    3. If /tmp is a separate partition on the server, you only need to edit /etc/fstab and add 'noexec' and 'nosuid' options for /tmp (see step 5). Then remount the partition:

    # mount -o remount /tmp

    If the tmp file is not a separate partition (check using '# df -h') then you will need to follow steps 4 - 10 below. Else, skip to step 11.

    4. If /tmp directory resides on / partition, it is better to create new partition for /tmp, for example with size 1 GB:

    # cd /var
    # dd if=/dev/zero of=tmpMnt bs=1024 count=1048576
    # mkfs.ext3 -j /var/tmpMnt

    5. Add the string into /etc/fstab:

    # cp /etc/fstab /etc/fstab~
    # echo “/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0″ >> /etc/fstab

    6. Mount new /tmp partition:

    # mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

    7. /tmp should be chmod 0777:

    # chmod 0777 /tmp

    8. /tmp ownership should be root:root :

    # chown root:root /tmp

    9. Copy the old tmp files to the new tmp directory:

    # cp -Rp /tmp-backup/* /tmp/
    # rm -rf /tmp-backup

    10. Remove and re-link old /var/tmp file:

    # rm -rf /var/tmp/
    # ln -s /tmp/ /var/tmp

    11. Confirm that /tmp is mounted with noexec and nosuid:

    # mount

    Look for: "/dev/sdaX on /tmp type ext3 (rw,noexec,nosuid)"

    12. Restart the services you previously shut down.

    NOTE: This article was updated on April 5th 2011 to include a more optimized process.
     
  4. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi Greenhost,

    Thanks for the response... but that won't solve the problem. The setting for /var/tmp in /etc/fstab is being overruled. I'm assuming cPanel is remounting /var/tmp on /tmp later in the boot process. Also, the instructions you posted essentially mount /var/tmp on /tmp:
    Code:
    # ln -s /tmp/ /var/tmp
    ... that's a symbolic link. I appreciate the attempt, but this doesn't help.
     
  5. Greenhost

    Greenhost Well-Known Member

    Joined:
    Jan 22, 2013
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    please give me your /etc/fstab, I need to check this file.
     
  6. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    /etc/fstab:
    Code:
    /dev/VolGroup00/lv_root /                       ext3    defaults,usrquota,noatime        1 1
    /dev/VolGroup00/lv_backup /backup               ext4    defaults,nodev,nosuid,noexec,noatime,noauto        1 2
    /dev/VolGroup00/lv_home /home                   ext4    defaults,usrquota,nodev,nosuid,noatime        1 2
    # /dev/VolGroup00/lv_tmp  /tmp                    ext4    defaults,nodev,noexec,nosuid,relatime        1 2
    tmpfs                   /tmp                    tmpfs   nodev,noexec,nosuid,mode=1777,size=1024M                0 0
    /dev/VolGroup00/lv_var  /var                    ext4    defaults,usrquota,nodev,nosuid,noatime        1 2
    /dev/VolGroup00/lv_usr  /usr                    ext4    defaults,usrquota,nodev,noatime        1 2
    LABEL=/boot             /boot                   ext3    defaults,nodev,nosuid,noexec,noatime        1 2
    tmpfs                   /dev/shm                tmpfs   noexec,nosuid,ro        0 0
    devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
    sysfs                   /sys                    sysfs   defaults        0 0
    proc                    /proc                   proc    defaults        0 0
    /dev/VolGroup00/lv_swap swap                    swap    defaults        0 0
    # /tmp             /var/tmp                       ext4    defaults,usrquota,bind,nodev,nosuid,noexec,noauto        0 0
    /dev/VolGroup00/lv_tmp  /var/tmp                ext4    defaults,usrquota,nodev,noexec,nosuid,relatime        1 2
    # /usr/tmpDSK             /tmp                    ext3    defaults,noauto        0 0
    
     
  7. Greenhost

    Greenhost Well-Known Member

    Joined:
    Jan 22, 2013
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    It's sounds good, could you give me the error details you taken when you did mount?
     
  8. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi Greenhost,

    There aren't any errors -- after reboot, /var/tmp is not mounted as specified in /etc/fstab as it should be. Instead, it is bind mounted to /tmp. Here's the output of "mount":

    Code:
    # mount
    /dev/mapper/VolGroup00-lv_root on / type ext3 (rw,noatime,usrquota)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    /dev/mapper/VolGroup00-lv_home on /home type ext4 (rw,nosuid,nodev,noatime,usrquota)
    tmpfs on /tmp type tmpfs (rw,noexec,nosuid,nodev,mode=1777,size=1024M)
    /dev/mapper/VolGroup00-lv_var on /var type ext4 (rw,nosuid,nodev,noatime,usrquota)
    /dev/mapper/VolGroup00-lv_usr on /usr type ext4 (rw,nodev,noatime,usrquota)
    /dev/sda1 on /boot type ext3 (rw,noexec,nosuid,nodev,noatime)
    tmpfs on /dev/shm type tmpfs (ro,noexec,nosuid)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /tmp on /var/tmp type none (rw,noexec,nosuid,bind)
    At this point I'm really looking for a cPanel representative to explain why /etc/fstab is being ignored for /var/tmp, and what can be done to prevent this.
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I suspect our securetmp utility is at play here. You can disable this by touching the following file:

    /var/cpanel/version/securetmp_disabled

    Unfortunately you'll have to do a reboot to determine whether that fixed the problem.
     
  10. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thanks, Kenneth! I'll let you know in a month or so when the next kernel becomes available.
     
  11. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I just wanted to confirm that the solution posted by cPanelKenneth worked beautifully :)
     
  12. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I'm glad to hear that worked for you :)
     
  13. XenomediaBV

    XenomediaBV Well-Known Member

    Joined:
    Sep 3, 2009
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Just a note. As of cPanel version 11.36 there is no /var/cpanel/version/securetmp_disabled

    If you have configured a /tmp partition during your OS installation and secured it through /etc/fstab you might want to symlink /var/tmp to your /tmp mount. Therefore securetmp must be disabled.

    Test to see if securetmp is active. If you get the below line it is active:
    Code:
    # mount
    ...
    /tmp on /var/tmp type none (rw,noexec,nosuid,bind)
    To disable do the following:
    Code:
    # /scripts/securetmp
    *** Notice *** No loop module detected
    If the loopback block device is built as a module, try running `modprobe loop` as root via ssh and running this script again.
    If the loopback block device is built into the kernel itself, you can ignore this message.
    Would you like to secure /tmp & /var/tmp at boot time? (y/n) n
    securetmp will not be added to system startup at this time.
    Would you like to disable securetmp from the system startup? (y/n) y
    Would you like to secure /tmp & /var/tmp now? (y/n) n
    /tmp & /var/tmp will not be secured at this time.
    ... and then reboot.

    Now the cPanel /var/tmp mount is disabled and you can symlink /var/tmp to /tmp:
    Code:
    # rm -f /var/tmp
    # ln -s /tmp /var/tmp
     
  14. JonTheWong

    JonTheWong Active Member

    Joined:
    Oct 8, 2013
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Montreal, Quebec
    cPanel Access Level:
    Root Administrator
    Twitter:
    Was investigating moving my /tmp system onto a tmpfs in hopes to improve nginx cache / memcache.
    i found the securetmp file in /scripts/securetmp or specifically /usr/local/cpanel/scripts/securetmp

    While doing my tests on CentOS 6, i noticed that the tmp filesystem was on

    /dev/loop0 on /tmp type ext3 (rw,seclabel,nosuid,noexec,relatime,errors=continue,barrier=1,data=ordered)
    /dev/loop0 on /var/tmp type ext3 (rw,seclabel,nosuid,noexec,relatime,errors=continue,barrier=1,data=ordered)

    I did not find any mention in my fstab but after coming to this post i was able to deduce the location of the file in question.


    Just wanted to say thanks for the help in finding the specific file that created the tmp filesystem.
     
Loading...

Share This Page