Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

What is good practice making /tmp /var/tmp noexec on cpanel server?

Discussion in 'General Discussion' started by postcd, Sep 6, 2017.

Tags:
  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    694
    Likes Received:
    15
    Trophy Points:
    68
    Hello,

    i read a few topics on how to make /tmp and /var/tmp and /dev/shm a "noexec" mount point.

    SOLVED - secure /tmp directory
    CentOS OpenVZ – how to secure tmp directory
    Mount /tmp with noexec,nosuid options on Openvz
    OpenVZ Forum: Users » How do I mount /tmp on VEs with noexec,nosuid options?

    Currently i have this on my cPanel OpenVZ VPS & CentOS6:
    # df -h|grep -v virtf
    Code:
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/simfs      342G  105G  238G  31% /
    none            9.0G  4.0K  9.0G   1% /dev
    none            9.0G  4.0K  9.0G   1% /dev/shm
    tmpfs           9.0G  1.8M  9.0G   1% /tmp
    tmpfs           9.0G  4.0K  9.0G   1% /var/tmp
    # mount|grep -v virtfs
    Code:
    /dev/simfs on / type simfs (rw,relatime,usrquota,grpquota)
    proc on /proc type proc (rw,relatime)
    sysfs on /sys type sysfs (rw,relatime)
    none on /dev type devtmpfs (rw,relatime,mode=755)
    none on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
    none on /dev/shm type tmpfs (rw,nosuid,noexec,relatime)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
    tmpfs on /tmp type tmpfs (rw,nosuid,noexec,relatime)
    tmpfs on /var/tmp type tmpfs (rw,nosuid,noexec,relatime)
    # free -mht
    Code:
                 total       used       free     shared    buffers     cached
    Mem:           18G       8.4G       9.6G       1.7M         0B       5.7G
    -/+ buffers/cache:       2.7G        15G
    Swap:         2.0G        13M       2.0G
    Total:         20G       8.4G        11G
    But it does not look good (all three has 9GB virtual size in RAM - tmpfs). Would be better to have it in HDD instead and have some different size? which size you recommend roughly in my case please?

    In mentioned post (SOLVED - secure /tmp directory) is an advice to symlink /var/tmp -> /tmp . Is it wise to do so?

    PS: before mount or remount i assume stopping cpanel,httpd,mysql services, then rsync all tmp folders, doing mount or remount, rsyanc back files and then starting services

    Thank You
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi.

    From what I can see that your server is a openvz VPS container, so you will not be having separate partition and the current tmp that is mounted on your machine is already a block file that is created on your machine i.e., hard disk itself. I see no issue keeping it this way and continuing. What exact issue are you facing with this?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,200
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Your current configuration is one of the more common configurations for the /tmp partition in the cPanel environment. I don't recommend making any changes, however you will likely find more user-feedback on tmpfs performance or reliability at a website such as StackOverflow:

    StackOverFlow - tmpfs search results

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    postcd likes this.
  4. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    694
    Likes Received:
    15
    Trophy Points:
    68
    Thx for the feedback! So from Michael's post, i will assume my setup is OK/optimal, until someone explain it is otherwise.
    BTW: If someone found this topic wanting to apply noexec tmp setup as mine, here are steps i did.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice