LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   /tmp maxing out 100% (http://www.linuxquestions.org/questions/linux-general-1/tmp-maxing-out-100-a-277079/)

cz1179 01-12-2005 06:13 PM

/tmp maxing out 100%
 
I followed this guideline here for securing it (after trying /secure/tmp which I believe caused the /tmp problem)
(guideline found at http://eth0.us/?q=node/11)

The first step is to check if /tmp is already secure. Some datacenters do not create a /tmp partition while others do.
-----command-----
df -h |grep tmp
-----command-----


If that displays nothing then go below to create a tmp partition. If you do have a tmp partition you need to see if it mounted with noexec.
-----command-----
cat /etc/fstab |grep tmp
-----command-----

If there is a line that includes /tmp and noexec then it is already mounted as non-executable. If not follow the instructions below to create one without having to physically format your disk. Idealy you would make a real partition when the disk was originally formated, that being said I have not had any trouble create a /tmp partition using the following method.


Create a 190Mb partition
-----command-----
cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=200000
-----command-----

Format the partion
-----command-----
mke2fs /dev/tmpMnt
-----command-----
When it asks about not being a block special device press Y


Make a backup of the old data
-----command-----
cp -Rp /tmp /tmp_backup
-----command-----

Mount the temp filesystem
-----command-----
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
-----command-----

Set the permissions
-----command-----
chmod 0777 /tmp
-----command-----

Copy the old files back
-----command-----
cp -Rp /tmp_backup/* /tmp/
-----command-----

Once you do that go ahead and restart mysql and make sure it works ok. We do this because mysql places the mysql.sock in /tmp which neeeds to be moved. If not it migth have trouble starting. If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted:

Open the file in pico:
-----command-----
pico -w /etc/fstab
-----command-----
Now add this single line at the bottom:

/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0

While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following:
none /dev/shm tmpfs noexec,nosuid 0 0

Umount and remount /dev/shm for the changes to take effect.
-----command-----
umount /dev/shm
mount /dev/shm
-----command-----

Next delete the old /var/tmp and create a link to /tmp
-----command-----
rm -rf /var/tmp/
ln -s /tmp/ /var/
-----command-----

If everything still works fine you can go ahead and delete the /tmp_backup directory.
-----command-----
rm -rf /tmp_backup
-----command-----



My problem in this process isroot@server [/dev]# rm -rf /var/tmp/
rm: cannot remove directory `/var/tmp/': Device or resource busy

How do I correct this?

root@server [/dev]# ln -s /tmp/ /var/
ln: `/var//tmp': cannot overwrite directory

var/tmp is empty

I rebooted the server as that site owner said. He said to do
shutdown -r now (what exactly does that shutdown, and how to restart)?

I used to have 243MB tmp before this guideline (even though I got stuck halfway through and did not complete). Now I have 379MB. The /tmp area that causes this to happen is one of the logwatch directories.

root@server [/tmp]# cd logwatch.OJp30518
root@server [/tmp/logwatch.OJp30518]# dir
(null) ./
(null) ../
(null) autorpm
(null) clam-update
(null) cron
(null) exim
(null) http
(null) maillog
(null) messages
(null) pureftp
(null) rt314
(null) samba
(null) secure
(null) tac_acc
(null) up2date
(null) vsftpd
(null) xferlog
(null) yum


/etc/fstab

LABEL=/ / ext3 defaults,usrquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs noexec,nosuid 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
/dev/hda3 swap swap defaults 0 0
/dev/hdb1 /extra ext3 defaults 1 1
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0


/etc/mtab

/dev/hda2 / ext3 rw,usrquota 0 0
none /proc proc rw 0 0
none /sys sysfs rw 0 0
none /dev/pts devpts rw,gid=5,mode=620 0 0
/dev/hda1 /boot ext3 rw 0 0
none /dev/shm tmpfs rw,noexec,nosuid 0 0
/dev/hdb1 /extra ext3 rw 0 0
/dev/tmpMnt /tmp ext2 rw,noexec,nosuid,loop=/dev/loop0 0 0
/tmp /var/tmp none rw,noexec,nosuid,bind 0 0


df -h

Filesystem Size Used Avail Use% Mounted on
/dev/hda2 228G 65G 152G 30% /
/dev/hda1 145M 47M 91M 34% /boot
none 1014M 0 1014M 0% /dev/shm
/dev/hdb1 230G 17G 202G 8% /extra
/dev/tmpMnt 379M 45K 359M 1% /tmp
/tmp 379M 45K 359M 1% /var/tmp

rjlee 01-13-2005 03:28 AM

Re: /tmp maxing out 100%
 
Quote:

Originally posted by cz1179
My problem in this process isroot@server [/dev]# rm -rf /var/tmp/
rm: cannot remove directory `/var/tmp/': Device or resource busy

How do I correct this?

You cannot unmount a filesystem if a filehandle or directory handle is open on that filesystem. This could just be something as simple as a terminal open that's been cd-ed to /var/tmp, or a process could be actively reading/writing files in /var/tmp

Given that /var/tmp is likely to be read/written by a large number of processes, I would tend to shutdown to single user mode using
Code:

telinit s
This will stop these processes from running, so they can't be accessing files.

Quote:

root@server [/dev]# ln -s /tmp/ /var/
ln: `/var//tmp': cannot overwrite directory

var/tmp is empty

…because /var/tmp wasn't removed

Quote:

I rebooted the server as that site owner said. He said to do
shutdown -r now (what exactly does that shutdown, and how to restart)?

For more information, try the man command:
Code:

man shutdown
Basically, shutdown -r shuts down all processes then reboots the computer.

Quote:

I used to have 243MB tmp before this guideline (even though I got stuck halfway through and did not complete). Now I have 379MB. The /tmp area that causes this to happen is one of the logwatch directories.
If you're worried about the amount of space on /tmp, you can change it with gnuparted (www.gnuparted.sf.net). You might also consider using a tmpfs filesystem if you can bear the cost of keeping everything in memory.

Another tip is to delete the contents of /tmp recursively once when you start up; it's possible that some files have been left behind by processes that have died and left files behind. (But note that the system should clean them out eventually in this case)


All times are GMT -5. The time now is 10:49 PM.