I followed this guideline here for securing it (after trying /secure/tmp which I believe caused the /tmp problem)
(guideline found at http://eth0.us/?q=node/11)

The first step is to check if /tmp is already secure. Some datacenters do not create a /tmp partition while others do.
-----command-----
df -h |grep tmp
-----command-----


If that displays nothing then go below to create a tmp partition. If you do have a tmp partition you need to see if it mounted with noexec.
-----command-----
cat /etc/fstab |grep tmp
-----command-----

If there is a line that includes /tmp and noexec then it is already mounted as non-executable. If not follow the instructions below to create one without having to physically format your disk. Idealy you would make a real partition when the disk was originally formated, that being said I have not had any trouble create a /tmp partition using the following method.


Create a 190Mb partition
-----command-----
cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=200000
-----command-----

Format the partion
-----command-----
mke2fs /dev/tmpMnt
-----command-----
When it asks about not being a block special device press Y


Make a backup of the old data
-----command-----
cp -Rp /tmp /tmp_backup
-----command-----

Mount the temp filesystem
-----command-----
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
-----command-----

Set the permissions
-----command-----
chmod 0777 /tmp
-----command-----

Copy the old files back
-----command-----
cp -Rp /tmp_backup/* /tmp/
-----command-----

Once you do that go ahead and restart mysql and make sure it works ok. We do this because mysql places the mysql.sock in /tmp which neeeds to be moved. If not it migth have trouble starting. If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted:

Open the file in pico:
-----command-----
pico -w /etc/fstab
-----command-----
Now add this single line at the bottom:

/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0

While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following:
none /dev/shm tmpfs noexec,nosuid 0 0

Umount and remount /dev/shm for the changes to take effect.
-----command-----
umount /dev/shm
mount /dev/shm
-----command-----

Next delete the old /var/tmp and create a link to /tmp
-----command-----
rm -rf /var/tmp/
ln -s /tmp/ /var/
-----command-----

If everything still works fine you can go ahead and delete the /tmp_backup directory.
-----command-----
rm -rf /tmp_backup
-----command-----



My problem in this process isroot@server [/dev]# rm -rf /var/tmp/
rm: cannot remove directory `/var/tmp/': Device or resource busy

How do I correct this?

root@server [/dev]# ln -s /tmp/ /var/
ln: `/var//tmp': cannot overwrite directory

var/tmp is empty

I rebooted the server as that site owner said. He said to do
shutdown -r now (what exactly does that shutdown, and how to restart)?

I used to have 243MB tmp before this guideline (even though I got stuck halfway through and did not complete). Now I have 379MB. The /tmp area that causes this to happen is one of the logwatch directories.

root@server [/tmp]# cd logwatch.OJp30518
root@server [/tmp/logwatch.OJp30518]# dir
(null) ./
(null) ../
(null) autorpm
(null) clam-update
(null) cron
(null) exim
(null) http
(null) maillog
(null) messages
(null) pureftp
(null) rt314
(null) samba
(null) secure
(null) tac_acc
(null) up2date
(null) vsftpd
(null) xferlog
(null) yum


/etc/fstab

LABEL=/ / ext3 defaults,usrquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs noexec,nosuid 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
/dev/hda3 swap swap defaults 0 0
/dev/hdb1 /extra ext3 defaults 1 1
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0


/etc/mtab

/dev/hda2 / ext3 rw,usrquota 0 0
none /proc proc rw 0 0
none /sys sysfs rw 0 0
none /dev/pts devpts rw,gid=5,mode=620 0 0
/dev/hda1 /boot ext3 rw 0 0
none /dev/shm tmpfs rw,noexec,nosuid 0 0
/dev/hdb1 /extra ext3 rw 0 0
/dev/tmpMnt /tmp ext2 rw,noexec,nosuid,loop=/dev/loop0 0 0
/tmp /var/tmp none rw,noexec,nosuid,bind 0 0


df -h

Filesystem Size Used Avail Use% Mounted on
/dev/hda2 228G 65G 152G 30% /
/dev/hda1 145M 47M 91M 34% /boot
none 1014M 0 1014M 0% /dev/shm
/dev/hdb1 230G 17G 202G 8% /extra
/dev/tmpMnt 379M 45K 359M 1% /tmp
/tmp 379M 45K 359M 1% /var/tmp

You cannot unmount a filesystem if a filehandle or directory handle is open on that filesystem. This could just be something as simple as a terminal open that's been cd-ed to /var/tmp, or a process could be actively reading/writing files in /var/tmp

Given that /var/tmp is likely to be read/written by a large number of processes, I would tend to shutdown to single user mode using This will stop these processes from running, so they can't be accessing files.

…because /var/tmp wasn't removed

For more information, try the man command: Basically, shutdown -r shuts down all processes then reboots the computer.

If you're worried about the amount of space on /tmp, you can change it with gnuparted (www.gnuparted.sf.net). You might also consider using a tmpfs filesystem if you can bear the cost of keeping everything in memory.

Another tip is to delete the contents of /tmp recursively once when you start up; it's possible that some files have been left behind by processes that have died and left files behind. (But note that the system should clean them out eventually in this case)