FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-26-2012, 02:29 PM
Ivan Shmakov
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

>>>>> Weldon Goree <weldon@b.rontosaur.us> writes:
>>>>> On Fri, 2012-05-25 at 10:02 -0400, Nikolaus Rath wrote:

>> I think having / and /tmp share the same file system is a bad idea,
>> because then writing lots of stuff to /tmp would potentially fill up
>> the root file system (that typically also includes /var) and then
>> cause a lot of breakage.

>> However, if I put /tmp in a separate (on-disk) file system, I have
>> to decide how much disk space to I want to permanently allocate for
>> temporary data, in addition to the disk space permanently allocated
>> for swapping.

[…]

Somehow, I feel that some of the participants of this discussion
are missing this very point: having /tmp on disk /doesn't/ mean
that /all/ the free disk space will be available for it at any
given time.

In particular, as Ext2+ filesystems can only be expanded, and
not reduced (without unmounting), I've got the habit of having
most of the disk space unallocated, and only expanding the
filesystems as they grow full. (Unless, of course, considerable
amounts of cruft could be identified and removed at that time.)

> If only ext*fs supported quotas...

… But that makes me recall a solution to both the /tmp and quota
issues I've seen somewhere: use ~/tmp/ instead of /tmp. This
way, user's temporary files will be subject to exactly the same
limits as all the other his or her files.

(Still, we may need to identify the software that ignores TMPDIR
and tries to write to /tmp unconditionally.)

> (Snark aside, does tmpfs support quotas yet/will it ever?)

--
FSF associate member #7257


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 86r4u7koc5.fsf_-_@gray.siamics.net">http://lists.debian.org/86r4u7koc5.fsf_-_@gray.siamics.net
 
Old 05-26-2012, 06:24 PM
Andrei POPESCU
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

On Sb, 26 mai 12, 21:29:30, Ivan Shmakov wrote:
>
> … But that makes me recall a solution to both the /tmp and quota
> issues I've seen somewhere: use ~/tmp/ instead of /tmp. This
> way, user's temporary files will be subject to exactly the same
> limits as all the other his or her files.
>
> (Still, we may need to identify the software that ignores TMPDIR
> and tries to write to /tmp unconditionally.)

Maybe trying to kill two birds with one stone, but what if the display
managers would set TMPDIR to ~/tmp/ (or ~/.cache/tmp or whatever)?

Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 05-26-2012, 06:32 PM
Ted Ts'o
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

On Sat, May 26, 2012 at 09:29:30PM +0700, Ivan Shmakov wrote:
> … But that makes me recall a solution to both the /tmp and quota
> issues I've seen somewhere: use ~/tmp/ instead of /tmp. This
> way, user's temporary files will be subject to exactly the same
> limits as all the other his or her files.
>
> (Still, we may need to identify the software that ignores TMPDIR
> and tries to write to /tmp unconditionally.)
>
> > (Snark aside, does tmpfs support quotas yet/will it ever?)

These days I'd argue that multi-user is such a corner case that it's
not worth optimizing for it as far as defaults are concerned. If
you're trying to run a secure multi-user system, you need to be an
expert system administrator, keep up with all security patches, and
even then, good luck to you. (The reality is that these days, no
matter what OS you're talking about, shell == root. And that's
probably even true on the most unusably locked down SELinux system.)

What I'd do in that situation is to use per-user /tmp directories,
where each user would get its own mount namespace, and so each user
would have its own /tmp --- either a bind-mounted $(HOME)/tmp to /tmp
if you want to enforce quotas that way, or a separate tmpfs for each
user --- and then you can specify the size of the per-user tmpfs
mounted on each user's version of /tmp.

Cheers,

- Ted


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120526183215.GA11165@thunk.org">http://lists.debian.org/20120526183215.GA11165@thunk.org
 
Old 05-26-2012, 06:46 PM
Jean-Christophe Dubacq
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

On 26/05/2012 20:32, Ted Ts'o wrote:
> On Sat, May 26, 2012 at 09:29:30PM +0700, Ivan Shmakov wrote:
>> … But that makes me recall a solution to both the /tmp and quota
>> issues I've seen somewhere: use ~/tmp/ instead of /tmp. This
>> way, user's temporary files will be subject to exactly the same
>> limits as all the other his or her files.
>>
>> (Still, we may need to identify the software that ignores TMPDIR
>> and tries to write to /tmp unconditionally.)
>>
>> > (Snark aside, does tmpfs support quotas yet/will it ever?)
>
> These days I'd argue that multi-user is such a corner case that it's
> not worth optimizing for it as far as defaults are concerned. If
> you're trying to run a secure multi-user system, you need to be an
> expert system administrator, keep up with all security patches, and
> even then, good luck to you. (The reality is that these days, no
> matter what OS you're talking about, shell == root. And that's
> probably even true on the most unusably locked down SELinux system.)
>
> What I'd do in that situation is to use per-user /tmp directories,
> where each user would get its own mount namespace, and so each user
> would have its own /tmp --- either a bind-mounted $(HOME)/tmp to /tmp
> if you want to enforce quotas that way, or a separate tmpfs for each
> user --- and then you can specify the size of the per-user tmpfs
> mounted on each user's version of /tmp.
>
> Cheers,

Again, I thought that:
There is a single base directory relative to which user-specific
non-essential (cached) data should be written. This directory is defined
by the environment variable $XDG_CACHE_HOME.

There is a single base directory relative to which user-specific runtime
files and other file objects should be placed. This directory is defined
by the environment variable $XDG_RUNTIME_DIR.


(http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html)

I think these two definitions cover what most "users" (i.e. *human*
users) would use /tmp for.

--
Jean-Christophe Dubacq


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4FC12517.3060102@free.fr">http://lists.debian.org/4FC12517.3060102@free.fr
 
Old 05-26-2012, 07:40 PM
Serge
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

2012/5/26 Andrei POPESCU wrote:

> Maybe trying to kill two birds with one stone, but what if the display
> managers would set TMPDIR to ~/tmp/ (or ~/.cache/tmp or whatever)?

What's the point of dropping /tmp and then reinventing it in another
place on disk? Everyone could just continue using /tmp on disk then...

If the point is to have /home and /tmp on the same partiton then:
# install -d -m 1777 -o root -g root /home/tmp
# mount --bind /tmp /home/tmp
[edit /etc/fstab to have the mount permanent]
That gives /tmp on a /home partition without memory/swap headache.
As a bonus it will clean on boot automatically.

--
Serge


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAOVenEqONRQVrZcWwRnOjAeFhvX2Ah+_YtHxJ46X0WAGyasdw Q@mail.gmail.com">http://lists.debian.org/CAOVenEqONRQVrZcWwRnOjAeFhvX2Ah+_YtHxJ46X0WAGyasdw Q@mail.gmail.com
 
Old 05-26-2012, 08:23 PM
"brian m. carlson"
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

On Sat, May 26, 2012 at 02:32:15PM -0400, Ted Ts'o wrote:
> These days I'd argue that multi-user is such a corner case that it's
> not worth optimizing for it as far as defaults are concerned. If
> you're trying to run a secure multi-user system, you need to be an
> expert system administrator, keep up with all security patches, and
> even then, good luck to you. (The reality is that these days, no
> matter what OS you're talking about, shell == root. And that's
> probably even true on the most unusably locked down SELinux system.)

I work for a company that develops software for shared-hosting
providers. I can guarantee you that multi-user is far from a corner
case. We employ 135 people and are growing, as is the shared-hosting
market.

For my personal purposes, tmpfs on /tmp is fine. For shared-hosting
purposes, tmpfs on /tmp is a DoS waiting to happen. Many web hosting
companies overprovision their servers (the business is cutthroat) and
memory is very tight.

--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
 
Old 05-26-2012, 10:55 PM
Salvo Tomaselli
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

> Again, I thought that:
> There is a single base directory relative to which user-specific
> non-essential (cached) data should be written. This directory is defined
> by the environment variable $XDG_CACHE_HOME.
>
> There is a single base directory relative to which user-specific runtime
> files and other file objects should be placed. This directory is defined
> by the environment variable $XDG_RUNTIME_DIR.
>
>
> (http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html)
>
> I think these two definitions cover what most "users" (i.e. *human*
> users) would use /tmp for.

$ echo $XDG_CACHE_DIR |wc
1 0 1

Yes they do cover many uses but several programs need to be fixed, and to
include code to empty the directory afterwards.

If you don't plan to fix them all, and until those directories are actually
used, you don't have a good point.
Besides office systems usually have a NFS /home and a local /tmp which means
that writing cache on the home is bad. But that's quite a specific situation
and we shouldn't bother too much for it.


Bye
--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201205270055.44745.tiposchi@tiscali.it">http://lists.debian.org/201205270055.44745.tiposchi@tiscali.it
 
Old 05-26-2012, 11:15 PM
Adam Borowski
 
Default /tmp on multi-FS set-ups, or: block users from using /tmp?

On Sat, May 26, 2012 at 08:23:31PM +0000, brian m. carlson wrote:
> I work for a company that develops software for shared-hosting
> providers. I can guarantee you that multi-user is far from a corner
> case. We employ 135 people and are growing, as is the shared-hosting
> market.
>
> For my personal purposes, tmpfs on /tmp is fine. For shared-hosting
> purposes, tmpfs on /tmp is a DoS waiting to happen. Many web hosting
> companies overprovision their servers (the business is cutthroat) and
> memory is very tight.

Ie, you need swap anyway.

tmpfs for /tmp/ is good no matter if you have enough memory (there won't be
any I/O at all), or if memory is tight (it removes the need for journaling
and barriers).

Real problems in this thread are default settings for allotted space,
complaints about tight memory are red herring.


--
“This is gonna be as easy as cheating on an ethics exam!”
-Cerise Brightmoon
 

Thread Tools




All times are GMT. The time now is 03:14 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org