FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-24-2010, 09:06 AM
Peter Smith
 
Default Debian system modifications tmpfs

I want to mount following folders as tmpfs in my Debian Lenny 5.0.6
installation:

/var/cache/apt/archives
/var/tmp
/tmp

I have added the following lines to fstab:

tmpfs /var/cache/apt/archives tmpfs noatime,nodev,noexec,nosuid,mode=0755 0 0
tmpfs /var/tmp tmpfs noatime,nodev,noexec,nosuid,mode=1777 0 0
tmpfs /tmp tmpfs noatime,nodev,noexec,nosuid,mode=1777 0 0

I recreate the partial folder and the lock file in
/var/cache/apt/archives at boot time by adding the following lines to
/etc/rc.local

mkdir -p /var/cache/apt/archives/partial
touch /var/cache/apt/archives/lock
chmod 640 /var/cache/apt/archives/lock

Iceweasel is modified to use /tmp as cache, so when Iceweasel is
loaded after a reboot it creates a folder named Cache in /tmp.

Everything seems to be working as expected, but i am wondering if
doing this can introduce any security problems or break my Debian
system in any way.?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTi=gETCgM=g5ETa=q20zEhPmqN=rrMizu57Pvpvs@mail .gmail.com">http://lists.debian.org/AANLkTi=gETCgM=g5ETa=q20zEhPmqN=rrMizu57Pvpvs@mail .gmail.com
 
Old 09-24-2010, 09:34 AM
Timo Juhani Lindfors
 
Default Debian system modifications tmpfs

Peter Smith <peter.smith3882100@gmail.com> writes:
> tmpfs /tmp tmpfs noatime,nodev,noexec,nosuid,mode=1777 0 0

noexec /tmp will surely break applications, no?

> Iceweasel is modified to use /tmp as cache, so when Iceweasel is
> loaded after a reboot it creates a folder named Cache in /tmp.

How does this work with multiple users in a safe way?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 841v8j1o44.fsf@sauna.l.org">http://lists.debian.org/841v8j1o44.fsf@sauna.l.org
 
Old 09-24-2010, 12:22 PM
Peter Smith
 
Default Debian system modifications tmpfs

On Fri, Sep 24, 2010 at 11:34 AM, Timo Juhani Lindfors
<timo.lindfors@iki.fi> wrote:
> Peter Smith <peter.smith3882100@gmail.com> writes:
>> tmpfs /tmp tmpfs noatime,nodev,noexec,nosuid,mode=1777 0 0
>
> noexec /tmp will surely break applications, no?

So far no applications have been malfunction as a result of the noexec
flag on /tmp, but i guess that i could change it to exec just to be
sure that problems do not suddenly arise.

>> Iceweasel is modified to use /tmp as cache, so when Iceweasel is
>> loaded after a reboot it creates a folder named Cache in /tmp.
>
> How does this work with multiple users in a safe way?

Good point, but in my case it won't be a problem as i am the only user
of the system. What if a security problem was found in Iceweasel,
would it be worse that the cache is placed in /tmp instead of the home
folder?


Today when reading the "Filesystem Hierarchy Standard" i found out
that mounting /var/tmp as tmpfs is not a good idea:

"The /var/tmp directory is made available for programs that require
temporary files or directories that are preserved between system
reboots. Therefore, data stored in /var/tmp is more persistent than
data in /tmp.

Files and directories located in /var/tmp must not be deleted when the
system is booted. Although data stored in /var/tmp is typically
deleted in a site-specific manner, it is recommended that deletions
occur at a less frequent interval than /tmp."

Until now i have not found any information that talks against mounting
/var/cache/apt/archives as tmpfs


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTim0unFK50rSw3gTwnd_6bciKNTV7RsfPTGQYwGz@mail .gmail.com">http://lists.debian.org/AANLkTim0unFK50rSw3gTwnd_6bciKNTV7RsfPTGQYwGz@mail .gmail.com
 
Old 09-24-2010, 08:45 PM
Rob Owens
 
Default Debian system modifications tmpfs

On Fri, Sep 24, 2010 at 02:22:01PM +0200, Peter Smith wrote:
> On Fri, Sep 24, 2010 at 11:34 AM, Timo Juhani Lindfors
> <timo.lindfors@iki.fi> wrote:
> > Peter Smith <peter.smith3882100@gmail.com> writes:
> >> tmpfs /tmp tmpfs noatime,nodev,noexec,nosuid,mode=1777 0 0
> >
> > noexec /tmp will surely break applications, no?
>
> So far no applications have been malfunction as a result of the noexec
> flag on /tmp, but i guess that i could change it to exec just to be
> sure that problems do not suddenly arise.
>
I've read somewhere that apt breaks if /tmp is noexec. I haven't tried
it myself, though.

> >> Iceweasel is modified to use /tmp as cache, so when Iceweasel is
> >> loaded after a reboot it creates a folder named Cache in /tmp.
> >
> > How does this work with multiple users in a safe way?
>
> Good point, but in my case it won't be a problem as i am the only user
> of the system. What if a security problem was found in Iceweasel,
> would it be worse that the cache is placed in /tmp instead of the home
> folder?
>
I would think this is ok, as long as the Cache folder gets the
appropriate permissions (700, I would think is appropriate).

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100924204557.GC31543@aurora.owens.net">http://lists.debian.org/20100924204557.GC31543@aurora.owens.net
 

Thread Tools




All times are GMT. The time now is 10:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org