SUMMARY: permissions of /tmp

From: Marcelo Maraboli (maraboli@dcsc.utfsm.cl)
Date: Tue Oct 27 1998 - 07:04:09 CST

Hello Admins:

I really want to thank the list for their many responses.

Original Problem:
--------------------
>I have an Ultra2 with Solaris 2.6 and about 2000 users which
>like to fill up the /tmp with no concern of the damage
>that he may cause if /tmp goes up to 100%....
>
>Currently, the /tmp permissions are:
>
>drwxrwxrwt 10 sys sys 1414 Oct 22 18:21 tmp/
>
>Can I set it to not-world-writeable?? I don't want users
>working in that space, but I need them to read mail normally, and
>the servers (sendmail, httpd, etc) to work ok...
----------------------------------------------------------------

SUMMARY of Responses:
-----------------------

I will present them in a convenient way.

1.- The permissions of /tmp SHOULD always be 1777

2.- Solaris, by default, installs /tmp in the swap area.

3.- If you want to restrict the amount of "tmp" that a non-polite
    user may occupy, you must use disk quotas.

4.- In order to use disk quotas, /tmp should NOT be in a swap
    space, but in a separate partition (another disk maybe).Then
    you follow the standard procedure of quotas for any partition.

5.- If you don't want a separate partition for /tmp, you can restrict
    the size of "/tmp" in the swap area, so at least the machine doesn't
    crash due to lack of swap space. Here's how..

                swap - /tmp tmpfs - yes size=64m
        (se also, man mount_tmpfs)

6.- And here is a critical point, how much quota in /tmp ?
    my answer (it works) is that you need the twice the
    user has in /var/mail as quota for his mailbox. This is
    because some mailer programs write the mailbox in tmp, and
    also write the modified mailbox in /tmp, then it puts back
    the modified mailbox to /var/mail.

7.- Users may think that since they HAVE a quota on /tmp, they
    are entitled to that space, so every day (cron) you should
    erase all the files with +1 days...something like..

0 0 * * * find /tmp -ctime +1 -type f -exec rm -rf {} \; > /dev/null
2>&1
0 0 * * * find /var/tmp -ctime +1 -type f -exec rm -rf {} \; > /dev/null
2>&1

        If you are still not satisfied with that simple solution,
you can use Karl Vogel <vogelke@c17mis.region2.wpafb.af.mil> script
which erases the largest files in the /tmp area (or whereever). Since
he developed it, you should ask him for a copy.

 These steps assured users a space in /tmp and also protects
 the machine from non-polite users, and still has an intact swap
 space.....The only drawback is that, /tmp is not in memory, so
 it isn't that fast anymore, just SCSI speed.

regards, 

-- 
Marcelo Maraboli Rosselott
Jefe de Area de Redes (Network Administrator)
Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria, Chile.

|--| |-[]-| |--| C: uCapacitor   The Beginning of the
|   C  I   C   | I: Electronic                  New Electronic Age
|              |      Island    "Quantum Electronics, That's COOL!"
|------()------| V: Voltage               "Shut up, Beavis!" 
     V + -

mailto:maraboli@dcsc.utfsm.cl http://www.dcsc.utfsm.cl/~maraboli
------------------------------------------------------------------/

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:51 CDT