/tmp mounting options as tmpfs: Compatibility & Security
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Having a SSD - it is recommended to mount /tmp
as tmpfs
.
Examples:
- https://askubuntu.com/questions/550589/best-way-to-mount-tmp-in-fstab
- https://yktoo.com/en/blog/post/233
- https://askubuntu.com/questions/173094/how-can-i-use-ram-storage-for-the-tmp-directory-and-how-to-set-a-maximum-amount
The mounting options are different in each example - why???
The default Ubuntu 16 installation sets the mounting options for root (/
) as (from /etc/mtab
):
/dev/sda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
Ergo all other options - as suggested in the examples/links - shouldn't be applied.
Some of the mounting options in the various examples on the web are:
defaults,noatime,mode=1777
or:
defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M
But:
- Having
noatime
feels useless because that the data is stored in RAM which is fast anyway. - Why
nosuid,nodev,noexec
?
How do they know whether softwares are dependent on certain options or not?
I think it is best to stick with the default permissions that the installation applied, meaning:
rw,relatime,mode=1777,uid=0,gid=0
In order to ensure proper operation of various softwares:
- The permissions are 1777 because that the default permissions for
/tmp
are alsodrwxrwxrwt
(seestat -c "%a %n" /tmp
). - The
uid
andgid
areroot
because that/tmp
has the same.
Is there something which I'm missing here?
permissions mount ssd tmpfs
add a comment |
Having a SSD - it is recommended to mount /tmp
as tmpfs
.
Examples:
- https://askubuntu.com/questions/550589/best-way-to-mount-tmp-in-fstab
- https://yktoo.com/en/blog/post/233
- https://askubuntu.com/questions/173094/how-can-i-use-ram-storage-for-the-tmp-directory-and-how-to-set-a-maximum-amount
The mounting options are different in each example - why???
The default Ubuntu 16 installation sets the mounting options for root (/
) as (from /etc/mtab
):
/dev/sda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
Ergo all other options - as suggested in the examples/links - shouldn't be applied.
Some of the mounting options in the various examples on the web are:
defaults,noatime,mode=1777
or:
defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M
But:
- Having
noatime
feels useless because that the data is stored in RAM which is fast anyway. - Why
nosuid,nodev,noexec
?
How do they know whether softwares are dependent on certain options or not?
I think it is best to stick with the default permissions that the installation applied, meaning:
rw,relatime,mode=1777,uid=0,gid=0
In order to ensure proper operation of various softwares:
- The permissions are 1777 because that the default permissions for
/tmp
are alsodrwxrwxrwt
(seestat -c "%a %n" /tmp
). - The
uid
andgid
areroot
because that/tmp
has the same.
Is there something which I'm missing here?
permissions mount ssd tmpfs
2
drwxrwxrwt is 1777, not 0776. It's admittedly a little confusing becausels
fits 12 permission bits into 9 character positions.
– Mark Plotnick
Mar 18 '17 at 18:51
@MarkPlotnick True. The documentation for that isn't good. I've seen this source. Is there a difference between1776
and1777
?
– Dor
Mar 19 '17 at 8:00
1776 doesn't have x permission for other. That's not good for a public directory like /tmp - it would mean users who aren't root and aren't in group 0 cannot access any file in /tmp.
– Mark Plotnick
Mar 19 '17 at 10:12
add a comment |
Having a SSD - it is recommended to mount /tmp
as tmpfs
.
Examples:
- https://askubuntu.com/questions/550589/best-way-to-mount-tmp-in-fstab
- https://yktoo.com/en/blog/post/233
- https://askubuntu.com/questions/173094/how-can-i-use-ram-storage-for-the-tmp-directory-and-how-to-set-a-maximum-amount
The mounting options are different in each example - why???
The default Ubuntu 16 installation sets the mounting options for root (/
) as (from /etc/mtab
):
/dev/sda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
Ergo all other options - as suggested in the examples/links - shouldn't be applied.
Some of the mounting options in the various examples on the web are:
defaults,noatime,mode=1777
or:
defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M
But:
- Having
noatime
feels useless because that the data is stored in RAM which is fast anyway. - Why
nosuid,nodev,noexec
?
How do they know whether softwares are dependent on certain options or not?
I think it is best to stick with the default permissions that the installation applied, meaning:
rw,relatime,mode=1777,uid=0,gid=0
In order to ensure proper operation of various softwares:
- The permissions are 1777 because that the default permissions for
/tmp
are alsodrwxrwxrwt
(seestat -c "%a %n" /tmp
). - The
uid
andgid
areroot
because that/tmp
has the same.
Is there something which I'm missing here?
permissions mount ssd tmpfs
Having a SSD - it is recommended to mount /tmp
as tmpfs
.
Examples:
- https://askubuntu.com/questions/550589/best-way-to-mount-tmp-in-fstab
- https://yktoo.com/en/blog/post/233
- https://askubuntu.com/questions/173094/how-can-i-use-ram-storage-for-the-tmp-directory-and-how-to-set-a-maximum-amount
The mounting options are different in each example - why???
The default Ubuntu 16 installation sets the mounting options for root (/
) as (from /etc/mtab
):
/dev/sda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
Ergo all other options - as suggested in the examples/links - shouldn't be applied.
Some of the mounting options in the various examples on the web are:
defaults,noatime,mode=1777
or:
defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M
But:
- Having
noatime
feels useless because that the data is stored in RAM which is fast anyway. - Why
nosuid,nodev,noexec
?
How do they know whether softwares are dependent on certain options or not?
I think it is best to stick with the default permissions that the installation applied, meaning:
rw,relatime,mode=1777,uid=0,gid=0
In order to ensure proper operation of various softwares:
- The permissions are 1777 because that the default permissions for
/tmp
are alsodrwxrwxrwt
(seestat -c "%a %n" /tmp
). - The
uid
andgid
areroot
because that/tmp
has the same.
Is there something which I'm missing here?
permissions mount ssd tmpfs
permissions mount ssd tmpfs
edited Apr 13 '17 at 12:22
Community♦
1
1
asked Mar 18 '17 at 13:45
DorDor
79161725
79161725
2
drwxrwxrwt is 1777, not 0776. It's admittedly a little confusing becausels
fits 12 permission bits into 9 character positions.
– Mark Plotnick
Mar 18 '17 at 18:51
@MarkPlotnick True. The documentation for that isn't good. I've seen this source. Is there a difference between1776
and1777
?
– Dor
Mar 19 '17 at 8:00
1776 doesn't have x permission for other. That's not good for a public directory like /tmp - it would mean users who aren't root and aren't in group 0 cannot access any file in /tmp.
– Mark Plotnick
Mar 19 '17 at 10:12
add a comment |
2
drwxrwxrwt is 1777, not 0776. It's admittedly a little confusing becausels
fits 12 permission bits into 9 character positions.
– Mark Plotnick
Mar 18 '17 at 18:51
@MarkPlotnick True. The documentation for that isn't good. I've seen this source. Is there a difference between1776
and1777
?
– Dor
Mar 19 '17 at 8:00
1776 doesn't have x permission for other. That's not good for a public directory like /tmp - it would mean users who aren't root and aren't in group 0 cannot access any file in /tmp.
– Mark Plotnick
Mar 19 '17 at 10:12
2
2
drwxrwxrwt is 1777, not 0776. It's admittedly a little confusing because
ls
fits 12 permission bits into 9 character positions.– Mark Plotnick
Mar 18 '17 at 18:51
drwxrwxrwt is 1777, not 0776. It's admittedly a little confusing because
ls
fits 12 permission bits into 9 character positions.– Mark Plotnick
Mar 18 '17 at 18:51
@MarkPlotnick True. The documentation for that isn't good. I've seen this source. Is there a difference between
1776
and 1777
?– Dor
Mar 19 '17 at 8:00
@MarkPlotnick True. The documentation for that isn't good. I've seen this source. Is there a difference between
1776
and 1777
?– Dor
Mar 19 '17 at 8:00
1776 doesn't have x permission for other. That's not good for a public directory like /tmp - it would mean users who aren't root and aren't in group 0 cannot access any file in /tmp.
– Mark Plotnick
Mar 19 '17 at 10:12
1776 doesn't have x permission for other. That's not good for a public directory like /tmp - it would mean users who aren't root and aren't in group 0 cannot access any file in /tmp.
– Mark Plotnick
Mar 19 '17 at 10:12
add a comment |
1 Answer
1
active
oldest
votes
Before systemd, the standard way to activate tmpfs on /tmp was to activate it in /etc/default/tmpfs
and set RAMTMP=yes
(even if almost everyone was editing /etc/fstab). This way you can see what are the default options. On my Devuan Ascii the mounting options are:
$ mount -l | grep "/tmp"
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,size=3293980k)
size defaults to 20% physical memory + swap.
So I guess you could not go wrong using the same options in /etc/fstab.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f352301%2ftmp-mounting-options-as-tmpfs-compatibility-security%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Before systemd, the standard way to activate tmpfs on /tmp was to activate it in /etc/default/tmpfs
and set RAMTMP=yes
(even if almost everyone was editing /etc/fstab). This way you can see what are the default options. On my Devuan Ascii the mounting options are:
$ mount -l | grep "/tmp"
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,size=3293980k)
size defaults to 20% physical memory + swap.
So I guess you could not go wrong using the same options in /etc/fstab.
add a comment |
Before systemd, the standard way to activate tmpfs on /tmp was to activate it in /etc/default/tmpfs
and set RAMTMP=yes
(even if almost everyone was editing /etc/fstab). This way you can see what are the default options. On my Devuan Ascii the mounting options are:
$ mount -l | grep "/tmp"
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,size=3293980k)
size defaults to 20% physical memory + swap.
So I guess you could not go wrong using the same options in /etc/fstab.
add a comment |
Before systemd, the standard way to activate tmpfs on /tmp was to activate it in /etc/default/tmpfs
and set RAMTMP=yes
(even if almost everyone was editing /etc/fstab). This way you can see what are the default options. On my Devuan Ascii the mounting options are:
$ mount -l | grep "/tmp"
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,size=3293980k)
size defaults to 20% physical memory + swap.
So I guess you could not go wrong using the same options in /etc/fstab.
Before systemd, the standard way to activate tmpfs on /tmp was to activate it in /etc/default/tmpfs
and set RAMTMP=yes
(even if almost everyone was editing /etc/fstab). This way you can see what are the default options. On my Devuan Ascii the mounting options are:
$ mount -l | grep "/tmp"
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,size=3293980k)
size defaults to 20% physical memory + swap.
So I guess you could not go wrong using the same options in /etc/fstab.
answered Apr 24 '18 at 23:21
thierrybothierrybo
62
62
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f352301%2ftmp-mounting-options-as-tmpfs-compatibility-security%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
drwxrwxrwt is 1777, not 0776. It's admittedly a little confusing because
ls
fits 12 permission bits into 9 character positions.– Mark Plotnick
Mar 18 '17 at 18:51
@MarkPlotnick True. The documentation for that isn't good. I've seen this source. Is there a difference between
1776
and1777
?– Dor
Mar 19 '17 at 8:00
1776 doesn't have x permission for other. That's not good for a public directory like /tmp - it would mean users who aren't root and aren't in group 0 cannot access any file in /tmp.
– Mark Plotnick
Mar 19 '17 at 10:12