HPE Community
Operating System - HP-UX
1754216 Members
3314 Online
108812 Solutions
New Discussion юеВ

/tmp & /var/tmp Questions

 
Alzhy
Honored Contributor

тАО10-17-2003 01:30 AM

тАО10-17-2003 01:30 AM

/tmp & /var/tmp Questions

1.\ What should be the proper permissions of /tmp on 11i systems? On Solaris it is drwxrwxrwt.
2.\ Same question for /var/tmp. On Solaris it is as well drwsrwxrwt.
3.\ Which should be bigger /tmp or /var/tmp?
4.\ How are you managing/cleaning up /tmp& /var/tmp.
5.\ Any reason why /var/tmp should be a link to /tmp?
.
Thanks!
Hakuna Matata.
0 Kudos
Reply
11 REPLIES 11
G. Vrijhoeven
Honored Contributor

тАО10-17-2003 01:40 AM

тАО10-17-2003 01:40 AM

Re: /tmp & /var/tmp Questions

Hi,


1 & 2 ) Normally there both drwxrwxrxw but i should go for the sticky bit turned on, like on Solaris.

3) It depents on the size of the server and the need for temp files.
I would make
/tmp >1GB
/var/tmp = in the var filesystemen depents on internal memory and the need for /var/adm/crash

4) cron script. find /tmp -ctime +7 -exec rm {}/;

Gideon


0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО10-17-2003 01:40 AM

тАО10-17-2003 01:40 AM

Re: /tmp & /var/tmp Questions

Nelson,

Permissions:

ll -d /tmp /var/tmp
drwxrwxrwx 3 bin bin 6144 Oct 17 08:39 /tmp
drwxrwxrwx 3 bin bin 1024 Oct 17 09:34 /var/tmp


Size: /tmp can be small - like 64MB, /var (and therefore /var/tmp) I make fairly large, like 1GB


Cleaning: Hose them during bootup or via cron, there's no reason the retain anything - or, if there is something that needs to be retained, it needs to be placed somewhere else.

Link: No reason that I can think of.


Pete


Pete
0 Kudos
Reply
Michael Steele_2
Honored Contributor

тАО10-17-2003 01:41 AM

тАО10-17-2003 01:41 AM

Re: /tmp & /var/tmp Questions

1.) 777 is right.

2.)

3.) Up to you. I will make /tmp no smaller than 512 mb if there's a /work file system. But I'll also go up to 4 gb also.

4.) /etc/rc.config.d/clean_tmps
4B) /sbin/init.d/clean_ex start/stop

5) Any recursive navigation becomes dangerous since /var/tmp belongs to a critical O/S file system. What would happen if someone issued a 'chmod -R 777' in /tmp and /var/tmp was soft linked?

Remember, /tmp is world writeable.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Vitek Pepas
Valued Contributor

тАО10-17-2003 01:44 AM

тАО10-17-2003 01:44 AM

Re: /tmp & /var/tmp Questions

1,2. All my systems have drwxrwxrwx with bin:bin as owner for both /tmp and /var/tmp.
3,5. Strange questions, since /var/tmp is neither a separate filesystem nor a link.
4. Under normal circumstances these directories don'r require special cleaning routines.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО10-17-2003 01:48 AM

тАО10-17-2003 01:48 AM

Re: /tmp & /var/tmp Questions

1. This is sysadmin's choice. By setting the t permission, only file owners are allowed to move or remove a file. Most security experts will recommend setting the t bit (sticky bit) to ensure some degree of sanity with temp directories. Of course /tmp (and /var/tmp) are temporary...

2. Same answer as #1. chmod 1777 /tmp /var/tmp

3. /var should be gigabytes (/var/tmp is a subset of /var) and /tmp should be just a few hundred megs. /var is the most critical directory in Unix and can affect many different subsystems when it gets full. That's one of the reasons to split /var into separate mountpoints for certain subsystems (ie, mail, spooling, software distributor, craash dumps, etc)

4. NEVER! /tmp (based on the decade-old V.4 filesystem layout rules is ONLY for system ua\sage and never to be used as temp storage for scripts and user junk. Of course, this isn't what typical Unix newbies do and there are still plenty of applications and old scripts that use /tmp. By keeping /tmp separate, you can find rogue files and directories and fix the cause (including user education). Unfortunately, even HP instructions for some apps and packages will say something like: ftp the files into /tmp...without regard to the V.4 recommendations or the possibly small /tmp.

The correct location for temp files and directories is /var/tmp. As always, regular cron cleanup of these directories is required.


Bill Hassell, sysadmin
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

тАО10-17-2003 01:53 AM

тАО10-17-2003 01:53 AM

Re: /tmp & /var/tmp Questions

1. 1777 (rwxrwxrwt) is the best way for /tmp
2. I have no clue what the 's' bit for user does on a directory, but on my solaris 8 systems it is the same as for /tmp
3. Depends on your applications.
4. cleaning by cron is a good way. Cleaning at boottime only works if your system is booted regularly. But at the sites I've worked systems ran for multiple years without reboot...
5. if the usage of /tmp and /var/tmp are not the same during the day, you can use 1 filesystem for both to make more efficient use of the filesystem. But remember that it is good practice to have a /tmp on vg00 to have it available as soon as possible, so this only works with enough diskspace in vg00.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Alzhy
Honored Contributor

тАО10-17-2003 02:00 AM

тАО10-17-2003 02:00 AM

Re: /tmp & /var/tmp Questions

Thanks so much for the various answers and inputs. It look like we will need to turn world sticky bitting so only the creator/owners can remove files/dirs in those 2 directories. We have an 8 GB /var and 2GB /tmp (fpr those rougue apps..) as this a very heavily used development system with about 200 users active at anyone time using about a dozen variations of VI and 3 versions of Emacs plus all the compilers known to man!
.
BTW, on this rp8400 that I've been building (coming out of an ersthwhile all-Solaris shop) - I am just following configuring instructions -- one of which is "mv /var/tmp to /var/tmp.orig, and create a link /var/tmp to /tmp.." -- which I am questioning..


Hakuna Matata.
0 Kudos
Reply
curt larson_1
Honored Contributor

тАО10-17-2003 02:25 AM

тАО10-17-2003 02:25 AM

Re: /tmp & /var/tmp Questions

1) proper permissions? I suppose "proper" would have to be dependant on what is necessary for your organization.

we use world read/write, 777. setting the sticky bit can be nice. Then, only the user that owns the file can remove it. This leads to a couple of issues. 1)what happens when it fills up. If only the user can remove his files and, of course, root, guess who gets call when a user fills the file system up. I don't like getting called. 2) the user thinks his files are going to remain. Guess who gets called when the user files get removed. I don't like getting called because a user's temporary files turn out to be temporary.

So, are policy is 777. anyone with a problem with not enough space can do their own clean up without needing to call someone (or me). And, if users need space to keep files on a non-temporary basis that only they can remove, that is what their home directory is for.

which should be bigger?

make /var/temp being a seperate file system and make it big, at least a gig. Have all users/application use this for temporary files. Make it more then big enough so they stay out of /tmp. keep /tmp small. upgrades to the OS use /tmp. I've been required to have over 128M on earlier releases and 11i's release notes says your should have at least 256M. Being disk space is cheap, I'd make /tmp 512M.

clean up?
we try to keep files around for 30 days before removing them. But, if the file systems reach 90% they get cleaned. But, once again, users know these are just temporary files and there isn't any garantee on how long they will stay.

link?

I suppose, if /var/temp is a seperate file system, /tmp could be a link. I prefer to keep /tmp seperate and reserved only for the OS's use. users/applications have their space (/var/temp), root/OS has their space (/tmp). no one gets stepped on and everyone stays happy.
0 Kudos
Reply
Brian Bergstrand
Honored Contributor

тАО10-17-2003 02:37 AM

тАО10-17-2003 02:37 AM

Re: /tmp & /var/tmp Questions

Here is a clean command that is fairly secure (probably not completely though):

It won't cross mount points, won't delete anything owned by root, and will only delete files. All of this is done to mitigate the risk of someone trying to introduce a trojan link pointing to /etc/passwd or some other critical file.

#!/bin/sh
set -u

PATH=/bin:/usr/bin:/sbin:/usr/sbin

for i in /tmp /var/tmp
do
find $i ! -user root \( -atime +21 -a -mtime +21 \) -xdev -type f | xargs -L300 rm -f
done

Also, I agree with everyone else. Change /var/tmp and /tmp to 1777. Better yet, run Bastille as it will do this and lot more to secure your system.

HTH.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.