From owner-freebsd-security Thu Sep 6 2:12:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.halplant.com (24-168-203-47.wo.cox.rr.com [24.168.203.47]) by hub.freebsd.org (Postfix) with ESMTP id 261D737B406 for ; Thu, 6 Sep 2001 02:12:16 -0700 (PDT) Received: by mail.halplant.com (Postfix, from userid 1001) id 8A12A1F8D; Thu, 6 Sep 2001 05:12:07 -0400 (EDT) Date: Thu, 6 Sep 2001 05:12:07 -0400 From: Andrew J Caines To: freebsd-security@freebsd.org Subject: Re: Good practice for /tmp Message-ID: <20010906051207.O55388@hal9000.servehttp.com> Reply-To: Andrew J Caines Mail-Followup-To: freebsd-security@freebsd.org References: <20010904221809.B57312B@usul.nersc.gov> <20010905183015.A824@hades.hell.gr> <20010906094931.B30676@cartman.private.techsupport.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010906094931.B30676@cartman.private.techsupport.co.uk>; from ceri@techsupport.co.uk on Thu, Sep 06, 2001 at 09:49:31AM +0100 Organization: H.A.L. Plant X-Powered-by: FreeBSD 4.4-RC X-PGP-Fingerprint: C59A 2F74 1139 9432 B457 0B61 DDF2 AA61 67C3 18A1 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ceri, > > From: Eli Dart > > Mount /tmp then as MFS with a limited size. Works nicely, for me. > > **boggle** Not at all boggling. It's as simple as possible. /dev/ad0s1b /tmp mfs rw,async,noatime,-s=32768 0 0 > Swap mounted on an MFS /tmp ?? > > **shudder** No, that's the noise you hear when your program is trying to do fast small I/O on your disk. With an mfs, it's more a smooth hum. Working on the well-established premise that /tmp is is for small, short-lived, non-persistent files with fast I/O and that /var/tmp (which at times and places used to sometimes be /usr/tmp) is for a shared persistent storage area for temporary files, /tmp on mfs/md and /var/tmp on disk works perfectly. Solaris does this by default, although it foolishly makes the whole VM available for storage for all users. FreeBSD errs on the side of simple conservatism out-of-the-box while allowing a bucketful of features. What makes you uncomfortable? -Andrew- -- ______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message