From owner-freebsd-security  Thu Sep  6  2:12:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.halplant.com (24-168-203-47.wo.cox.rr.com [24.168.203.47])
	by hub.freebsd.org (Postfix) with ESMTP id 261D737B406
	for <freebsd-security@freebsd.org>; Thu,  6 Sep 2001 02:12:16 -0700 (PDT)
Received: by mail.halplant.com (Postfix, from userid 1001)
	id 8A12A1F8D; Thu,  6 Sep 2001 05:12:07 -0400 (EDT)
Date: Thu, 6 Sep 2001 05:12:07 -0400
From: Andrew J Caines <A.J.Caines@halplant.com>
To: freebsd-security@freebsd.org
Subject: Re: Good practice for /tmp
Message-ID: <20010906051207.O55388@hal9000.servehttp.com>
Reply-To: Andrew J Caines <A.J.Caines@halplant.com>
Mail-Followup-To: freebsd-security@freebsd.org
References: <craig@allmaui.com> <20010904221809.B57312B@usul.nersc.gov> <20010905183015.A824@hades.hell.gr> <20010906094931.B30676@cartman.private.techsupport.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010906094931.B30676@cartman.private.techsupport.co.uk>; from ceri@techsupport.co.uk on Thu, Sep 06, 2001 at 09:49:31AM +0100
Organization: H.A.L. Plant
X-Powered-by: FreeBSD 4.4-RC
X-PGP-Fingerprint: C59A 2F74 1139 9432 B457  0B61 DDF2 AA61 67C3 18A1
Importance: Normal
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Ceri,

> > From: Eli Dart <dart@nersc.gov>
> > Mount /tmp then as MFS with a limited size.  Works nicely, for me.
> 
> **boggle**

Not at all boggling. It's as simple as possible.

/dev/ad0s1b	/tmp	mfs	rw,async,noatime,-s=32768	0	0

> Swap mounted on an MFS /tmp ??
> 
> **shudder**

No, that's the noise you hear when your program is trying to do fast small
I/O on your disk. With an mfs, it's more a smooth hum.

Working on the well-established premise that /tmp is is for small,
short-lived, non-persistent files with fast I/O and that /var/tmp (which
at times and places used to sometimes be /usr/tmp) is for a shared
persistent storage area for temporary files, /tmp on mfs/md and /var/tmp
on disk works perfectly.

Solaris does this by default, although it foolishly makes the whole VM
available for storage for all users. FreeBSD errs on the side of simple
conservatism out-of-the-box while allowing a bucketful of features.

What makes you uncomfortable?


-Andrew-
-- 
 ______________________________________________________________________
| -Andrew J. Caines-   Unix Systems Engineer   A.J.Caines@halplant.com |

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message