2

I have a service daemon that creates a lot of temp files. Recently my server died, because a malicious user managed to flood /tmp and fill up the disk. I have taken some measures to actively clean up the temp dir, but additionally I would like to constrain the max size of this applications temp dir.

Is there any way I can create dir, say, /apptmp that will never be larger than e.g. 10G? I know I can set disk limits by-user, but I just want to limit this tmpdir; the application should always be able to write elsewhere.

I am running Ubuntu Linux 12.04.

edit: All of this should eventually be wrapped up in an installable Ubuntu package though. So I don't think I want to rely on modifying the partitions, unless I can somehow simulate it.

Jeroen Ooms
  • 2,239
  • 8
  • 34
  • 51

2 Answers2

10

You can give /tmp it's own partition. Then you will be sure that it will never exceed that amount. I suggest using LVM so you can increase and decrease partition size should you ever feel the need to do so.

Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93
  • 1
    Is was the reason in the "old days" that you had a separate volume/partition for /var; it kept logs from causing crashes. – Bart Silverstrim Apr 25 '12 at 17:28
  • Thanks. My experience with LVM is very limited. Could you illustrate your answer a bit with some example code on how to create such a partition? Could it be a virtual partition (in a file) as suggested below? – Jeroen Ooms Apr 25 '12 at 18:51
  • +1 You should have separate partitions for all the usual locations, such as /, /usr, /var, /tmp, /opt, /home. See also http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.2 – aseq Apr 26 '12 at 00:15
3

Lucas's answer is the best one.

If you've managed to arrange your disks in such a way that you can't easily repartition your drives, you can also use a loop mount using a filesystem inside a regular disk file. Something like:

$ dd if=/dev/zero of=/tmp/tmpdisk bs=1073741824 count=10
$ mke2fs /tmp/tmpdisk
$ sudo mount -o loop /tmp/tmpdisk /apptmp

This will create a 10GB file in /tmp, create a filesystem inside that file, then loop mount it as /apptmp.

But, as noted, you should do this only if you've painted yourself into a corner with your disk partitioning scheme.

cjc
  • 24,916
  • 3
  • 51
  • 70
  • I think I might need something like this if I want my application to be easily installable on any machine. What are the disadvantages of the loop mount? Will the performance suffer a lot? – Jeroen Ooms Apr 25 '12 at 19:01
  • Yes, performance will suffer compared to a filesystem on a raw disk. Possibly, by a lot. You should to do some benchmarking. – cjc Apr 25 '12 at 19:12
  • In light of the comment that this will be a packaged application, you probably should look into doing some garbage collection/abuse prevention on your own and within the application, rather than relying on filesystem properties to take care of that for you. Especially when that filesystem is being provided through some weird method. – cjc Apr 25 '12 at 19:14