These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Recommended size for 'tmp' on the new forum.
Web Hosting and Cloud Computing Control Panels
Howdy,
I personally don't think there would be much benefit to restricting the size of your /tmp directory, that would probably end up causing more issues than it solves.
That said, you could always tell Virtualmin to use an alternate directory for it's temp files -- you can do that in Webmin -> Webmin -> Webmin Configuration -> Advanced Settings -- and in there you can set the Webmin temp dir.
-Eric
Thanks Eric
(So - do you think that the fuss that's made about "securing the tmp directory" is a bit overdone? ;-) )
Well, I love the idea of security in layers, and there can be benefits to various security ideas that are floating around.
That said, I don't feel like there's much bang for the buck when it comes to making changes to /tmp.
If your users are all setup with quotas (which is the default in Virtualmin), then no one user should be able to fill up the filesystem. So there wouldn't be a benefit to restricting the size of /tmp.
And I've seen mentions of mounting /tmp noexec -- yes, that would prevent a compiled program from running from /tmp, but that's not typically what I've seen attackers doing... most of the breakins I've seen had malicious scripts uploaded (and not compiled programs). And setting /tmp to noexec won't prevent a script from running, since it's not executed, it's interpreted.
However, if a malicious user wanted to run a compiled program, they could just do so in the home directory, where they have rights to write and execute files.
One of the places to spend a decent amount of time is in verifying that all your web apps (and their associated plugins) are all kept up to date -- that's the most common source of breakins.
-Eric