Linux – the most efficient way to handle /tmp and disk quotas on Linux

linuxquotatmp

I'm running a VPS with a webserver (Apache+PHP), a database (MySQL) and smtp server (Exim). OS: Debian Lenny. RAM: 512MB. Using (quota](http://packages.debian.org/lenny/quota).

At the moment, I've /tmp mounted as tmpfs. This is not ideal, as I've only 512MB RAM and thus, /tmp is only 256MB. I've decided to create a 1GB ext3 partition file (or whatever it's called) on /var/tmpdisk. (the decision on using ext3 was made after reading Askubuntu.com: Good filesystem for /tmp?)

For keeping /tmp clean while running, I've found tmpreaper: serverfault.com: Cleanup of /tmp

What would be recommended for quickly wiping /var/tmpdisk, while retaining the quota settings?

Currently, I'm thinking of doing the following on startup (/etc/rc.local?):

Check for the existence of /var/tmpdisk. if it does not exist, run dd if=/dev/zero of=/var/tmpdisk bs=1K count=1000000
Create the ext3 filesystem in /var/tmpdisk. This was the fastest way for me on clearing the "disk". Command: mkfs.ext3 -F /var/tmpdisk
Mount it on /tmp: mount -t ext3 -o loop,rw,nodev,noexec,nosuid,quota /var/tmpdisk /tmp

In this draft, I have not added a way for keeping the quota settings. Any ideas?

Best Answer

Most of my requirements have already been available in Debian.

By default, /etc/default/rcS sets environment variable TMPTIME=0.

$ man rcS:

TMPTIME

On boot the files in /tmp will be deleted if their modification time is more than TMPTIME days ago. A value of 0 means that files are removed regardless of age. If you don't want the system to clean /tmp then set TMPTIME to a negative value (e.g., -1) or to the word infinite.

Looking in /lib/init/bootclean.sh, I found out that the quota file './aquota.user(owned by root) is excluded from removing. Conclusion: quota settings will persist during reboots andTMPTIME=0can safely be set in/etc/default/rcS`.

To keep /tmp clean while running, I installed tmpreaper. To activate it, SHOWWARNING=true should be commented. Furthermore, TMPREAPER_TIME=7d should be uncommented in order to clean files older than 7 days.

A 1GB temp disk was created and formatted ext3 with:

# dd if=/dev/zero of=/var/tmpdisk bs=1K count=1000000
# mkfs.ext3 -F /var/tmpdisk

Mounting it at boot-time required a change in /etc/fstab:

# /var/tmpdisk /tmp ext3 loop,rw,nosuid,noexec,nodev,quota 0 0

Since /var/tmpdisk is not a real device, it should be mounted as loop device, hence loop. nosuid,noexec,nodev have been added as a layer of security to prevent common exploit kits from abusing /tmp. Finally, quota enables quota for the disk.

After modifying /etc/fstab, I ran mount -a to mount the new /tmp disk. Since /tmp should be world-writable, and users should not be able to delete files they do not own, the directory permissions should be changed too:

# chmod 1777 /tmp

Activate quotas:

# quotacheck /tmp
# quotaon /tmp

Now /tmp fully suits my needs with quotas activated and auto-cleaning junk files. The only thing I have to do is adding quotas for each user by running edquota username.

Related Solutions

Linux – Emulate EWF effects on Linux

Solved by following the excellent How To: Build A Read-Only Linux System.

From one of the two little scripts making the magic (uses an aufs union):

ro_mount_point="${rootmnt%/}.ro"
rw_mount_point="${rootmnt%/}.rw"

# Create mount points for the read-only and read/write layers:
mkdir "${ro_mount_point}" "${rw_mount_point}"

# Move the already-mounted root filesystem to the ro mount point:
mount --move "${rootmnt}" "${ro_mount_point}"

# Mount the read/write filesystem:
mount -t tmpfs root.rw "${rw_mount_point}"

# Mount the union:
mount -t aufs -o "dirs=${rw_mount_point}=rw:${ro_mount_point}=ro" root.union "${rootmnt}"

# Correct the permissions of /:
chmod 755 "${rootmnt}"

Results: system protected and apps can write their stuff (in RAM).

If I reboot without "committing" all the changes on the system will be lost, but if I need something to stay permanent, I can remount the partition read-write (this time r/w means "on disk" not "on RAM"), do the "commit" and remount the partition as read-only.

Scripts are so elegant that I can also switch between "protected" (for production) or "unprotected" (for development) modes by choosing its correct labelled entry in GRUB.

Linux – Trying to grok Linux quotas, where is the data stored

For each filesystem with quotas enabled/on where is the actual quota information stored?

See e.g. the quotaon manpage. There will be files named .quota* in the filesystem root directory, which contain the necessary information (.quota.user,.quota.group, .quota.ops.user, .quota.ops.group).

Say user foo creates a new file on /home. How does the kernel determine whether user foo is below their hard limit? Does the kernel have to tally up quota information on that filesystem each time or is it in the superblock or somewhere else?

No, the kernel continually tracks fs usage, so it does not need to recalculate that on each allocation (which would be prohibitively expensive). It will do the calculation once when quotas are enabled, and then update that. The initial calculation is performed by quotacheck.

As far as I understand, the kernel consults the aquota.user file for the actual rules, but where is the current quota usage data stored? Can this be viewed with any tools outside repquota and the like? TIA!!

Quota information is stored in .quota* (see above). I'm not aware of any tools to generate quota usage reports, apart from repquota. But you should be able to generate most reports using/scripting repquota. Or you'll have to hack the source...

BTW:

The Quota mini-HOWTO give a good overview over the Linux quota system. It's a bit dated, but the fundamentals have not changed much.

Best Answer

Related Solutions

Linux – Emulate EWF effects on Linux

Linux – Trying to grok Linux quotas, where is the data stored

Related Topic