There are many reasons you might need to mount your /tmp dir as a separate filesystem. Not doing this is a major security flaw and could potentially allow remote executables to run on your system without your permission. I have installed CSF+LFD on a brand new CentOS 5.6 system and when running the security check, CSF+LFD looks for this. Therefore, this is normally one of the first steps I take when securing the system. Here are the steps you should take…
- Backup your fstab
- Create 1GB tmpmnt partition file
- Format new partition
- Backup old /tmp
- Mount the new /tmp filesystem
- Set the appropriate permissions
- Copy files back to /tmp
- Add new /tmp to fstab
- Symlink /var/tmp to /tmp
cp /etc/fstab /etc/fstab.bak
cd /var
dd if=/dev/zero of=tmpMnt bs=1024 count=1048576
mkfs.ext3 -j /var/tmpMnt
Press Y when asked
cp -Rp /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp
chmod 1777 /tmp
cp -Rp /tmp_backup/* /tmp/
echo “/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0″ >> /etc/fstab
rm -rf /var/tmp/
ln -s /tmp/ /var/tmp
Brad Laszlo is a Systems Engineer for Prestige Technologies, reigning from Michigan. Brad is specialized in server configuration and manipulation using both Microsoft and Linux technologies, and considers himself to be a novice tech writer (and Bio writer). Brad can be reached at bradlaszlo[at]prestigetech[dot]com or by visiting http://www.prestigetech.com 
Total new here, but I get the following when performing step #9:
cannot remove `/var/tmp/': Not a directory
Matt,
Make sure the /var/tmp directory exists…
cd /varls -la
Look through the directory listing and make sure it’s there. If it is, try running the same remove command in step 9, but remove the trailing slash “/”
Thanks for replying. It appears as if my hosting co. (GoDaddy) will not let me mount in the VPS.
After #5 I get a mount no permission error. I contacted the host and they said:
“Due to the configuration of our virtual environment it is not possible to make file system changes to your virtual dedicated server. If you require the ability to create and modify file systems on your server you will need to consider moving to a fully dedicated server. This will provide you with the necessary file system access to complete the actions you have previously mentioned.”
Perfect! Worked great for me. Now need to Apply to 6 other cPanel servers.
I got following error [mntent]: line 8 in /etc/fstab is bad
line 8 = ./var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0.
any idea?
1) Remove the preceding period “.” At the beginning of line 3.
2) Mount -o remount
I used this tutorial to mount my /tmp. One thing I notice, is that the folder is mounted with ‘nodev’. Why not only with noexec and nosuid?
And can you explain how to mount /home? DirectAdmin recommend that as well.
@BlueCola: NoDev simply means that the file system is not associated with a physical device – such as /dev/sda1 which points to a physical hard disk. /tmp is a portion of a physical hard disk, not an entire hard disk, therefore it carries the nodev option.
You could use somewhat the same steps to create a seperate /home partition as well to adhere to DA’s recommendations – however I am unsure of your flavor of Linux or how restrictive you’d like to be. I would suggest searching DirectAdmin’s forum for a solution that fits your exact needs.
@Brad
Thanks for replying! I’m really a Linux newbie, that’s correct. With ‘how restrictive you’d like to be’, do you mean with the options like nosuid, noexec, etc. In this tutorial from directadmin, they say you should mount /home with the ‘nosuid’ option.
In order to accomplish that, I should exact the same steps, but just replace /tmp with /home, and only add nosuid en nodev to it? And ofcourse don’t make a symlink.