(How) can I create a tmpfs as a regular (non-root) user?

Linux provides a tmpfs device which any user can use, /dev/shm. It is not mounted to a specific directory by default, but you can still use it as one.

Simply create a directory in /dev/shm and then symlink it to wherever you want. You can give the created directory any permissions you choose, so that other users can't access it.

This is a RAM backed device, so what's there is in memory by default. You can create any directories you need inside /dev/shm

Naturally, files placed here will not survive a reboot, and if your machine starts swapping, /dev/shm won't help you.

The Solaris parallel to /dev/shm is /tmp which is a "swap" type partition, and also memory based. As with /dev/shm, arbitrary users may create files in /tmp on Solaris.

OpenBSD has the capability to use a memory based mount as well, but does not have one available by default. The mount_mfs command is availabe to the super user.

I'm not sure about other *BSDs.


/dev/shm is not suitable for secrets

...on systems with active swap! Chances are very high your computer has it enabled.

There is a better, guaranteed ephemeral, standard alternative — ramfs. You may want to use ramfs if you plan to use RAM-backed space to temporary store sensitive data, such as private keys, Bitcoin or Ethereum wallets and such.

ramfs is better than tmpfs when data needs to be secret, since ramfs data never gets swapped (saved to a physical storage drive), while tmpfs may get swapped. Third parties who later gain root or physical access to the machine then can inspect the swap space and extract sensitive data.

The solution

You can prepare ramfs mount so any non-privileged user can mount/unmount it on-demand.

To do this, you will need root privilege, once. Ask the administrator of your system to set this up for you, if you lack root privileges.

At first, you need to add a line to the /etc/fstab. The line in fstab may look like this:

none    /mnt/ramfs    ramfs    noauto,user,size=1024M,mode=0770    0    0
  • /mnt/ramfs is a mount point, where the ramfs filesystem will be mounted. Directory should exist.
  • noauto option prevents this from being mounted automatically (e.g. at system's boot up).
  • user makes this mountable by regular users.
  • size sets this "ramdisk's" size (you can use M and G here).
  • mode is very important, with the octal code 0770 only root and user, who mounted this filesystem, will be able to read and write to it, not the others (you may use different code of your choice as well, but be very sure about it!).

When this is done, any user will be able to mount this on demand.

Once some user mounts this, new 1024 MB ramfs filesystem is created and mounted at /mnt/ramfs/. It will be owned by root:user. Once he/she unmounts it, or system gets rebooted, this RAM-based filesystem will vanish with all its data. Which is cool.

Also, this filesystem can be mounted by several users independently, but not at the same time, i.e. to be ready for mounting by a next user, previous user should unmount this filesystem. Or you can create individual filesystems for each user.

to mount:

mount /mnt/ramfs/

to unmount:

umount /mnt/ramfs/

P.S. If you are trying to rsync files to the root of the newly mounted/created ramfs as a non-root user, you may face a rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.1] error. This is completely fine and expected, because your user doesn't own the root of the ram filesystem. Solution is simple, just create some directory there, /mnt/ramfs/copied/ for example, and rsync into it.

P.P.S. Tested on Debian 9. Pretty sure it'll work on Ubuntu, too.

P.P.P.S. Although vastly more secure, RAM-based storage is still vulnerable to some elaborate attacks, like the cold boot attack. So if you are really serious about security of your data, make sure to physically secure your PC/laptop, lock the case and memory sticks, or even better, consider using a computer with a RAM soldered right into the motherboard (which is the case for most higher tier ultraportable laptops). Also consider to fully shut down your computer if you don't intend to use it in the next hour or so. Maybe even go so far as to disable sleep/hibernation features altogether.


Your system may have one already available; recent Linux systems based on Glibc always have a tmpfs mounted on /dev/shm.

If your system doesn't have one or it's too small, then a filesystem not mounted by root pretty much means FUSE. On Ubuntu, you need to be in the fuse group to use FUSE. Looking through available FUSE filesystems, I see only Ramfuse, which unfortunately is abandoned upstream.