Why should I make a separate partition for /tmp?
One common reason for making it a separate partition is to be able to mount it as nosuid
and noexec
. This prevents both privilege-escalation and arbitrary script execution from /tmp, respectively. This is particularly useful in multi-user environments (e.g. hosting) where unprivileged users will have access to read/write data to /tmp but should not be able to perform either of these actions.
Another justification would be to limit the amount of temporary data stored (since not everything cleans up after itself) to prevent other more important partitions from filling and causing service interruption and/or data loss.
It also makes sense from the security standpoint. Since many programs write temporaries in /tmp
and /tmp
is automatically cleared (using insecure file deletion), this means a lot of deleted but recoverable files still reside on the /tmp
partition. If you isolate this partition and make it smaller, then it's easier to securely clean it, e.g. using sfill
from the secure-delete
package.
Also when tmp is on separate partition:
- You can share tmp between couple of linux distributions on multi boot environment and save disk space
- tmp can be excluded from RAID setup (RAID disk space is at premium)
- tmp can reside on faster media than root (i.e. RAM disk, SSD disk)
- tmp can reside on media less prone to wearing (i.e root on Flash disk, tmp on regular disk or RAM disk)
- tmp can reside on separate disk drive (to spread workload)
- tmp can be mounted on different partition/disk if needs to be bigger without affecting the rest of the system simple by editing a line in /etc/fstab