Why bind-mount /var/tmp to /tmp?

linux mount fstab
20,122

Solution 1

The Filesystem HierarchyStandard says:

  • /tmp/ Temporary files. Often not preserved between system reboots.
  • /var/tmp/ Temporary files to be preserved between reboots.

For example: if an processus is launched every 5 minutes and needs to store some data between every launch, it will rather store them in /var/tmp/.

Solution 2

There may be some system safety reason for bind-mounting /var/tmp.

By mounting /var/tmp, the path /var/tmp will stop being an ordinary subdirectory within the / root filesystem and become a distinctly mounted filesystem. This mounting would - as indicated by your example fstab line -

/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0

enable us to trigger some safety related mount options like nosuid and noexec which would act as some additional safety mechanism to avoid the execution of any potentially distrusted temporary data in the /var/tmp path.

Share:
20,122
lisa17
Author by

lisa17

Updated on September 18, 2022

Comments

  • lisa17
    lisa17 over 1 year

    I've read in several places that it is recommended to bind-mount /var/tmp to /tmp. This can be done by adding the following line to /etc/fstab:

    /tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0

    How can this be beneficial? In other words why should we bind-mount /var/tmp to /tmp ?

  • DevSolar
    DevSolar over 11 years
    But that would also work if you simply had /var/tmp reside on an individual partition. It's not really related to bind-mounting /var/tmp to /tmp...
  • humanityANDpeace
    humanityANDpeace over 11 years
    @DevSolar Of course the answer is only one suggested motive for bind-mounting /var/tmp to tmp. The /etc/fstab code of the OP contained the nosuid,noexec and nodev flags and this suggested the motive which I presented as one potential reason. Consider that /tmp and /var/tmp are likely places where attackers might have write access. Therefore bind-mounting the directory can tighten security a bit more. This is why I used bind-mounts.
  • humanityANDpeace
    humanityANDpeace over 11 years
    @DevSolar Your suggestion about the option for an individual partition provokes an additional reason for the OP's question. /tmp might reside on a faster device as the / root filesystem (and by this also the /var directory) and the of the given fstab line wanted to have any temporary data using the same (i.e. faster) device as /tmp. Possibly there are still some other conceivable reasons we have not thought about. If you can find one that is in very closely linked to the /var/tmp and /tmp directories I'd be glad to learn.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Option "user" work for mount, not for umount
Linux, fat32 and etc/fstab
How to skip remote partition mount errors and continue booting?
no UUID for partition when partitioning new disk
fstab line for auto mount drive that all users can read/write
[mntent]: line 15 in /etc/fstab is bad
Why is my USB drive not mounted during startup
Is there a difference between using pmount and mount?
Using noexec option in fstab
Disk mounted as read-only, but defined as read-write in fstab