Re: [tlug] join /tmp and /var

[Joe Larabell <larabell@???>]

> > Well, guess what--/var is the easiest partition to fill up on a
> > Unix system, and also the only partition that an outsider can legitimately
> > fill up for you. (Think "/var/spool/mail" and "big attachments".)
>
> again, what would you gain by having a seperate /tmp?
> /tmp is hardly needed for critical operation.

Not entirely true. A lot of programs (editors, shells, etc) open up some
kind of file in /tmp at start-up. I've had /tmp fill up and effectively
prevent me from opening new windows, editing files, and other stuff that
would otherwise be essential to fixing the problem.

> sure some programs will stop working, but your system won't die.

You might be surprised how many vital programs rely on /tmp. If you're in
a GUI environment at the time, you can expect your window manager to bite
the dust really quick.

> ... there is also this 5% reserve for the root user on any partition,
> so that root still can write even if the partition fills up.

If the attack involves the creation of lots and lots of log entries, it's
the root user doing the writing to the 5% reserve is useless. Anyone
mounting that kind of an attack would be aware of this.

But the read-only aspect is one I hadn't really thought of. Mostly because
I always thought *nix systems didn't run so happily if the system services
and the kernel didn't have rw access to the whole file system.

> which gains you almost nothing except waste of space because sometimes
> you need a lot of /tmp but most of the time you need hardly any.

I believe you can also put /tmp in the swap area (or is it the other way
'round ;-). Swap has the same characteristic in that sometimes you need a
lot but most of the time you don't need hardly any at all. Of course, if
the runnaway process filling up /tmp just happens to be swapping.....

--
Joe Larabell -- Synopsys VCS Support      US: larabell@example.com
http://wwwin.synopsys.com/~larabell/   Japan: larabell@?jp