Moving /tmp to RAM

[grandtheft_jiujitsu]

I read somewhere (sorry I don't remember the link) that moving your /tmp directory to your RAM space can improve performance. I've got 4GB of RAM and my system regularly uses about 20-25% of that with swappiness at 0. I haven't had any real speed issues, nor with any issues with the /tmp folder getting clogged up but I thought I'd give this a try just for the heck of it. So, per the instructions I found I added the following line to the end of /etc/fstab

Code: Select all

tmpfs /tmp tmpfs defaults,noexec,nosuid 0 0

Now things worked fined for the most part, except that after the GRUB menu I would get a prompt for "files: S to skip recovery M for manual" or something like that. If I pressed "M" a command prompt followed, if I pressed "S" I was taken to my login screen as normal and didn't notice any other changes. I realize that this is because the edit I made changed the mount location of the /tmp directory (yes?) Which, in my case didn't create any major issues.

My question(s) then are....
1) Would you gurus recommend making this change? I did not run any benchmarks as of this posting to check performance but I was just curious. My system runs fine as is, but I (as many of us) am always looking for tweaks and mods to speed things up.
2) If you do suggest this change, is there a way to stop the recovery prompt from appearing?

[xenopeek]

I normally use this line in /etc/fstab:

Code: Select all

none /tmp tmpfs nodev,nosuid,mode=1777 0 0

Without that, only the root user can use /tmp with your configuration I think. Which might cause issues. Perhaps I'm mistaken--but I know you need to set mode=1777. You can add noexec (not nonexec as you have, that's a typo) if you want I think, though some programs execute things from /tmp.

Not sure how this relates to the recovery prompt.

Did you clear /tmp before creating the tmpfs mount? Else there may still be files there, now inaccessible. You should be able to clear those by doing:

Code: Select all

sudo umount /tmp
sudo rm -rf /tmp/*
sudo mount -a

That temporarily unmounts the tmpfs, deletes any files left on your hard disk in /tmp, and then remounts the tmpfs.

[eanfrid]

Here is mine:

Code: Select all

tmpfs			/tmp			tmpfs	nodev,nosuid,noexec,noatime,size=10G,mode=1777	0	0

Beware of "noexec" as you will have to configure alternate temporary "exec" paths for some packages to work (like e.g. apt-get or initramfs-tools...).

[grandtheft_jiujitsu]

Thanks for the input guys. Yes, that was a typo with no(n)exec, it was correct in my config file. And now that its been mentioned I think I did run into some hiccups with apt. I'll give these suggestions a try and report back this evening. Thanks again!

[eanfrid]

If you keep "noexec" on /tmp, I suggest to add this line in /etc/apt/apt.conf (create that file if it does not exist):

Code: Select all

APT::ExtractTemplates::TempDir "/var/cache/apt/<whatever>";

you can replace the line above with any custom folder you may create (but the /var/lib/ or /var/cache/ trees are good candidates)

[grandtheft_jiujitsu]

The last line of /etc/fstab now looks like

Code: Select all

tmpfs /tmp tmpfs nodev,nosuid,mode=1777 0 0

No error message and both apt-get and apt-fast are working fine (updated them to test). I decided to leave out the "noexec" option just for simplicity's sake. I'm not really sure what the difference was changing the first option between "tmpfs" and "none" though the file comments say it is for "file system"... I just left it how I originally had read the mod. And as I said in the OP, size really hasn't been an issue so far, so I didn't see the need to include that option. At any rate... Thanks, and Happy Days

[xenopeek]

The first field is the filesystem to be mounted. As there is none to mount, I usually set it to none. It's fine to set it to tmpfs also. If you type the command "mount" you get a list of your current mounts and you will see various labels used for this first field for memory filesystems.

[bjornmu]

What would be the argument for having noexec on /tmp? I don't have it.

[passerby]

noexec stops binaries from running on that partition. Since many programs write to /tmp, it can be a good idea to prevent anything they write there from being executed.
It's more important in an environment where external users have a certain level of access to the system. eg. On a server.

[catweazel]

noexec stops binaries from running on that partition. Since many programs write to /tmp, it can be a good idea to prevent anything they write there from being executed.
It's more important in an environment where external users have a certain level of access to the system. eg. On a server.

It's not a good idea to have noexec for tmp. It can cause some updates to fail, namely those that need to use an install script.

Code: Select all

tmpfs           /tmp            tmpfs   noatime,nodev,mode=1777                 0       0
tmpfs           /var/log        tmpfs   defaults,noatime,mode=0755              0       0
tmpfs           /var/lock       tmpfs   nodev,nosuid,noatime,mode=1777          0       0
tmpfs           /var/run        tmpfs   nodev,nosuid,noatime,mode=1777          0       0

[HilltopsGM]

Hi catweazel

Is this the code you are using?

Code: Select all

tmpfs           /tmp            tmpfs   noatime,nodev,mode=1777                 0       0
tmpfs           /var/log        tmpfs   defaults,noatime,mode=0755              0       0
tmpfs           /var/lock       tmpfs   nodev,nosuid,noatime,mode=1777          0       0
tmpfs           /var/run        tmpfs   nodev,nosuid,noatime,mode=1777          0       0

I was enquiring about how to set this up on this thread: http://forums.linuxmint.com/viewtopic.p ... 90#p840790

Are you recommending the above code instead of using this line

Code: Select all

none /tmp tmpfs nodev,nosuid,mode=1777 0 0

only?
Thanks

[bjornmu]

Hmm, doesn't seem like a good idea to place /var/log on tmpfs. If your box gets in some serious trouble and crashes or reboots, on the next boot the syslog from before the crash will be *poof* gone and you'll get no help from that in diagnosing the problem. There are other logs there too which you may want to keep across reboots.

[eanfrid]

+1 Placing /var/log on a tmpfs is not a good idea. Not only regarding crashes. Some services actually need a persistent /var/log with appropriate subfolders and access privileges in order to start or at least work as intended (clamav, checksecurity, mysql, samba, proftpd, ulog...) unless you previously modify conf files for some of them.

[HilltopsGM]

ok, none of this:

Code: Select all

tmpfs     /var/log     tmpfs   defaults,noatime,mode=0755     0       0

. . . but the rest of this sounds reasonable:

Code: Select all

none /tmp tmpfs nodev,nosuid,mode=1777 0 0
tmpfs  /tmp             tmpfs   noatime,nodev,mode=1777                 0       0
tmpfs  /var/lock       tmpfs   nodev,nosuid,noatime,mode=1777          0       0
tmpfs  /var/run        tmpfs   nodev,nosuid,noatime,mode=1777          0       0

and we can simply drop this in the last line of the /etc/fstab
file an I should be good to go?

Thanks

[eanfrid]

Why would you have 2 /tmp lines in the fstab ?
These lines will be sufficient:

Code: Select all

    tmpfs  /tmp             tmpfs   noatime,nodev,mode=1777                 0       0
    tmpfs  /var/lock       tmpfs   nodev,nosuid,noatime,mode=1777          0       0
    tmpfs  /var/run        tmpfs   nodev,nosuid,noatime,mode=1777          0       0

however /var/run can stand a "mode=755" option

[HilltopsGM]

Why would you have 2 /tmp lines in the fstab ?[/code]however /var/run can stand a "mode=755" option

My mistake, I was a little to quick with the copy and pasting. Thanks for that.

however /var/run can stand a "mode=755" option

eanfrid, could you expand on this a little for me?
I am still learning here and I gues I don't understand the implications of what you are suggesting.

My understanding of what exactly happens in the /var/run directory (and most of the directories for that matter) is very weak still.
If I were to implement "mode=755", how would I do that and why?

Thanks again.

[HilltopsGM]

I think I missed an answer to a question that I had earlier in this post:
>>>http://forums.linuxmint.com/viewtopic.p ... 75#p840793

. . . and as I scroll back I notice that we have a few different variations on the theme here.

catweazel has

Code: Select all

tmpfs       /tmp       tmpfs       noatime,nodev,mode=1777                0       0

This post: http://forums.linuxmint.com/posting.php ... 5#pr727045 has:

Code: Select all

tmpfs       /tmp       tmpfs       nodev,nosuid,mode=1777 			0	0

This post: http://forums.linuxmint.com/posting.php ... 5#pr726781 has:

Code: Select all

tmpfs       /tmp       tmpfs       nodev,nosuid,noexec,noatime,size=10G,mode=1777   0   0

I am NOT going to use noexec . . .
but some have left out noatime
others have left out nosuid

Question 1:
Is there a reason either of those should be left out?

Question 2:
I assume that size=10G forces a specific RAM size right at startup and makes it unavailable to the rest of the system.
If that is true, and the RAM gets filled up, if I have Swappiness set to 0 will the system still make use of the SWAP partition?

Thanks

[eanfrid]

"nosuid" and "noexec" are security hardening options, they are not required. "noatime" will prevent unnecessary timestamp checks/updates (which would slow down i/o operations if many small-sized files are handled in a short time slice). So if you let /tmp have "exec" properties, the right fstab line would be:

Code: Select all

    tmpfs       /tmp       tmpfs       noatime,nodev,nosuid,mode=1777          0   0

the size of a tmpfs is the virtual maximum, starting from zero: the tmpfs will have the actual size of its true content, growing and decreasing its actual size as needed to hold the temporary files. I have indeed put a limit on 10GB in my example because the machine has 32GB of RAM and 10GB for short-lived temporary stuff is more than enough on my config.

swappiness=0 does not prevent the system to swap when needed... except it will force to swap only when RAM is almost full.

Regarding "mode=755" for /var/run, this is the normal good default value. So a common /var/run entry would be:

Code: Select all

    tmpfs  /var/run        tmpfs   nodev,nosuid,noatime,mode=755          0       0

Edit : read "man fstab"

[HilltopsGM]

Thanks for helping me through this eanfrid

believe I am settling in on this code:

Code: Select all

tmpfs  /tmp             tmpfs   noatime,nodev,mode=1777                   0       0
tmpfs  /var/lock       tmpfs   nodev,nosuid,noatime,mode=1777        0       0
tmpfs  /var/run        tmpfs   nodev,nosuid,noatime,mode=755          0       0

I left out the 'nosuid' as you mentioned that

"nosuid" and "noexec" are security hardening options, they are not required.

Also regarding:

So if you let /tmp have "exec" properties, the right fstab line would be:

Code: Select all

tmpfs       /tmp       tmpfs       noatime,nodev,nosuid,mode=1777          0   0

Why would I want /tmp to have "exec" properties?

Regarding swappiness=0 . . . I came across this

Rudolph Allenmeier
echo “vm.swappiness=0″|sudo tee -a /etc/sysctl.conf
Bad bad kitten! *shakes his head to Fran in a dismissive manner
Srsly you shouldn’t change swapiness unless you know what this will do to your kernel logic.

Found it here:
http://www.mabishu.com/blog/2012/12/14/ ... d-systems/

Comments?

Lastly, it was in that last link that they included this as well:

Code: Select all

tmpfs   /var/spool tmpfs   defaults,noatime,mode=1777   0  0

Your thoughts on this?

I realize I am probably asking a lot here, and part of it is that I am still learning what each one of those locations "Do".
Again, thanks for the help!

[eanfrid]

/var/spool on tmpfs is an as bad idea as /var/log on tmpfs and will have close to no impact on SSD wear. /var/spool on tmpfs will essentially make you lose mail messages and user cron jobs on each shutdown.

Maybe I am rude, but it looks like you are hunting for the unique optimization "magical recipe" (there is none: what is good for one machine may be a bad choice for another) without trying first to learn anything about Linux system internals. So, googling and trying experimental parameters will lead you sooner than later to wreck your config. Slow down, read books and explore manpages.

As for "exec", ask yourself the good questions: there is a "noexec" explicit option... so guess what is the normal implicit default ?