Difference between revisions of "Tmpfs"

From ArchWiki
Jump to: navigation, search
(Examples: Clean-up, link to Security)
m (Disable automatic mount: use Template:man)
 
(4 intermediate revisions by 4 users not shown)
Line 4: Line 4:
 
[[ja:Tmpfs]]
 
[[ja:Tmpfs]]
 
[[ru:Tmpfs]]
 
[[ru:Tmpfs]]
[[Wikipedia:Tmpfs|tmpfs]] is a temporary filesystem that resides in memory and/or your swap partition(s), depending on how much you fill it up. Mounting directories as tmpfs can be an effective way of speeding up accesses to their files, or to ensure that their contents are automatically cleared upon reboot.
+
[[Wikipedia:Tmpfs|tmpfs]] is a temporary filesystem that resides in memory and/or swap partition(s). Mounting directories as tmpfs can be an effective way of speeding up accesses to their files, or to ensure that their contents are automatically cleared upon reboot.
  
{{Note|When using [[systemd]], temporary files in tmpfs directories can be recreated at boot by using [[Systemd#Temporary_files|tmpfiles.d]].}}
+
{{Tip|When using [[systemd]], temporary files in tmpfs directories can be recreated at boot by using [[Systemd#Temporary_files|tmpfiles.d]].}}
  
 
== Usage ==
 
== Usage ==
Line 21: Line 21:
 
== Examples ==
 
== Examples ==
  
{{Note|The actual memory/swap consumption depends on how much you fill it up, as tmpfs partitions do not consume any memory until it is actually needed.}}
+
{{Note|The actual memory/swap consumption depends on how much is used, as tmpfs partitions do not consume any memory until it is actually needed.}}
  
By default, a tmpfs partition has its maximum size set to half your total RAM, however it is possible to overrule this value.
+
By default, a tmpfs partition has its maximum size set to half of the available RAM, however it is possible to overrule this value.
  
 
To explicitly set a maximum size, in this example to override the default {{ic|/tmp}} mount, use the {{ic|size}} mount option:
 
To explicitly set a maximum size, in this example to override the default {{ic|/tmp}} mount, use the {{ic|size}} mount option:
Line 30: Line 30:
 
tmpfs  /tmp        tmpfs  rw,nodev,nosuid,size=2G          0  0}}
 
tmpfs  /tmp        tmpfs  rw,nodev,nosuid,size=2G          0  0}}
  
To specify a more secure mounting, you want to specify the following mount option:
+
To specify a more secure mounting, specify the following mount option:
  
 
{{hc|/etc/fstab|2=
 
{{hc|/etc/fstab|2=
 
tmpfs  /www/cache    tmpfs  rw,size=1G,nr_inodes=5k,noexec,nodev,nosuid,uid=''user'',gid=''group'',mode=1700 0 0}}
 
tmpfs  /www/cache    tmpfs  rw,size=1G,nr_inodes=5k,noexec,nodev,nosuid,uid=''user'',gid=''group'',mode=1700 0 0}}
  
See the {{ic|mount}} man page and [[#Security#File systems]] for more information.
+
See the {{man|8|mount}} man page and [[Security#File systems]] for more information.
  
 
Reboot for the changes to take effect. Note that although it may be tempting to simply run {{ic|mount -a}} to make the changes effective immediately, this will make any files currently residing in these directories inaccessible (this is especially problematic for running programs with lockfiles, for example). However, if all of them are empty, it should be safe to run {{ic|mount -a}} instead of rebooting (or mount them individually).
 
Reboot for the changes to take effect. Note that although it may be tempting to simply run {{ic|mount -a}} to make the changes effective immediately, this will make any files currently residing in these directories inaccessible (this is especially problematic for running programs with lockfiles, for example). However, if all of them are empty, it should be safe to run {{ic|mount -a}} instead of rebooting (or mount them individually).
  
After applying changes, you may want to verify that they took effect by looking at {{ic|/proc/mounts}} and using {{ic|findmnt}}:
+
After applying changes, verify that they took effect by looking at {{ic|/proc/mounts}} and using {{ic|findmnt}}:
  
 
{{hc|$ findmnt --target /tmp|
 
{{hc|$ findmnt --target /tmp|
Line 45: Line 45:
 
/tmp  tmpfs  tmpfs  rw,nosuid,nodev,relatime}}
 
/tmp  tmpfs  tmpfs  rw,nosuid,nodev,relatime}}
  
The tmpfs can also be temporarily resized without the need to reboot, for example when a large compile job needs to run soon. In this case, you can run:
+
The tmpfs can also be temporarily resized without the need to reboot, for example when a large compile job needs to run soon. In this case, run:
  
 
  # mount -o remount,size=4G,noatime /tmp
 
  # mount -o remount,size=4G,noatime /tmp
Line 51: Line 51:
 
== Disable automatic mount ==
 
== Disable automatic mount ==
  
Under [[systemd]], {{ic|/tmp}} may be automatically mounted as a tmpfs even though you have no entry for that in your {{ic|/etc/fstab}}.
+
Under [[systemd]], {{ic|/tmp}} is automatically mounted as a tmpfs even though no entry is specified in {{ic|/etc/fstab}}.
  
 
To disable the automatic mount, run:
 
To disable the automatic mount, run:
Line 57: Line 57:
 
  # systemctl mask tmp.mount
 
  # systemctl mask tmp.mount
  
Files will no longer be stored in a tmpfs, but your block device instead.
+
Files will no longer be stored in a tmpfs, but on the block device instead.
The {{ic|/tmp}} contents will now be preserved between reboots, which you might not want.
+
The {{ic|/tmp}} contents will now be preserved between reboots, which might not be the desired behavior.
To regain the previous behavior and clean the {{ic|/tmp}} folder automatically when restarting your machine, consider using {{ic|tmpfiles.d(5)}}:
+
To regain the previous behavior and clean the {{ic|/tmp}} folder automatically when restarting, consider using {{man|5|tmpfiles.d}}:
  
 
{{hc|/etc/tmpfiles.d/tmp.conf|2=
 
{{hc|/etc/tmpfiles.d/tmp.conf|2=
Line 79: Line 79:
 
=== Opening symlinks in tmpfs as root fails ===
 
=== Opening symlinks in tmpfs as root fails ===
  
Considering {{ic|/tmp}} is using tmpfs, change the current directory to {{ic|/tmp}}, then create a file and create a symlink to that file in the same {{ic|/tmp}} directory. If you try to open the file you created via the symlink, you will get a permission denied error. This is expected as {{ic|/tmp}} [https://wiki.ubuntu.com/Security/Features#Symlink_restrictions has the sticky bit set].
+
Considering {{ic|/tmp}} is using tmpfs, change the current directory to {{ic|/tmp}}, then create a file and create a symlink to that file in the same {{ic|/tmp}} directory. Permission denied errors are to be expected when attempting to read the symlink due to {{ic|/tmp}} https://wiki.ubuntu.com/Security/Features#Symlink_restrictions has the sticky bit set].
  
This behaviour can be controlled via {{ic|/proc/sys/fs/protected_symlinks}} or simply via sysctl: {{ic|1=sysctl -w fs.protected_symlinks=0}}. See [[Sysctl#Configuration]] to make this permanent.
+
This behavior can be controlled via {{ic|/proc/sys/fs/protected_symlinks}} or simply via sysctl: {{ic|1=sysctl -w fs.protected_symlinks=0}}. See [[Sysctl#Configuration]] to make this permanent.
  
{{Warning|Changing this behaviour can lead to security issues! Disable it only if you know what you are doing.}}
+
{{Warning|Changing this behavior can lead to security issues!}}
  
 
== See also ==
 
== See also ==
  
 
* [https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt Linux kernel documentation]
 
* [https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt Linux kernel documentation]

Latest revision as of 13:10, 23 September 2017

tmpfs is a temporary filesystem that resides in memory and/or swap partition(s). Mounting directories as tmpfs can be an effective way of speeding up accesses to their files, or to ensure that their contents are automatically cleared upon reboot.

Tip: When using systemd, temporary files in tmpfs directories can be recreated at boot by using tmpfiles.d.

Usage

Some directories where tmpfs is commonly used are /tmp, /var/lock and /var/run. Do not use it on /var/tmp, because that folder is meant for temporary files that are preserved across reboots.

Arch uses a tmpfs /run directory, with /var/run and /var/lock simply existing as symlinks for compatibility. It is also used for /tmp by the default systemd setup and does not require an entry in fstab unless a specific configuration is needed.

glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for POSIX shared memory. Mounting tmpfs at /dev/shm is handled automatically by systemd, so manual configuration in fstab is no longer necessary.

Generally, I/O intensive tasks and programs that run frequent read/write operations can benefit from using a tmpfs folder. Some applications can even receive a substantial gain by offloading some (or all) of their data onto the shared memory. For example, relocating the Firefox profile into RAM shows a significant improvement in performance.

Examples

Note: The actual memory/swap consumption depends on how much is used, as tmpfs partitions do not consume any memory until it is actually needed.

By default, a tmpfs partition has its maximum size set to half of the available RAM, however it is possible to overrule this value.

To explicitly set a maximum size, in this example to override the default /tmp mount, use the size mount option:

/etc/fstab
tmpfs   /tmp         tmpfs   rw,nodev,nosuid,size=2G          0  0

To specify a more secure mounting, specify the following mount option:

/etc/fstab
tmpfs   /www/cache    tmpfs  rw,size=1G,nr_inodes=5k,noexec,nodev,nosuid,uid=user,gid=group,mode=1700 0 0

See the mount(8) man page and Security#File systems for more information.

Reboot for the changes to take effect. Note that although it may be tempting to simply run mount -a to make the changes effective immediately, this will make any files currently residing in these directories inaccessible (this is especially problematic for running programs with lockfiles, for example). However, if all of them are empty, it should be safe to run mount -a instead of rebooting (or mount them individually).

After applying changes, verify that they took effect by looking at /proc/mounts and using findmnt:

$ findmnt --target /tmp
TARGET SOURCE FSTYPE OPTIONS
/tmp   tmpfs  tmpfs  rw,nosuid,nodev,relatime

The tmpfs can also be temporarily resized without the need to reboot, for example when a large compile job needs to run soon. In this case, run:

# mount -o remount,size=4G,noatime /tmp

Disable automatic mount

Under systemd, /tmp is automatically mounted as a tmpfs even though no entry is specified in /etc/fstab.

To disable the automatic mount, run:

# systemctl mask tmp.mount

Files will no longer be stored in a tmpfs, but on the block device instead. The /tmp contents will now be preserved between reboots, which might not be the desired behavior. To regain the previous behavior and clean the /tmp folder automatically when restarting, consider using tmpfiles.d(5):

/etc/tmpfiles.d/tmp.conf
# see tmpfiles.d(5)
# always enable /tmp folder cleaning
D! /tmp 1777 root root 0

# remove files in /var/tmp older than 10 days
D /var/tmp 1777 root root 10d

# namespace mountpoints (PrivateTmp=yes) are excluded from removal
x /tmp/systemd-private-*
x /var/tmp/systemd-private-*
X /tmp/systemd-private-*/tmp
X /var/tmp/systemd-private-*/tmp

Troubleshooting

Opening symlinks in tmpfs as root fails

Considering /tmp is using tmpfs, change the current directory to /tmp, then create a file and create a symlink to that file in the same /tmp directory. Permission denied errors are to be expected when attempting to read the symlink due to /tmp https://wiki.ubuntu.com/Security/Features#Symlink_restrictions has the sticky bit set].

This behavior can be controlled via /proc/sys/fs/protected_symlinks or simply via sysctl: sysctl -w fs.protected_symlinks=0. See Sysctl#Configuration to make this permanent.

Warning: Changing this behavior can lead to security issues!

See also