cPanel’s new securetmp script is handy to prevent users from executing malicious code in /tmp or /var/tmp but if your software is like a lot out there and doesn’t have any garbage collection, you’ll find your /tmp partition filling up quickly. By default, cPanel’s script uses a limit of 512MB, and for those with large session data files (storing image data, for instance) this amount is fairly small. I played around with the script and although the 512MB value is easily changed, a good amount of the code would have to be tweaked in order to re-do an existing secured /tmp.
I have included below the sequence of commands I used to expand the “partition” to 1GB. I quote it because it’s not really a partition in the normal sense, but a 1GB file mounted as a loop block device. Note that in the instructions below I only stop MySQL, which is due the mysql.sock file it uses, however you will want to stop any other processes using /tmp as well. You can find these by running
lsof|grep /tmp
and using the output PID/process name to stop accordingly (commonly you will also need to stop the cpanel and apache services as well).
Here are the steps:
# /etc/init.d/mysql stop # cp -af /var/tmp /var/tmp.bak # umount /var/tmp # umount /tmp # rm -f /usr/tmpDSK # dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=1048576 # mkfs /usr/tmpDSK # tune2fs -j /usr/tmpDSK # mount -t ext3 -o nosuid,noexec,loop /usr/tmpDSK /tmp # mount -o bind,noexec,nosuid /tmp /var/tmp # cp -a /var/tmp.bak/* /tmp/ # rm -rf /var/tmp.bak/ # chmod 1777 /tmp # /etc/init.d/mysql start You should now see the increase /tmp partition size: root@server [~]# df -h|grep tmp /usr/tmpDSK 1006M 13M 993M 1% /tmp
OR Follow below steps:
1. Stop cpanel, apache (litespeed), mysql services:
/etc/init.d/cpanel stop
/etc/init.d/httpd stop
/etc/init.d/lsws stop
/etc/init.d/mysql stop
2. Umount /tmp and /var/tmp:
umount -l /tmp
umount -l /var/tmp
3. Move /usr/tmpDSK file to another location (just in case you’ll need to mount it somewhere else to preserve data):
mv /usr/tmpDSK /usr/tmpDSK_back
4. Modify /scripts/securetmp to set tmpdsksize to desired size:
vi /scripts/securetmp
$tmpdsksize = 2048000
5. Run:
/scripts/securetmp
6. Start cpanel, apache (litespeed), mysql services:
/etc/init.d/cpanel start
/etc/init.d/httpd start
/etc/init.d/lsws start
/etc/init.d/mysql start
No comments:
Post a Comment