Last modified: 2014-05-06 01:21:39 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T66697, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 64697 - separate /tmp and /var/tmp volumes
separate /tmp and /var/tmp volumes
Status: NEW
Product: Wikimedia Labs
Classification: Unclassified
tools (Other open bugs)
unspecified
All All
: Normal normal
: ---
Assigned To: Marc A. Pelletier
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-01 07:50 UTC by Peter Bena
Modified: 2014-05-06 01:21 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Peter Bena 2014-05-01 07:50:57 UTC 
right now /tmp and /var/tmp is writable by anyone and filling it up will make all filesystem unwritable. This is a security hole that affects stability of all servers that are accessible by regular users.
Comment 1 Peter Bena 2014-05-01 07:52:03 UTC 
well, not all, nfs will still be writable, but all local fs will not be
Comment 2 Peter Bena 2014-05-01 09:32:02 UTC 
+ it's not a security hole, but stability hole :o
Comment 3 Tim Landscheidt 2014-05-01 14:29:45 UTC 
Unfortunately, that's not an easy problem.  I've successfully shown on tools-webgrid-01 :-), that sudo can be used for that purpose as well, so there's no partitioning that will /ensure/ that nothing bad happens.  What we should do IMHO though is actually use more available allocated space.  For example, on tools-redis I used all after the recent fill-up, but on tools-login we have 40 GByte allocated, but only 10 GByte mounted.

However, at the moment, I'm not sure if/how we can increase /dev/vda[12].
Comment 4 Marc A. Pelletier 2014-05-01 14:35:39 UTC 
You can use an LVM to mount extra space wherever; on the grid nodes increasing /var/log does make sense.

As for /tmp, that's a different issue.  In practice, its contents can just be blown away whenever without warning so it's easy to recover then slap the culprit.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links