1 |
On Wed, May 24, 2017 at 11:34 AM, Ian Zimmerman <itz@×××××××.net> wrote: |
2 |
> On 2017-05-24 08:00, Kai Krakow wrote: |
3 |
> |
4 |
>> Unix semantics suggest that /tmp is not expected to survive reboots |
5 |
>> anyways (in contrast, /var/tmp is expected to survive reboots), so |
6 |
>> tmpfs is a logical consequence to use for /tmp. |
7 |
> |
8 |
> /tmp is wiped by the bootmisc init job anyway. |
9 |
> |
10 |
|
11 |
In general I haven't found anything that is bothered by /var/tmp being |
12 |
lost on reboot, but obviously that is something you need to be |
13 |
prepared for if you put it on tmpfs. |
14 |
|
15 |
One thing that wasn't mentioned is that having /tmp in tmpfs might |
16 |
also have security benefits depending on what is stored there, since |
17 |
it won't be written to disk. If you have a filesystem on tmpfs and |
18 |
your swap is encrypted (which you should consider setting up since it |
19 |
is essentially "free") then /tmp also becomes a useful dumping ground |
20 |
for stuff that is decrypted for temporary processing. For example, if |
21 |
you keep your passwords in a gpg-encrypted file you could copy it to |
22 |
/tmp, decrypt it there, do what you need to, and then delete it. That |
23 |
wouldn't leave any recoverable traces of the file. |
24 |
|
25 |
There are lots of guides about encrypted swap. It is the sort of |
26 |
thing that is convenient to set up since there is no value in |
27 |
preserving a swap file across reboots, so you can just generate a |
28 |
random key on each boot. I suspect that would break down if you're |
29 |
using hibernation / suspend to disk. |
30 |
|
31 |
-- |
32 |
Rich |