How to Increase /tmp Size and Secure

How to increase /tmp size and secure?

by

Increasing the /tmp size and securing it is essential for maintaining a stable and secure Linux or cPanel server. To increase /tmp size, you typically resize the partition (if it’s on a separate mount) or recreate it as a loopback file with a larger size; to secure it, you mount it with proper options such as noexec, nosuid, and nodev to prevent malicious scripts from executing. Now, let’s explore in detail how to safely increase /tmp size and secure it properly on a production server.

Why /tmp Size Matters

On shared hosting or high-traffic servers, /tmp fills up quickly due to:

  • PHP session files
  • MySQL temporary tables
  • Apache temporary cache
  • Email processing
  • Backup scripts

By default, many servers allocate only 512MB to 1GB for /tmp. For modern websites, this is often not enough.

Recommended sizes:

  • Small server: 1GB
  • Medium server: 2–4GB
  • High-traffic server: 4GB+

How to Check Current /tmp Size

Run:

Bash
df -h /tmp

This shows current usage and available space.

To see mount options:

Bash
mount | grep /tmp

This helps determine whether /tmp is already secured.

How to increase /tmp size and secure? Complete Guide

Method 1: Increase /tmp Size (Loopback File – cPanel Servers)

Most cPanel servers use a loopback file for /tmp. This is the safest and easiest method.

Step 1: Check if /tmp is Loop Mounted

Bash
mount | grep tmp

If you see something like:

Bash
/usr/tmpDSK on /tmp type ext4 (rw,nosuid,nodev,noexec)

Then your /tmp is using a loop file.

Step 2: Resize /tmp in cPanel

cPanel provides a script to secure and resize /tmp.

Run:

Bash
/scripts/securetmp

If you want to manually recreate it with a larger size:

Unmount Existing /tmp

Bash
umount /tmp

Remove Old File

Bash
rm -f /usr/tmpDSK

Create New Larger File (Example 4GB)

Bash
dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=4194304

Format It

Bash
mkfs.ext4 /usr/tmpDSK

Mount It

Bash
mount -o loop,noexec,nosuid,nodev /usr/tmpDSK /tmp

Set Proper Permissions

Bash
chmod 1777 /tmp

The permission 1777 ensures all users can write, but cannot delete each other’s files.

Method 2: Resize LVM Partition (Advanced Servers)

If /tmp is a separate LVM partition:

Step 1: Check LVM

Bash
lvdisplay

Step 2: Extend Logical Volume

Example:

Bash
lvextend -L +2G /dev/mapper/vgname-tmp

Step 3: Resize Filesystem

For ext4:

Bash
resize2fs /dev/mapper/vgname-tmp

This safely increases /tmp without downtime in most cases.

How to Secure /tmp Properly

Security is more important than size.

If /tmp is not secured, attackers can:

  • Upload shell scripts
  • Execute malicious binaries
  • Run privilege escalation exploits

To prevent this, mount /tmp with secure options.

Required Mount Options

Edit /etc/fstab and ensure /tmp includes:

Code
noexec,nosuid,nodev

What These Do:

  • noexec → Prevents execution of binaries
  • nosuid → Prevents setuid binaries
  • nodev → Prevents device files

Example entry:

Code
/usr/tmpDSK /tmp ext4 loop,noexec,nosuid,nodev,rw 0 0

After editing:

Code
mount -o remount /tmp

Verify Security Settings

Run:

Bash
mount | grep /tmp

You should see:

Code
noexec,nosuid,nodev

If not, your /tmp is not secure.

Additional Security Best Practices

1. Secure /var/tmp

Many attackers bypass protection by using /var/tmp.

Make /var/tmp a symlink to /tmp:

Bash
rm -rf /var/tmp
ln -s /tmp /var/tmp

2. Secure /dev/shm

Add similar mount options:

Edit /etc/fstab:

Code
tmpfs /dev/shm tmpfs defaults,noexec,nosuid,nodev 0 0

Then:

Bash
mount -o remount /dev/shm

3. Monitor /tmp Usage

Install monitoring tools:

Bash
watch df -h

Or configure alerts in WHM:

WHM → Server Configuration → Tweak Settings

Common Issues After Securing /tmp

Sometimes, enabling noexec breaks certain applications.

For example:

  • Some older PHP uploaders
  • Custom Java applications
  • Certain backup tools

Temporary Fix (If Needed)

If an application requires execution:

Bash
mount -o remount,exec /tmp

Only do this temporarily.

Better solution: Reconfigure the application to use another directory.

Best Recommended Configuration for Production

For high-security hosting servers:

  • Separate /tmp partition
  • 2–4GB minimum
  • Mounted with noexec,nosuid,nodev
  • /var/tmp symlinked
  • /dev/shm secured
  • Disk monitoring enabled

Signs Your /tmp Needs Immediate Attention

  • Frequent “No space left on device” errors
  • MySQL crashing during large queries
  • PHP session warnings
  • Suspicious files in /tmp
  • Malware detected by Imunify or ClamAV

Automating /tmp Cleanup

Use cron to clean old temporary files:

Example:

Bash
find /tmp -type f -mtime +7 -delete

This removes files older than 7 days.

Be cautious — some applications rely on persistent temp files.

Final Thoughts

Increase and secure /tmp size is one of the most important server optimization and hardening steps. A properly sized /tmp prevents application crashes and database failures, while secure mount options protect your server from script-based attacks and privilege escalation attempts.

If you manage a cPanel server, always use /scripts/securetmp and verify mount options. For advanced Linux systems, consider LVM resizing and enforce strict mount flags.

A well-configured /tmp means:

  • Better server stability
  • Improved performance
  • Stronger security posture
  • Fewer support tickets
  • Safer hosting environment

Taking 15–30 minutes to properly configure /tmp can prevent hours of downtime and security incidents later.

If you’re running a production server, review your /tmp configuration today — don’t wait until it becomes a problem.