Managing the Linux /tmp directory like a boss

The /tmp directory is a temporary landing place for files. Users also have write access to this directory, which can be a bad thing, but there is a solution.

By a show of hands, how many of you like to reboot your servers? I don’t see any hands.

Long uptimes are impressive, aren’t they? It makes you one of the cool kids to brag about your 853-day uptime on a production system. What’s not so cool is that your users like to use /tmp as their personal dumping ground without regard for the overall system’s health, or your uptime bragging rights. And rebooting doesn’t get rid of user files, only system ones—even that relief is temporary until services restart and users open applications.

Note: An exception to not deleting user temp files after a reboot is to enable tmp.mount, but that’s a topic for a different article. Plus, there are system housekeeping scripts in place for RHEL 7 and later.

It’s impossible to force users to comply with the policy of removing files from the /tmp directory in a timely manner. So, what’s a frustrated system administrator to do when you have dozens, hundreds, or even thousands of /tmp directories and users to deal with? The answer is to deploy user file housekeeping scripts.

$199 ENROLLS YOU INTO OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!

You can create housekeeping scripts and place them in crontab to periodically remove user files from the /tmp directory. It’s an unfortunate but necessary service to provide for your users. Most seasoned system administrators will tell you that you shouldn’t remove files from /tmp unless you know that they’re not being used, though. That’s good advice. Some services write lock files to /tmp, some applications use it, and users use it. So, how do you determine which files your housekeeping script can sweep away without any issue?

How about filtering files by last accessed time? It’s a good choice if you have a time limit on files left in /tmp. For example, if you warn your users that files left in the /tmp directory will be removed if they haven’t been accessed in two days, on a rolling basis, they should take notice. Using the last accessed time for user files solves the problem if you also exclude files owned by the root user. For example, use:

find /tmp -type f \( ! -user root \) -atime +2

This script displays all files in the /tmp directory not owned by root that have been accessed more than two days ago. Now to add the command’s removal switch:

find /tmp -type f \( ! -user root \) -atime +2 -delete

ENROLL TODAY IN THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS FOR $199!

Copy that text into a file, make it executable, and create a crontab entry that runs this script every eight hours. For example, you might add this to your crontab:

* */8 * * * /opt/scripts/tmp.clean.sh

This script and schedule ensure that your /tmp directory is kept relatively free of garbage. It isn’t foolproof, however. If a user decides to dump a huge amount of data into the /tmp directory, this action can cause other problems, such as not being able to log into the system via SSH.

Maintaining the /tmp directory isn’t easy. Users love to dump files into /tmp and leave them there indefinitely. Fortunately, for repeat offenders, there’s always the possibility of locking their account or sending a strongly worded email about losing access to a system until the matter is cleared through their manager. These tactics usually get the user’s attention and further offenses are rare.

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

Author’s photo

Ken Hess

Ken Hess is an Enable SysAdmin Community Manager and an Enable SysAdmin contributor. Ken has used Red Hat Linux since 1996 and has written ebooks, whitepapers, actual books, thousands of exam review questions, and hundreds of articles on open source and other topics. More about me

Full article: https://www.redhat.com/sysadmin/manage-linux-tmp-directory

LFD432

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.