[SOLVED] Is my fstab wrong?

Amanda S · 2016-01-31 18:33:52

Something isn't right with my OS. This is how I installed it:

* Create two partitions, one for /boot and the other for LVM;
* Encrypted the LVM

So far so fine, I've been using this method for years.

* Created physical volume and volume group;
* Instead of creating volumes for /, one for /swap, and another one for /home, this is what I did:

/dev/mapper/system-root
/dev/mapper/system-home
/dev/mapper/system-swap
/dev/mapper/system-tmp
/dev/mapper/system-var

I created the directories in /mnt and mounted everything fine. Installed the system, rebooted, all went well.
However, after installing XFCE4 and Slim, XFCE wouldn't start, neither SDDM. MATE started, which was weird.

Then things got even weirder. I couldn't install any Firefox addon, it said it couldn't edit the necessary files. I didn't know what that was so I:

* Deleted and re-created my user, making sure I was in all necessary groups;
* Edited the permissions on .mozilla to see if that helped;
* Edited permissions on my /home folder to see if it would help;

Nothing.

I then noticed that this started to happen today, the same day I installed Arch with those separated tmp and var partitions. Looking into tmp permissions I noticed I couldn't create any files. I wasn't sure this is how things are supposed to be, so I did:

chmod 1777 /tmp

Now everyone can write to tmp.

So, let's get to business.

My fstab:

#
# /etc/fstab: static file system information
#
# <file system> <dir>   <type>  <options>       <dump>  <pass>
# /dev/mapper/system-root UUID=45cfe66a-b273-42ef-a25c-1600bf28de61
/dev/mapper/system-root /               ext4            rw,relatime,data=ordered        0 1

# /dev/sda1 UUID=53ad9195-7d8f-47f1-804c-e36e20b401a0
/dev/sda1               /boot           ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-home UUID=d7d04ff7-8c9e-45c4-b06f-06f4694cf760
/dev/mapper/system-home /home           ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-tmp UUID=b6b9ef4b-0cbf-499c-8df9-db7f0badc7ce
/dev/mapper/system-tmp  /tmp            ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-var UUID=ead66183-5a71-40ee-8794-458f6008c08f
/dev/mapper/system-var  /var            ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-swap UUID=bcf3d696-01fe-4204-a87b-3458ef1d41ac
/dev/mapper/system-swap none            swap            defaults        0 0

tmpfs   /tmp    tmpfs   nodev,nosuid,size=16G     0  0

df -h
Filesystem               Size  Used Avail Use% Mounted on
dev                      3.9G     0  3.9G   0% /dev
run                      4.0G  652K  4.0G   1% /run
/dev/mapper/system-root   30G  2.8G   26G  11% /
tmpfs                    4.0G     0  4.0G   0% /dev/shm
tmpfs                    4.0G     0  4.0G   0% /sys/fs/cgroup
/dev/sda1                976M   48M  862M   6% /boot
/dev/mapper/system-tmp    25G   45M   24G   1% /tmp
/dev/mapper/system-var    16G  724M   15G   5% /var
/dev/mapper/system-home  831G  200M  788G   1% /home
tmpfs                    799M   36K  799M   1% /run/user/1000

mount
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
dev on /dev type devtmpfs (rw,nosuid,relatime,size=4049740k,nr_inodes=1012435,mode=755)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
/dev/mapper/system-root on / type ext4 (rw,relatime,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
/dev/sda1 on /boot type ext4 (rw,relatime,data=ordered)
/dev/mapper/system-tmp on /tmp type ext4 (rw,relatime,data=ordered)
/dev/mapper/system-var on /var type ext4 (rw,relatime,data=ordered)
/dev/mapper/system-home on /home type ext4 (rw,relatime,data=ordered)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=818048k,mode=700,uid=1000,gid=100)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)

Does everything look OK? Why is tmpfs mounted at "/run/user/1000", "/dev/shm", and "/sys/fs/cgroup"? Is that normal?

Is 1777 the right permissions for tmp?

Can I mount it with nodev,nosuid,noexec?

Last edited by Amanda S (2016-02-01 15:13:39)

Amanda S · 2016-01-31 18:48:47

@Mods: I'm not bumping, I'm just posting here so OP doesn't get too "dirty". If that's not allowed, warn me so I can edit OP and you can delete this post.

I edited my fstab:

#
# /etc/fstab: static file system information
#
# <file system> <dir>   <type>  <options>       <dump>  <pass>
# /dev/mapper/system-root UUID=45cfe66a-b273-42ef-a25c-1600bf28de61
/dev/mapper/system-root /               ext4            rw,relatime,data=ordered        0 1

# /dev/sda1 UUID=53ad9195-7d8f-47f1-804c-e36e20b401a0
/dev/sda1               /boot           ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-home UUID=d7d04ff7-8c9e-45c4-b06f-06f4694cf760
/dev/mapper/system-home /home           ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-tmp UUID=b6b9ef4b-0cbf-499c-8df9-db7f0badc7ce
/dev/mapper/system-tmp  /tmp            ext4            defaults,nodev,nosuid,noexec,relatime,data=ordered      $

# /dev/mapper/system-var UUID=ead66183-5a71-40ee-8794-458f6008c08f
/dev/mapper/system-var  /var            ext4            rw,defaults,nodev,nosuid,noexec,relatime,data=ordered   $

# /dev/mapper/system-swap UUID=bcf3d696-01fe-4204-a87b-3458ef1d41ac
/dev/mapper/system-swap none            swap            defaults        0 0

tmpfs   /tmp               tmpfs   defaults,nodev,nosuid,noexec,size=24G     0 0
tmpfs   /dev/shm        tmpfs   defaults,nodev,nosuid,noexec              0 0
tmpfs   /var/tmp         tmpfs   rw,defaults,nodev,nosuid,noexec              0 0

Now, tmp looks like this:

mount | egrep --color -w '^(tmpfs|/tmp)|/tmp'
[b]tmpfs[/b] on /dev/shm type tmpfs (rw,nosuid,nodev,noexec)
[b]tmpfs[/b] on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
/dev/mapper/system-tmp on /tmp type ext4 (rw,nosuid,nodev,noexec,relatime,data=ordered)
[b]tmpfs[/b] on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=818048k,mode=700,uid=1000,gid=100)

[root@amarildo tmp]# ls -l
total 20
drwx------ 2 root     root  16384 Jan 31 14:33 lost+found
drwx------ 2 amarildo users  4096 Jan 31 16:21 mozilla_amarildo0
srwx------ 1 sddm     sddm      0 Jan 31 16:01 sddm-:0-iQlnJC
srwxr-xr-x 1 root     root      0 Jan 31 15:20 sddm-auth4c2596e6-89a9-402d-ba95-40ded1e1573d
srwxr-xr-x 1 root     root      0 Jan 31 15:48 sddm-auth7e26f651-ceb9-4fcf-af42-bbefa1719a30
srwxr-xr-x 1 root     root      0 Jan 31 15:09 sddm-auth8e156cf4-03b9-4f95-8423-0c26f7ef825f
srwxr-xr-x 1 root     root      0 Jan 31 15:11 sddm-auth94966f9c-84f3-487b-862f-2d1287be184a
srwxr-xr-x 1 root     root      0 Jan 31 16:01 sddm-authd6d41746-30ab-4239-98fc-120f986e1186
srwxr-xr-x 1 root     root      0 Jan 31 15:08 sddm-authe108961e-8b56-4098-9ccb-ff337bdfbd70
srwxr-xr-x 1 root     root      0 Jan 31 15:05 sddm-authe19fca53-1222-4aab-8b1a-64a9c877ce48

I think the only question that remains is what are the correct permissions for /tmp. Obviously 1777 isn't it because I don't want execute permissions.

Last edited by Amanda S (2016-01-31 18:50:00)

Trilby · 2016-01-31 20:05:48

Amarildo wrote:

Obviously 1777 isn't it because I don't want execute permissions.

Yes it is, and yes you do. Directories must be "executable" or you cannot traverse into them.

Generally, though, /tmp is not on-disk storage. Is there a reason you want to mount a partition there?

Amanda S · 2016-01-31 20:15:12

Trilby wrote:

Is there a reason you want to mount a partition there?

Yes. Usually I'd create one 60 GB partition for / and leave tmp/var there, but I use grsecurity for Kernel protections (overflows and etc). I think I won't be able to use grsec anymore, so I want to have a safer partition scheme for, e.g. if a vulnerable program gets exploited and start writting to tmp untill it literally fills my / partition to the point where I'm forced to reboot. That wouldn't happen with a sepparate tmp partition.

Last edited by Amanda S (2016-01-31 20:17:23)

Trilby · 2016-01-31 21:46:31

You seemed to have missed the second part of that. Your reasoning is good for why you wouldn't want /tmp to be on your root partition - but it normally isn't. That's my point: /tmp is not normally on *any* partition.

olegabrielz · 2016-01-31 23:59:36

I just want to add something.

Amarildo wrote:

... However, after installing XFCE4 and Slim, XFCE wouldn't start, neither SDDM. MATE started, which was weird.

This quote is from https://wiki.archlinux.org/index.php/SLiM:

Warning: The SliM project has been abandoned (the project homepage is down, leaving a github mirror), and is not fully compatible with systemd, including logind sessions. Consider using a different Display manager or Xinitrc.

I don't know this for sure, but I just thought it could explain the weird behaviour you described.

Edit: typo

Last edited by olegabrielz (2016-02-01 03:01:04)

Amanda S · 2016-02-01 15:13:26

Trilby wrote:

You seemed to have missed the second part of that. Your reasoning is good for why you wouldn't want /tmp to be on your root partition - but it normally isn't. That's my point: /tmp is not normally on *any* partition.

I'm not sure I get what you're saying. Isn't /tmp mounted on the / partition?

olegabrielz wrote:

I just want to add something.
Amarildo wrote:
... However, after installing XFCE4 and Slim, XFCE wouldn't start, neither SDDM. MATE started, which was weird.
This quote is from https://wiki.archlinux.org/index.php/SLiM:
Warning: The SliM project has been abandoned (the project homepage is down, leaving a github mirror), and is not fully compatible with systemd, including logind sessions. Consider using a different Display manager or Xinitrc.
I don't know this for sure, but I just thought it could explain the weird behaviour you described.
Edit: typo

Thanks, but that wasn't the issue. Slim actually works fine here

Scimmia · 2016-02-01 15:14:39

Amarildo wrote:

Trilby wrote:
You seemed to have missed the second part of that. Your reasoning is good for why you wouldn't want /tmp to be on your root partition - but it normally isn't. That's my point: /tmp is not normally on *any* partition.
I'm not sure I get what you're saying. Isn't /tmp mounted on the / partition?

He's saying that by default, /tmp is tmpfs.

Trilby · 2016-02-01 15:28:17

More explicity, normally a tmpfs (temporary filesystem) is mounted on /tmp. At that point anything that is written in or under /tmp is stored in this temporary filesystem (in memory only) and it is not stored on any block device:

$ mount | grep /tmp
tmpfs on /tmp type tmpfs (rw)

There might be reasons I am unaware of to mount an on-disk partition on /tmp, but the security measure you refer to is not one of them. There will be performance consequences for having /tmp on a disk, especially if it is a hard disk, so unless there is a good reason to do this, I'd advise against it.

Further, I'm not sure if the system will actually clear /tmp on shutdown (I have no idea, it might). If it doesn't, then your /tmp partition will gradually fill up.

olegabrielz · 2016-02-01 20:53:09

Amarildo wrote:

Thanks, but that wasn't the issue. Slim actually works fine here

Sorry, I don't think you understood what I was trying to share. You said Slim is working. Just to test my theory I just installed xfce4 and slim. Slim doesn't start xfce but lxdm does. That was my point, and was just trying to help with one of the issues you did describe in your first post

Anyway - Enjoy

Edit: typo

Last edited by olegabrielz (2016-02-01 20:54:13)

Amanda S · 2016-02-01 23:34:23

Scimmia wrote:

He's saying that by default, /tmp is tmpfs.

But this is still on the / partition. I mean, if the user creates only one 20G partition and put everything there, and tmpfs gets filled with 18GB of data, the entire / partition will be out of space. That's what I think

Trilby wrote:

More explicity, normally a tmpfs (temporary filesystem) is mounted on /tmp. At that point anything that is written in or under /tmp is stored in this temporary filesystem (in memory only) and it is not stored on any block device:
$ mount | grep /tmp
tmpfs on /tmp type tmpfs (rw)
There might be reasons I am unaware of to mount an on-disk partition on /tmp, but the security measure you refer to is not one of them. There will be performance consequences for having /tmp on a disk, especially if it is a hard disk, so unless there is a good reason to do this, I'd advise against it.
Further, I'm not sure if the system will actually clear /tmp on shutdown (I have no idea, it might). If it doesn't, then your /tmp partition will gradually fill up.

I think I'm starting to get it. I didn't think /tmp was stored in memory, because if it starts to get filled than the user will suffer the same way if it was mounted on the hard drive.

I'll check if it gets clean. In the mean time, could you see if I did my fstab correctly? Because there's an entry for tmpfs that is mounted on /tmp, so I guess it -is- cleaned on reboot.

/etc/fstab

#
# /etc/fstab: static file system information
#
# <file system> <dir>   <type>  <options>       <dump>  <pass>
# /dev/mapper/system-root UUID=d4709400-e970-431d-873f-201221b2edc2
/dev/mapper/system-root /               ext4            rw,relatime,data=ordered        0 1

# /dev/sda1 UUID=011dc537-19e2-4b1b-82af-06c6d6324060
/dev/sda1               /boot           ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-home UUID=ebe9405b-b3f6-4f55-b600-8247d2a0375e
/dev/mapper/system-home /home           ext4            rw,relatime,data=ordered        0 2

# /dev/mapper/system-tmp UUID=22453954-fe75-4261-9cdb-4f008baf9e5d
/dev/mapper/system-tmp  /tmp            ext4            defaults,nodev,nosuid,noexec,relatime,data=ordered      $

# /dev/mapper/system-var UUID=4da1c2cb-a0cb-4aa6-bdf7-3ccd0661305f
/dev/mapper/system-var  /var            ext4            rw,defaults,nodev,nosuid,noexec,relatime,data=ordered   $

# /dev/mapper/system-swap UUID=8cb79a2b-4cfa-4ceb-a395-6c717971d826
/dev/mapper/system-swap none            swap            defaults        0 0

tmpfs /tmp              tmpfs   defaults,nodev,nosuid,noexec,size=16G 0 0

tmpfs /dev/shm          tmpfs            defaults,nodev,nosuid,noexec 0 0

tmpfs /var/tmp          tmpfs         rw,defaults,nodev,nosuid,noexec 0 0

olegabrielz wrote:

Amarildo wrote:
Thanks, but that wasn't the issue. Slim actually works fine here
Sorry, I don't think you understood what I was trying to share. You said Slim is working. Just to test my theory I just installed xfce4 and slim. Slim doesn't start xfce but lxdm does. That was my point, and was just trying to help with one of the issues you did describe in your first post

No problem, I actually appreciate your help

But regarding this issue of slim not starting xfce: did you create a file called .xinitrc that had "exec xfce4-session" in it, and then you "chmod +x .xinitrc"? Because just installing slim won't make it reconize what to start

olegabrielz wrote:

Anyway - Enjoy
Edit: typo

Thanks! You too. I'm using SDDM now, with KDE.

Last edited by Amanda S (2016-02-01 23:35:24)

Trilby · 2016-02-01 23:47:26

Amarildo wrote:

if the user creates only one 20G partition and put everything there, and tmpfs gets filled with 18GB of data, the entire / partition will be out of space. That's what I think

You can think whatever you want, but that doesn't make it true. If you have a 20GB root partition, and you let the system create the default tmpfs, nothing written to /tmp will ever take any space away from that 20GB, period. Nothing in /tmp would be written to the disk.

As for your fstab, you don't need to explicitly list tmpfs - I suppose you could if you want, but again unless you have a specific reason to override the defaults, don't.

Amanda S · 2016-02-02 00:03:09

Trilby wrote:

You can think whatever you want, but that doesn't make it true.

Correct. I never said that was the truth, indeed. That's only what I thought happened.

olegabrielz · 2016-02-02 00:37:40

@Amarildo: Oh my... Haha
I did forget that detail. I blame lxdm (it made me lazy)

Edit: Corrected the translation a bit.

Last edited by olegabrielz (2016-02-02 00:41:30)

Arch Linux

#1 2016-01-31 18:33:52

[SOLVED] Is my fstab wrong?

#2 2016-01-31 18:48:47

Re: [SOLVED] Is my fstab wrong?

#3 2016-01-31 20:05:48

Re: [SOLVED] Is my fstab wrong?

#4 2016-01-31 20:15:12

Re: [SOLVED] Is my fstab wrong?

#5 2016-01-31 21:46:31

Re: [SOLVED] Is my fstab wrong?

#6 2016-01-31 23:59:36

Re: [SOLVED] Is my fstab wrong?

#7 2016-02-01 15:13:26

Re: [SOLVED] Is my fstab wrong?

#8 2016-02-01 15:14:39

Re: [SOLVED] Is my fstab wrong?

#9 2016-02-01 15:28:17

Re: [SOLVED] Is my fstab wrong?

#10 2016-02-01 20:53:09

Re: [SOLVED] Is my fstab wrong?

#11 2016-02-01 23:34:23

Re: [SOLVED] Is my fstab wrong?

#12 2016-02-01 23:47:26

Re: [SOLVED] Is my fstab wrong?

#13 2016-02-02 00:03:09

Re: [SOLVED] Is my fstab wrong?

#14 2016-02-02 00:37:40

Re: [SOLVED] Is my fstab wrong?

Board footer