Courtesy of JohnWong - original thread can be found here: http://www.1and1faq.com/forums/showthread.php?t=70

I used to create a loop back file for the /tmp directory Not only to have a bigger /tmp directory, I can have some limited protection from script kiddies. Those script kiddies like to use some PHP application weakness (like older version of phpBB, zeroboard) to instruct php to download source code, compile it and execute the binary. The binary may be something to DoS or sending spam emails .... Therefore, I used to send up a separate /tmp partition with loopback device and add the noexec option during mounting. Here is the instructions:

change directory to /var
# cd /var

write a 300MB file
# dd if=/dev/zero of=tmpMnt bs=1024 count=300000

create a ext2 partition on the file
# /sbin/mke2fs /var/tmpMnt

copy current tmp directory content to
# cp -R /tmp /tmp_backup

mount the new /tmp partition
# mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

setup correct permission for the new /tmp folder
# chmod 1777 /tmp

copy all previous content of tmp directory to the new old
# cp -R /tmp_backup/* /tmp/

remove unused files
# rm -rf /tmp_backup

create proper symbolic links
# ln -s /tmp /var/tmp

If you want this change to be permanent, add this line at the bottom of your /etc/fstab:
/var/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0

Beside using this method to stop the script kiddies to execute anything from my server tmp directory, I like to change the permission of "wget" (normally used by those script kiddies to download their payload) to owner executable only.

A good idea, but does linking /var/tmp not mean that it will be cleaned out by the tmpwatch cronjob?

I thought /var/tmp was supposed tobe persistent?

Interesting...

But...

I would want my /tmp filesystem to be fast, and a loopback mount to a file in another filesystem must incur some overhead...

If you can, it might be better to re-partition your /home partition and take some cylinders to give to a new partition for /tmp.

This assumes that your server is not serving live content at the time, as this is a lenghthy and disruptive process.

FYI on FC3 this cause an error with some logrotate versions.

Basically postrotate does not run on my box, causing rotated files still to be written to, (eg my secure.2 is being written to, rather than secure)

See
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149270

Combining the idea that is fine to have a swap partiton of 100% to 150% of the memory size and that repartitioning existing XFS filesystems would not be a easy task, one could them delete the existing swap and recreating it leaving enough space for a future /tmp partition.

Attending to all steps necessary and taking advantage of the freaky 1 and 1 partition layout you end up with a swap of 1536m (logical partition 2) and /tmp of 500m+ (logical partition 3)

For the ones concern about mount the tmp as a loop would add overhead, this is the way to go.

If someone care for more details I will glady post it.

Yes please post more details.

1and1 Partition layout look like this:

Logical partition 1 ROOT
Logical partition 2 SWAP
Logical partition 4 (Extended)
Partition 5
Partition 6
Partition 7

we want like this:

Logical partition 1 ROOT
Logical partition 2 SWAP
Logical partition 3 TMP
Logical partition 4 (Extended)
Partition 5
Partition 6
Partition 7

In order to achieve this, we need to actually delete the swap partition, re-create it smaller leaving enough space for a extra tmp partition.

Reboot in rescue mode (No services running this way)

Most is done in Fdisk itself, brief description and the actual command is in bold, here we go:

/sbin/fdisk /dev/hda

delete partition d
Partition Number 2
New Partition n
Primary Partition p
Partition number 2
first cylinder default (hit enter)
Last Cylinder +1536M (1.5GB swap)
change partition type t
use swap type 82
Now creat tmp n
Primary Partition p
first cylinder default (hit enter)
last cylinder (last) default (hit enter)
write changes to disk w
exit fdisk quit

At this point you need to reboot your computer (still in rescue mode)

mkswap /dev/hda2
swapon /dev/hda2
mkfs.ext3 /dev/hda3
fsck.ext3 -y /dev/hda1
mount -t ext3 /dev/hda1 /mnt
mount -t xfs /dev/hda5 /mnt/usr
mount -t xfs /dev/hda6 /mnt/home
mount -t xfs /dev/hda7 /mnt/var
chroot /mnt
mv /tmp /tmpold
mkdir /mnt/tmp
chmod 1777 tmp
cp -R /tmpold/* /tmp


add changes to fstab

vi /etc/fstab
/dev/hda3 /tmp ext3 nosuid,noexec,rw 1 1 ##add this line to fstab ommit comment

reboot in normal mode

That should do it, it's not for the faint at heart ....