By default, /tmp directory is under / partition. In this guide, I’ll show you how you can create a separate partition for /tmp on LVM and mount it with some restrictions for security purposes.

We’re going to mount /tmp with options:

  • noexec: This protects your system from a number of local and remote exploits of rootkits being run from your /tmp folder. It disables direct execution of any binaries on the mounted filesystem.
  • nosuid : This specifies that the filesystem cannot allow set-user-identifier or set-group-identifier bits to take effect.
  • nodev: Do not interpret block special devices on the file system.
  • rw: Mount the file system with read/write permissions

Create LVM Logical volume for /tmp

First, you may need to check available space on your volume group using the command:

# vgs
cpanel-backups 1 2 0 wz--n- 299.99g 39.99g

As you can see from my cpanel-backups volume group, I have free 40gb space. I’ll create a 10gb partition for /tmp filesystem.

# lvcreate -n tmp -L 10G cpanel-backups
Logical volume "tmp" created.

Create filesystem:

# mkfs.xfs /dev/mapper/cpanel--backups-tmp

This will create an XFS filesystem type. Configure fstab for persistent mounting:

/dev/mapper/cpanel--backups-tmp /tmp xfs loop,nosuid,noexec,nodev,rw 0 0

Mount newly created filesystem running mount -a command:

# mount -a
# df -hT | grep /tmp
 xfs 10G 34M 10G 1% /tmp

Good!, we can see it was mounted successfully.

Create /tmp file using the dd or fallocate command

Instead of using an LVM, you can also create a 10 GB file on your / filesystem for our /tmp partition. If you need more space, make count size larger.

# dd if=/dev/zero of=/tmp-file bs=1 count=0 seek=10G
0+0 records in
0+0 records out
0 bytes (0 B) copied, 0.000180463 s, 0.0 kB/s

Check file size:

# ls -lh /tmp-file
-rw-r--r-- 1 root root 10G Apr 23 14:53 /tmp-file

Create a filesystem:

# mkfs.xfs /tmp-file

Mount it in a similar way to LVM one.

/tmp-file /tmp xfs loop,nosuid,noexec,nodev,rw 0 0

You can also create a 10GB file using the fallocate command on your Linux server. The general syntax is:

fallocate [-n] [-o offset] -l length filename


# fallocate -l 10G /tmp-file

The length and offset arguments may be followed a decimal (10^N) suffixes KB, MB, GB, PB, and EB.

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here