Hi,

On 5/6/24 17:40, Michael Biebl wrote:

If we go with a/, then I think d-i should be updated to no longer create
/tmp as a separate partition.

I think if the admin explicitly configures tmpfs as a separate file
system, then that should be honored -- if there is memory pressure,
tmpfs+swap is pretty much the worst file system there is.

For example, I have a VM with 32 threads but only 16 GiB of memory
allocated to it, which is normally sufficient for compiling large
projects, but occasionally starts thrashing really hard, and /tmp on
ext4 with very relaxed ordering rules is a good way to make it behave.

(What we're really want is a file system that behaves like FILE_ATTRIBUTE_TEMPORARY on Windows, where backing store is allocated,
and pages are evicted first on memory pressure, but are not flushed automatically)

Regarding b/:
The current setup as used in Debian is to only clean /tmp on boot (which
is pointless with /tmp-on-tmpfs) and never clean up /var/tmp

There is also the tmpreaper package, which does periodic cleanup based
on atime. I'd expect that to be installed on a lot of long-running
machines, it is certainly installed on mine.

Also if /var/tmp is no longer cleaned on boot, that is a bug.

I'm not sure if we have software on long running servers which place
files in /tmp and /var/tmp and expect files to not be deleted during
runtime, even if not accessed for a long time. This is certainly an
issue to be aware of and keep an eye on.

IIRC it was an explicit decision not to install tmpreaper by default and
leave cleanup policies to the local admin, for precisely this reason.

It makes sense to revisit this decision 20 years later, but a lot of the original rationale remains valid: it affects only a handful of machines (because everyone else reboots often anyway), and we kind of expect
those machines to be operated by skilled people.

Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 6 May 2024 at 12:15, Michael Biebl <biebl@debian.org> wrote:

Am 06.05.24 um 12:35 schrieb Simon Richter:

Hi,

On 5/6/24 17:40, Michael Biebl wrote:

If we go with a/, then I think d-i should be updated to no longer
create /tmp as a separate partition.

I think if the admin explicitly configures tmpfs as a separate file
system, then that should be honored -- if there is memory pressure, tmpfs+swap is pretty much the worst file system there is.

If you explicitly configure /tmp via /etc/fstab it will override the
default tmp.mount that is shipped by systemd.

My point is a different one: If we enable /tmp-on-tmpfs by default, then offering a partition layout in d-i that places /tmp as a physical
partition is confusing/inconsistent imho.

Is that the default layout, or a selectable option?

If the latter, to me it makes sense to keep it, maybe with updated
wording. Making things customizable is not really an issue, as long as
it's clear what happens where.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* Michael Biebl <biebl@debian.org> [240506 07:15]:

Am 06.05.24 um 12:35 schrieb Simon Richter:

Hi,

On 5/6/24 17:40, Michael Biebl wrote:

If we go with a/, then I think d-i should be updated to no longer
create /tmp as a separate partition.

I think if the admin explicitly configures tmpfs as a separate file
system, then that should be honored -- if there is memory pressure, tmpfs+swap is pretty much the worst file system there is.

If you explicitly configure /tmp via /etc/fstab it will override the default tmp.mount that is shipped by systemd.

My point is a different one: If we enable /tmp-on-tmpfs by default, then offering a partition layout in d-i that places /tmp as a physical partition is confusing/inconsistent imho.

I don't think so at all, especially if the description of this option
explains that if you don't choose this option /tmp will be a tmpfs. But
either way, this is an option that is different from the default, and it doesn't seem either confusing or inconsistent to me.

...Marvin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, May 06, 2024 at 10:40:00AM +0200, Michael Biebl wrote:

I'm not sure if we have software on long running servers which place files
in /tmp and /var/tmp and expect files to not be deleted during runtime, even if not accessed for a long time. This is certainly an issue to be aware of and keep an eye on.

Note that FHS mandates it for /var/tmp: "Files and directories located in /var/tmp must not be deleted when the system is booted. Although data
stored in /var/tmp is typically deleted in a site-specific manner, it is recommended that deletions occur at a less frequent interval than /tmp."




--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmY4t7AtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh YugP/0MqVP0NoVrnphX0xCecl2a/sQHfQivN7J4K9ITZb3vvek+9pfZG9KikZEln WDCZqZcvV+LxDaQHH99ZvvlvFk6yZAEhCRzE/zvrLMUJDTldXnj+MNERqprKPl5L 9pmTyWXgGcgAFot2RRWarKcDicEjn+/KBsHIJiyfLk3G2+tbD2LloMjGSY1bOzBU s2UXDFrloyGP8Y5DAyN4AeTpPZgkPzU07PMpxlxbuLr+D99c0T03O6nMxikYw+1k LuijZFaNFhBuYtt0UNTtcNsoNxMQTwWukJkRCLLCZqV8Dq+LeCqVsSvv18zAm0B9 NJ6x+0G9EhCaMg2YuxG9+MSGjD9Jl2owma+QEW1a/0i+QOu8A8S2DhvJXK33vOQP Wh920HrB+Wo0PCZ1r0m1nkmGI9uogBIkZsYb/XovPQMlzMYYdWgYYa4XKDE18O+s 5nto585M5bLHDAtxVcGuXND3/Qe0xT/A0FEph+42812/KcI2DOTuieCDhQ1DVe4J 5VM9ndx3hCNjssrQvWDqQrXV2EwYh8ie7AOmYb5ixSU8tM0aiv6C1Ql+/j3wBfjj NLupJ0r4jS+nyjP9iHFe5MJ/Lv3R4nnvxl4YVdvJDmRZ8ct3/67+Kz47omYX5Suu xkdvx9WogVRSHsW9NWp4SXCNkNdqXJy6PCt9ldj4I4bNeFC4
=HTUf
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Andrey Rakhmatullin <wrar@debian.org> writes:

On Mon, May 06, 2024 at 10:40:00AM +0200, Michael Biebl wrote:

I'm not sure if we have software on long running servers which place
files in /tmp and /var/tmp and expect files to not be deleted during
runtime, even if not accessed for a long time. This is certainly an
issue to be aware of and keep an eye on.

Note that FHS mandates it for /var/tmp: "Files and directories located
in /var/tmp must not be deleted when the system is booted. Although data stored in /var/tmp is typically deleted in a site-specific manner, it is recommended that deletions occur at a less frequent interval than /tmp."

It mandates that it not be cleaned on *boot*. Not that it never be
cleaned during runtime. It anticipates that it be cleaned periodically,
just less frequently than /tmp.

There is a specific prohibition against clearing /var/tmp on reboot
because /var/tmp historically has been used to store temporary files whose whole reason for existence is that they need to survive a reboot, such as
vi recover files, but are still safe to delete periodically.

Historically, deleting anything in /var/tmp that hadn't been accessed in
over seven days was a perfectly reasonable and typical configuration.
These days, we have the complication that it's fairly common to turn off
atime updates for performance reasons, which makes it a bit harder to
implement that policy when /var/tmp isn't its own partition and thus
inherits that setting from the rest of the system.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, May 06, 2024 at 07:42:11AM -0700, Russ Allbery wrote:

I'm not sure if we have software on long running servers which place
files in /tmp and /var/tmp and expect files to not be deleted during
runtime, even if not accessed for a long time. This is certainly an
issue to be aware of and keep an eye on.

Note that FHS mandates it for /var/tmp: "Files and directories located
in /var/tmp must not be deleted when the system is booted. Although data stored in /var/tmp is typically deleted in a site-specific manner, it is recommended that deletions occur at a less frequent interval than /tmp."

It mandates that it not be cleaned on *boot*. Not that it never be
cleaned during runtime.

Ah, I've read that as "while the system is booted".


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmY48WItFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh tIQP/Rsm7YepWzuAx6u5kG71TAMxbmdBu5sZsRMh4D4E3AUT0Eq2heaTFsD8H0Tn IBYNL6gugcQqkZNzfwp1qJgLXvWC8kpqt0VlE0yTH313qHj5FYe9Bzg5pwNxumdb qZR5qHSsRl80Iyh7OlztLAq38DypPxI17mmx5liGG0ND90fJvg/QG9C2hwlzm8Fd x7xB4ExMggPgQ+/NwBxIE3Rulw4YDiUex3zALDDnEJROFx5cyiFjW0njUZoc3xam IKN9Uu0sozBEeeaTqkI48/J1JrM4/7bQ35VMSZyRkquIOzj2C8AnuU9DsT2AS4RX k7Jvq2AZVsPHdcXUEcz94Mk08PwTHhJ+AbEtKWE356nNKbOJIQcM53xR5ef49/6R Rwf08XVbC1sQ+Q+/gmQVWti9wdgWVgdodDWyPTUmAiSmn134rz5f80fHuG3J/F/n TADrMyVghM05yvIght6VvDZY8zdIqa4hM1KSncV7krTkJ13POTXTXKqvfZ1p+Ylr 6hFSJ/UHHuzeY3RW8Slpmx680Q34hhlVpQ0FX7VsYj1fnKgTjSZ38rU1xrHoBp2A ZLE49UQNJyfbMKoRDDh6AQQDtLwLEp+Wi/Hw+OrOlKft/BHOXUGMOjxVhOH+DQPZ 2v1Lzyjho6SwKaPXT1Oh7SncoXHDN0OYQqtb964T3abynSGo
=Q1Q4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On 5/6/24 20:19, Luca Boccassi wrote:

Is that the default layout, or a selectable option?

When you create a partition manually, it asks for the mount point, and
makes a number of suggestions in a dropdown, and /tmp is one of these.

There is also a "enter manually" option.

If the latter, to me it makes sense to keep it, maybe with updated
wording. Making things customizable is not really an issue, as long as
it's clear what happens where.

The only wording there is "/tmp - Temporary files" or something like
that (has been a while since I saw that particular menu) -- it's an
option in a menu, so space is limited.

FWIW, I don't see much of a use case for leaving /tmp on the root
partition, so if no /tmp mount point is configured, mounting a tmpfs is
a good choice. Basically anything that can boot the installer has enough
RAM.

Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On 5/6/24 19:57, Michael Biebl wrote:

Afaik, /var/tmp has never been cleaned up on /boot.
So I'm not sure what you mean with "no longer"?

Oof, you're right, it was /tmp, /var/run, /var/lock:

[ "$VERBOSE" != no ] && echo -n "Cleaning"
[ -d /tmp ] && cleantmp
[ -d /var/run ] && cleanrun
[ -d /var/lock ] && cleanlock
[ "$VERBOSE" != no ] && echo "."

Would it make sense to make it a bug for a package to use /var/tmp (on
my system, I can see files from audacity and reportbug there) and
declare that this directory is for the use of the sysadmin only?

Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

To: debian-devel@lists.debian.org

In data luned� 6 maggio 2024 17:41:40 CEST, Luca Boccassi ha scritto:

On Mon, 6 May 2024 at 16:30, Simon Richter <sjr@debian.org> wrote:

Hi,

On 5/6/24 20:19, Luca Boccassi wrote:

Is that the default layout, or a selectable option?

When you create a partition manually, it asks for the mount point, and makes a number of suggestions in a dropdown, and /tmp is one of these.

There is also a "enter manually" option.

If the latter, to me it makes sense to keep it, maybe with updated wording. Making things customizable is not really an issue, as long as it's clear what happens where.

The only wording there is "/tmp - Temporary files" or something like
that (has been a while since I saw that particular menu) -- it's an
option in a menu, so space is limited.

FWIW, I don't see much of a use case for leaving /tmp on the root partition, so if no /tmp mount point is configured, mounting a tmpfs is
a good choice. Basically anything that can boot the installer has enough RAM.

Found it:

https://salsa.debian.org/installer-team/partman-basicfilesystems/-/blob/mast er/debian/partman-basicfilesystems.templates?ref_type=heads#L97

So unless someone has a better suggestion, I can change it from:

"/tmp - temporary files"

To something like:

"/tmp - temporary files (default: tmpfs)"

Have we agreed to default installs to tmpfs?

RAM on my machines has remained the same since the last time we had this discussion.

--
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

https://ltworf.codeberg.page/
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEQnSLnnbYmXmeH74Us6fPDIAYhs8FAmY5GHwACgkQs6fPDIAY hs+7KQ//Xuc4TmdrxvzKHlPeyuP03T8xUveLEzJ0zgSbmhT/aftXswe3g8u0Iijt TX9PXOXarY5Hd2UopnVy2RQGvvz50SiUqe1HHVS/Y9TpuE54HmL02BsENCoNWt2t Uulhtl7u8JzqG8Z6y7aY8LVnOAfYX0e1M0fsXDwWfA3yxsH6hl77NAZu1BJI1KDH vhHlyARS4qKfJW0Dhf/CJY+ANBkUx6CVCsqjZ1RsTOM3b3UTY64WFaobXjxJUdtQ lerb6EIcvjTJNVHlXawM3I4kthm0ggNi/NKMBUuSyvaME/vgSI8+mD3rk7yfymj/ QttcXNTuP8OB/hB8oiCu2wBu492ogxhimUR/nrbneVge2AfLpVQpFX9L3493YOST 7lbrZL7SNYafIPEqFxnokydkcOtXDx1OceQLVph8UNPS6yx9CROcV7E678IHT0RJ yFDFlNzh4GEtlqQ8lguX41KueKAL918s3lTL0oJyptaP54iM3+Kgv/h2gLTV58T1 9eTMLar9DPRMgE/UeZoZncBKRHscv9DKatFaccb/IIhcyGr64HIcBUdy8w1xKD7a V9KhCusFOb9gwK+MB60y2i0WlvQHZWEvrkaLiDhHQBGpOhTNqu/PjPfVhNpwOLa2 NHO45jaBn8Uq1zcbgCfunw6Ok

On a fresh installed fedora system I downloaded a .iso in /tmp, then the OOMkiller killed wayland, so everything died.

If you know you won't ever fill it up, I guess it's fine. But I'd go for the safer (and sadly slower) option.


--
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

https://ltworf.codeberg.page/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 6 May 2024 at 21:30, Salvo Tomaselli <tiposchi@tiscali.it> wrote:

On a fresh installed fedora system I downloaded a .iso in /tmp, then the OOMkiller killed wayland, so everything died.

If you know you won't ever fill it up, I guess it's fine. But I'd go for the safer (and sadly slower) option.

You can just configure it (or disable it) on older devices or where
you don't want it, it's very easy to do as already mentioned

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hakan Bayındır <hakan@bayindir.org> writes:

Consider a long running task, which will take days or weeks (which is
the norm in simulation and science domains in general). System emitted a warning after three days, that it'll delete my files in three days. My
job won't be finished, and I'll be losing three days of work unless I
catch that warning.

I have to admit that I'm a little surprised at the number of people who
are apparently using /var/tmp for things that are clearly not temporary
files in the traditional UNIX sense. Clearly this bit of folk knowledge
is not as widespread as I thought, so we have to figure out how to deal
with that, but periodically deleting files out of /var/tmp has been common
(not universal, but common) UNIX practice for at least thirty years.

Whatever we do with /var/tmp retention, I beg people to stop using
/var/tmp for data you're keeping for longer than a few days and care about losing. That's not what it's for, and you *will* be bitten by this
someday, somewhere, because even with existing Debian configuration many
people run tmpreaper or similar programs. If you are running a
long-running task that produces data that you care about, make a directory
for it to use, whether in your home directory, /opt, /srv, whatever.

/var/tmp's primary purpose historically was to support things like
temporary recovery files that needed to survive a system crash, but which
were still expected to be *temporary* in that one would then either use
the recovery file or expect it to be deleted. Not as an extension of
people's home directory.

Your system is your system, so of course you can configure /var/tmp
however you want and no one is going to stop you, but a lot of people on
this thread are describing habits that are going to lose their data if
they use a different distribution or even a differently-configured Debian distribution with tmpreaper installed.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 07, 2024 at 04:24:06PM +0300, Hakan Bayındır wrote:

On the other hand, if we need to change the configuration 99% of the time,

[citation needed]




--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmY6QDUtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh w0QQAIReCrdb5FtC598jhkz7Xikn8jf/kK69kATDFeSaH/iEwNkzVMi6slEmvq0u oOwi7jUtp2n8a+4MlFyTw66SA+ycjKfUjIUM7AWX4wthMHQmfDwyJWg5pb8aD3Wg ap31aZJ9ftVa3KXS78/eorq+WUH65Tm9lP4Cui0nEKxWsUpC3YxiSGIieQAFUzb9 Kbx0Wq/Hqu6KnzBPUefWolG/c6J4+1gugZ96C5wf2bGbL3IqndouN5JdICXMG94y u8AdP+aJvmkIqNrTUnyya0bYt6cacHDpenYTAvyXMztqUir60Z8O5h3ovU6rRaTB i/M9vwrT/7zPynP6PQDDbDHHwUzmSlDmnW7RYrD6z4RF0hXHQZ3zd29GqtEZegrs nTaWTtJgaguppFN8YFdooWOonvgX8v1dU4+/vJKq9VCVMdCks86C8WH+YY+4aV76 ytP+w8yCZM/yGzhPdwGKLdDG3qdukHRCHNYANhdEKC0NmwMsZqSr9phPdRqBxa9t oZum5ql5y0UO/gWSGTuLLp79Unx1W61N5HHdUbh1vCuQ83b0RXwh62hhV+pbZsmc hyVG/TKK6FYsRY69tp/c20B2bo8HjV3PDER9chW6xqLJ7OX8WO7OcURfCgyCH+tj FGGNc227IS/JYu1iqBcq3tZG6Hx1Lb1PVFij24+htB0RkFV/
=hyVt
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 07, 2024 at 04:24:06PM +0300, Hakan Bayındır wrote:

Consider a long running task, which will take days or weeks (which is the norm in simulation and science domains in general). System emitted a warning after three days, that it'll delete my files in three days. My job won't be finished, and I'll be losing three days of work unless I catch that warning.

Then it will be high time you learn not to abuse /tmp that way and
work in your (or your services) home/data directory.

Problem easily avoided. plus you don't need to make /tmp 20 TB because you
have lots of data. ;)

I'm a bit surprised how many people seem to really rely on data in /tmp
to survive for weeks or even months. I wonder if they backup /tmp?


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

"When one man dies it's a tragedy. When thousands die it's statistics." (Stalin commenting the worlds reaction on Covid 19.)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmY6R0gACgkQCRq4Vgaa qhxKWBAAuzfmgJ2opJ9n3uQO4dJcCIXoVOq4Rwfe/U2O26V+raLHitDnoBfG7ox7 aYbJcNohSKtpfx4G5kmOv2nCck3h4uanM/h+fMCx/3XuKi8sWM3QaIKSrxllIqgq ckDZaIt5qoKandjbuP2PvVrHXBONA6WpW7vI+THKW3OxeTYBs4ERp3vmss1qLQYg bX9QsRygGXPRRVj3Jckh8iv/sX9qDkTpVctvrk/69hqW+QIc7NrZVwFt09h7tpyn Qvyq7R364010UNYEW8bDHVrVYg6GUuRIGtSzduKucN/AZyeg9Qh4jfk+fiVz+UhF CE/VhBYtNryDurT+PjofH2Fo6+PJL8M/yxlWhL+JvVLNC1u5ivHKc3uBx2PJiWXM qZKKzjxcqOtaFBGe1vPJLzCqieeLxh+i9F5rLwJ39MbYo7cr8R2XOgV9zx3Ekmwm DmHTijAitB/xr0nSaGjeO50wsqUxoO5QDIOu+fSny/LPAOZCckZFTtzlm+yXVkWx 0HPjXdgEmdglY9LvHbaHGmuwacqgjx+7YNx5j+iyL6CkQEfqZ487

Hakan Bayındır <hakan@bayindir.org> writes:

Dear Russ,

If you are running a long-running task that produces data that you
care about, make a directory for it to use, whether in your home
directory, /opt, /srv, whatever.

Sorry but, clusters, batch systems and other automated systems doesn't
work that way.

Yours might not, but I spent 20 years maintaining clusters and batch
systems and I assure you that's how mine worked.

That's not an extension of the home directory in any way. After users
submit their jobs to the cluster, they neither have access to the
execution node, nor they can pick and choose where to put their files.

These files may stay there up to a couple of weeks, and deleting
everything periodically will probably corrupt the jobs of these users somehow.

Using /var/tmp for this purpose is not a good design decision.
Directories are free; they can make a new one and point the files of batch
jobs there. They don't have to overload a directory that historically has different semantics and is often periodically cleared. I get that this
may not be your design or something you have control over, so telling you
this doesn't directly help, but the point still stands.

Again, obviously the people configuring that cluster can configure it
however they want, including overriding the /var/tmp cleanup policy. But they're playing with fire by training users to use /var/tmp, and it's
going to result in someone getting their data deleted at some point,
regardless of what Debian does.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hakan Bayındır <hakan@bayindir.org> writes:

The applications users use create these temporary files without users' knowledge. They work in their own directories, but applications create another job dependent state files in both /tmp and /var/tmp. These are different programs and I assure you they’re not created there because
user (or we) configured something. These files live there during the
lifetime of the job, and cleaned afterwards by the application.

Then someone should fix those applications, because that behavior will
result in user data loss if they're not fixed. However, first one should
check whether the applications are just honoring TMPDIR or equivalent variables, in which case TMPDIR on batch systems often should be set to a user-specific or job-specific persistent directory for exactly this
reason. That way you can use a user-specific cleanup strategy, such as
purging that directory when all of the user's jobs have finished.

I understand your point, which is that this pattern is out there in the
wild and Debian is in danger of breaking existing usage patterns by
matching the defaults of other distributions. This is a valid point, and
I appreciate you making it.

My replies are not intended to dispute that point, but to say that the
burden of addressing this buggy behavior should not rest entirely on
Debian. What the combination of batch system and application is doing is semantically incorrect and is dangerous, and it really should be fixed.
Even if Debian changes nothing, at some point someone will deploy workers
with a different base operating system and be very surprised when these
files are automatically deleted.

We were automatically cleaning /tmp and /var/tmp on commercial UNIX
systems in 1995 and fixing broken applications that didn't honor TMPDIR.
This is not a new problem. Nor is having /var/tmp fill up and cause all
sorts of system problems because someone turned off /var/tmp cleaning
while trying to work around broken applications.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sent from my iPhone

On 7 May 2024, at 18:39, Holger Levsen <holger@layer-acht.org> wrote:

On Tue, May 07, 2024 at 04:24:06PM +0300, Hakan Bayındır wrote:

Consider a long running task, which will take days or weeks (which is the
norm in simulation and science domains in general). System emitted a warning >> after three days, that it'll delete my files in three days. My job won't be >> finished, and I'll be losing three days of work unless I catch that warning.

Then it will be high time you learn not to abuse /tmp that way and
work in your (or your services) home/data directory.

Problem easily avoided. plus you don't need to make /tmp 20 TB because you have lots of data. ;)

I'm a bit surprised how many people seem to really rely on data in /tmp
to survive for weeks or even months. I wonder if they backup /tmp?

Me is figurative here. Neither me, nor my code nor our users abuse these folders. The applications they use create these files without users’ knowledge.

And yes, these applications rely on the data they saved on /tmp during the job. Again, let me repeat. These are not users' files, but applications internal data which they automatically create.

And sometimes these /tmp folders are put on high speed internal NVMe RAIDs to allow multiple GPUs work together with lower latency, for weeks.

--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄

"When one man dies it's a tragedy. When thousands die it's statistics." (Stalin commenting the worlds reaction on Covid 19.)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Early in this meta-thread it was suggested to separate /tmp-is-tmpfs
from cleanup-of-{,/var}/tmp. I am really surprised that nobody has
suggested the obvious separation of new installs from upgrades.

Changing the local configuration for either feature is trivial either
way. I think the proposed changes are reasonable for _new_
_installations_. However, making configuration changes on upgrade that
may potentially cause significant problems, even if only for a small
number of users, and even if they are currently abusing tmp directories,
seems unnecessary to me.

The release notes can say "The defaults for new installations have
changed. For upgrades, if it will not cause a disruption on your
system, you can get the new behavior by changing these configuration
files...."

Personally, I believe (for upgrades) changing tmp-is-tmpfs will have
much less disruptive effect overall than the cleanup of /var/tmp, but I
don't see any reason to force either change on upgrade.

...Marvin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

Quoting Holger Levsen (2024-05-07 17:22:48)

On Tue, May 07, 2024 at 04:24:06PM +0300, Hakan Bayındır wrote:

Consider a long running task, which will take days or weeks (which is the norm in simulation and science domains in general). System emitted a warning
after three days, that it'll delete my files in three days. My job won't be finished, and I'll be losing three days of work unless I catch that warning.

Then it will be high time you learn not to abuse /tmp that way and work in your (or your services) home/data directory.

Problem easily avoided. plus you don't need to make /tmp 20 TB because you have lots of data. ;)

I'm a bit surprised how many people seem to really rely on data in /tmp to survive for weeks or even months. I wonder if they backup /tmp?

I like using /tmp because it's a tmpfs which makes some things faster. For quite a few things I do not want them to be stored long-term on my SSD so I resort to using /tmp and not the directory I called ~/tmp inside my $HOME.

This is also not only about data surviving for weeks and months. Elsewhere in this thread i mentioned mmdebstrap as an application which creates files in /tmp which have a modification time far in the past. The same happens when using other tools, for example lets say I want to have a small scratch space into which I wget some files:

$ wget https://www.debian.org/Pics/debian-logo-1024x576.png
$ stat -c %y debian-logo-1024x576.png
2020-12-17 10:59:08.000000000 +0100

Will this mean that debian-logo-1024x576.png might accidentally get cleaned up unless I disable that mechanism? The problem is not limited to people with a crazy large /tmp either. My system has 3.7 GB of ram and having /tmp be a tmpfs (even though it's very small) is still beneficial for me because my maximum read speed from my SSD is 140 MB/s. My small RAM is much faster than that.

Thanks!

cheers, josch
--==============01623862784702941=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmY6g38ACgkQ8sulx4+9 g+GOuhAAprQ1hTLdre7XR6Q017MN2TsUbHYdXqoesiKnaDdbvbFr5CE/MIRxwNMl Od0bQEjz0PhcGi3HUwpyD283bEXVvMhLxwnwHXOdVpJ4Evx/YnpDwJvNXlrlO0HW XhbYc5dKfXF86L1Zv/ci/cz0WvYYNnY6rwHhSb1NhsVsPpQ5uK0sO+mB0ZP9ylEK J5mZIs3UOy16m4TFJ+hROWQBIcMtukpdAFoaKx1QCp5UievnQQhD6BHNT8OnedYc GG3oM0P9lon2OrIePLqtWjEKU2KXd6+3I8olKXQ9byj1EbL/utlxPLxiJV3jDntm ph5Vzyg2bDxIqXQURmxvPOs7VBmau5UyJM5S1ckzAa1i8u7d8LSYCqOvehd8ZeWY ac0jkcnKDxNHbyKI7B22byiSHFcaFWZisjMPXp/9YCEK8OZ3cF5hkdeAHCQ7wiNO jrlPRiLJ1HpW9F2tNHHDS3oaGcvrUutkF5kG2/b40fhGBgP/LdseX4GMQxEtQSD0 26SHYC00IKU0DvBHq6jCuWsnvhn31pR/CFWMP9SjgfvxtXXv2ak2yrgHg69dB31x z3rSxAoZp14KjESdNfA07AtddbufxcspUg4jwbZ3JNoQzl/0L/63oT7c4lRqTeRN c6mr8cw5n2feJ8jgzaSr5NSKsV0DeNPEII5u5gKfhDEwhvw+yC4=
=AOK0
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Holger Levsen <holger@layer-acht.org> writes:

I'm a bit surprised how many people seem to really rely on data in /tmp
to survive for weeks or even months. I wonder if they backup /tmp?

I use /tmp for things that fall somewhere between "needs a backup" and "unimportant, can be deleted whenever". I think all of the issues raised (disappearing files from git checkouts, old files in unpacked tarballs/debootstraps/downloads, autopkgtests, 3rd-party-software, bad
choices in tmux/ssh-agent/etc) fall into that spectrum: It's not that
the data is critical, but losing it creates more work -- what is the
reason for accepting that 'risk'?

btw, i'm not trying to argue against the change, but i dont yet
understand the rationale (which id like to be put into the
release-notes): is there perhaps something more compelling than "other distributions and upstream already do this"?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Richard Lewis <richard.lewis.debian@googlemail.com> writes:

btw, i'm not trying to argue against the change, but i dont yet
understand the rationale (which id like to be put into the
release-notes): is there perhaps something more compelling than "other distributions and upstream already do this"?

It sounds like that is what kicked off this discussion, but moving /tmp to tmpfs also usually makes programs that use /tmp run faster. I believe
that was the original motivation for tmpfs back in the day.

For /var/tmp, I think the primary motivation to garbage-collect those
files is that filling up /var/tmp is often quite bad for the system. It's frequently not on its own partition, but is shared with at least /var, and filling up /var can be very bad. It can result in bounced mail, unstable services, and other serious problems.

Most modern desktop systems now have large enough drives that this isn't
as much of a concern as it used to be, but VMs often still have quite
small / partitions and put /var/tmp on that partition.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: holger@layer-acht.org (Holger Levsen)

I'm a bit surprised how many people seem to really rely on data in /tmp
to survive for weeks or even months. I wonder if they backup /tmp?

If the expectation is that it sits there until the system is rebooted, and the system isn't rebooted for months, the logical conclusion is that the data will remain there for months, unless manually removed.

Changing this will inevitably create frustration.

On my system /var/tmp is only used for some systemd stuff, while /tmp is filled with all sort of work in progress things, that I don't want to disappear
before the progress reaches 100%.

Best


--
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

https://ltworf.codeberg.page/
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEQnSLnnbYmXmeH74Us6fPDIAYhs8FAmY6qHsACgkQs6fPDIAY hs89cQ//ZwhhdyNYB3f3XFuak31x/yPhFcwKdLgv9RfBbQfIGo7PqX6O2VCXqbMX PxLOZ3ysQfM2DyXess9oPPHRgXNPUfZMaL1WaY3yOcoPsRsOlni8K6to87jrf26c ai8SHTJngZTrSkhlZ0ZBffPiMmu2xSKr8wM47JqlNPYoqX5f7XxgNDd9H+xO+EFL ayUMHXEZ1M9gE4q4H26XVm7KD6vmVj1SDgcQW3eq3LSCBek+ZGnEGrvh+WcQeuBJ kV50nxnVMzIqQOODA/skL+d5kEQgC9ad24CQgF7HESaBI39ZrsXYUvayXYQ14VqQ I0D39JRHkN74HDRimrf/Yr7X+qZsQ5QViqu+DoYgvAcKReb/PRp1EHZS+7yPvvHu OUE/p7u9oFtGq+sQhz8JqsgzW6w4mF8n2bKYLod8+pbnHSgZJSnLpULg4lQUZtXc 4zSHAlKCBTSZTh01vIH7eHkE4ak4FPptUd/ylD/ZZldfCR0kO23YlUSbw2LRC0IF buzz9onD5RBdrVJfpWdWjFDxDFGC6BNActImgQ74ucUl0QMyy0EQWSYKmDZQdrUC c//MoXWt3qYzPs8e+Uw1fTPXXaXtPzNXHO07AoedSApjn36uD56M/Iw9sSTWy70w /AZzUyBrHvqgFrlQCzpX7XjyI89AObXqArhSPgBhL5FpdOmnfxI=
=tqm8
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In data martedì 7 maggio 2024 15:40:49 CEST, rhys@neoquasar.org ha scritto:

The /tmp/ as tmpfs discussion is funny to me because while we've been
kicking around the idea of whether or not to clean /tmp/, having /tmp/ as a tmpfs makes that whole argument moot. It all goes away at boot time!
Problem solved! :D

Systemd administrators might deal with thousands of servers. They want sane defaults, not to carefully consider every machine and decide case by case.

This is something that "smanettoni" (no good english translation) do, and it's fine for them to change the defaults and play around with various settings.

But people who use the system rather than play with the system need good defaults.

Perhaps you don't remember or weren't there for the discussion about /tmp on tmpfs that happened a number of years ago… But I really don't think anything has changed since then.

--
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

https://ltworf.codeberg.page/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On 5/8/24 07:05, Russ Allbery wrote:

It sounds like that is what kicked off this discussion, but moving /tmp to tmpfs also usually makes programs that use /tmp run faster. I believe
that was the original motivation for tmpfs back in the day.

IIRC it started out as an implementation of POSIX SHM, and was later generalized. The connection to SHM is still there -- POSIX SHM only
works if a tmpfs is mounted anywhere in the system. Canonically, a tmpfs
is mounted on /dev/shm for that purpose, but if /tmp is a tmpfs, then
/dev/shm doesn't need to exist.

I agree that it makes a lot of things run faster (especially compiling,
which creates temporary files in /tmp), but it has also caused
situations that required pressing SysRq to resolve (also during compiling).

For /var/tmp, I think the primary motivation to garbage-collect those
files is that filling up /var/tmp is often quite bad for the system. It's frequently not on its own partition, but is shared with at least /var, and filling up /var can be very bad. It can result in bounced mail, unstable services, and other serious problems.

When /var runs full, the problem is probably initrd building.

Taking a quick look around all my machines, the accumulated cruft in
/var/tmp is on the order of kilobytes -- mostly reportbug files, and a
few from audacity -- and these machines have not been reinstalled in the
last ten years.

Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Simon Richter <sjr@debian.org> writes:

On 5/8/24 07:05, Russ Allbery wrote:

It sounds like that is what kicked off this discussion, but moving /tmp
to tmpfs also usually makes programs that use /tmp run faster. I
believe that was the original motivation for tmpfs back in the day.

IIRC it started out as an implementation of POSIX SHM, and was later generalized.

I believe you're correct for Linux specifically but not in general for
UNIX. For example, I'm fairly sure this is not the case on Solaris, which
was the first place I encountered tmpfs and where tmpfs /tmp was the
default starting in Solaris 2.1 in 1992. tmpfs was present in SunOS in
1987, so I'm pretty sure it predates POSIX shared memory.

Linux was very, very late to the tmpfs world.

When /var runs full, the problem is probably initrd building.

I'm not quite sure what to make of this statement. On my systems, /var contains all sorts of rather large things, such as PostgreSQL databases,
INN spool files, and mail spools. I have filled up /var on many systems
over the years, and it's never been by building initrd images.

Taking a quick look around all my machines, the accumulated cruft in
/var/tmp is on the order of kilobytes -- mostly reportbug files, and a
few from audacity -- and these machines have not been reinstalled in the
last ten years.

Yes, I don't think many programs use it. I think that's a good thing; the specific semantics of /var/tmp are only useful in fairly narrow
situations, and overfilling it is fairly dangerous.

Back in the day, /var/tmp was the thing that you used if /tmp was too
small (because it was usually tmpfs). For example, using sort -T /var/tmp
to sort large files is an old UNIX rune. And, of course, students would
use it because they ran out of quota in their home directories and then
get upset when their files got deleted automatically, back in the days of shared UNIX login clusters.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 07 May 2024 22:29:30 +0100, Richard Lewis <richard.lewis.debian@googlemail.com> wrote:

Holger Levsen <holger@layer-acht.org> writes:

I'm a bit surprised how many people seem to really rely on data in /tmp
to survive for weeks or even months. I wonder if they backup /tmp?

I use /tmp for things that fall somewhere between "needs a backup" and >"unimportant, can be deleted whenever".

For me there is a difference between /tmp and /var/tmp. On all my
systems, /tmp has been a tmpfs for decades, /var/tmp being used for
data that is too large for tmpfs.

Even losing /tmp would probably affect some of my running programs
including the X11 session.

Greetings
Marc
--
---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On 2024-05-07 09:43, Russ Allbery wrote:

I understand your point, which is that this pattern is out there in the
wild and Debian is in danger of breaking existing usage patterns by
matching the defaults of other distributions. This is a valid point, and
I appreciate you making it.

The more general point being that if systems have certain properties,
whether by design or by accident, people tend to rely on them if these properties are useful for whatever reasons.

In the specific case of /var/tmp in Debian, for a very long time now the properties have been: (1) persistent, world-writable storage (2) outside
of /home (3) available by default on all systems without any
configuration. To many, these properties make for a good place where transient-ish work can be done without the risk of losing it upon reboot
(or power loss, or similar). Not being in /home is an important one,
because for instance /home may be regularly backed up, or it may be on a
NFS share, or who knows what else, and you may not want that who knows
why.

All of that being said, I do see the value in uniformity with other
distros, also because it surely makes things easier for maintainers.
And yes, https://xkcd.com/1172/.

It's just that changes are usually a costs/benefits tradeoff -- in the
xkcd a CPU is overheating, whereas in this case the problem to fix seems
a bit less obvious.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon May 6, 2024 at 5:01 PM BST, Luca Boccassi wrote:

On Mon, 6 May 2024 at 16:51, Barak A. Pearlmutter <barak@cs.nuim.ie>
wrote:

For whatever reason, a lot of people who process large data use /var/tmp/FOO/ as a place to store information that should not be
backed up, but also should not just disappear.

Then such people, assuming they actually exist, can configure their
custom systems accordingly upon reading the release notes before
upgrading, as they would do anyway if installing on CentOS or any
other major OS. Hence, not an issue either.

They actually exist. I'm been one of them, I've worked with many of
them, it's an incredibly common pattern in academic computing at least,
and changing it in Debian should be a very carefully explored decision.

You've pointed out that changing the behaviour from the default, in
either direction, is trivial. The issue is not one of individual
preference but of what is default. The long-established status quo
is not to clean /var/tmp. There is serious risk here: to users data
and correspondingly to Debian's reputation for stability, which
many of us have worked hard to maintain for a very long time.

If you think we need hard data to quantify this practice, then let's
work on a plan for how to gather that going forward, rather than
dismiss this outright because we haven't collected it.

Else-thread, Russ begs people to stop doing this. I agree people
shouldn't! We should also work on education and promotion of the
alternatives.

I'd like to hear some arguments *in favour* of making this change.
Alignment with systemd-upstream, reduced package maintenance burden
are two that I can think of, but perhaps I've missed more. These two,
IMHO, are significantly outweighed by the risks.

Please hold off making this change now and let this discussion continue.


--
Please do not CC me for listmail.

👱🏻 Jonathan Dowland
✎ jmtd@debian.org
🔗 https://jmtd.net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I'd like to hear some arguments *in favour* of making this change.
Alignment with systemd-upstream, reduced package maintenance burden
are two that I can think of, but perhaps I've missed more. These two,
IMHO, are significantly outweighed by the risks.

Let me see if I understand the arguments being made in favor.

1. Compatibility with upstream. This means all the upstream logic is
sort of imported by reference, so the below is mainly the upstream
logic, as I understand it.

2. Defend the system against buggy programs that leave debris in
/var/tmp/, and against debris left there when programs are terminated prematurely. These are programs which use /var/tmp/ internally, but
not as part of their API, so the user would have no particular way of
knowing that they are leaving things there, would have no particular
reason to check for and delete such files, and might not be able to
easily recognize which files should be removed.

3. Defend the system against forgetful users, who create files in
/var/tmp/ but neglect to delete them when they're no longer needed.

Unfortunately 2 & 3 cannot be mechanically distinguished, so even if
you wanted to have separate policies for these two classes of files,
it's not really technically possible. So upstream is optimizing for
case (2), and suggests that /var/tmp/ be sort of reserved for programs
and scripts that are aware of this policy, and users not manually
create files there.

I hope that's an accurate characterization.

I looked at the upstream bug report https://github.com/systemd/systemd/issues/32674 which suggests that
deletion of directory trees in /var/tmp/ be atomic, and trigger only
when everything in the tree meets criteria for deletion. I added a
comment suggesting that the policy be tweaked in two ways. (a) Use
system-up time rather than wall-clock time for measuring file age, to
address the "suspending or shutting down for over 30 days breaks
running data processing scripts that uses /var/tmp/ for intermediate
files" issue. I sort of have an invariant in my head, which is that
suspending the computer doesn't break things, and also the whole point
of /var/tmp/ is that files there are preserved across boots. And (b)
check if a file is open by some process, the same way fuser(1) does,
and if so, don't delete it. Could also preserve directories which are
the current directory of some process, if you want to be even more
user friendly.

The only response I got was "don't use temporary directories for
things that you cannot afford to lose and recreate", which I don't
really understand. It's like saying "you should have good backups, so
it's not a problem to just delete anything in /home older than two
days". Bottom line, it's not clear to me that upstream has really
thought this through with users in mind. I'd suggest that Debian may
wish to tweak the defaults on this stuff pretty hard to be more user
friendly.

Here are a couple cheap tweaks I'd suggest. My hope is that these
would avoid some of the worst case scenarios discussed while still
satisfying the goals 1/2/3 above, and being super easy to implement.

- lengthen the reap time for /var/tmp/ to eight weeks, since Europeans
often take six-week vacations.

- make a "tempdir" command, philosophically similar to tempfile in
debianutils, which creates a fresh directory in /var/tmp/ and drops
the user into a shell with that as the current directory, directory
flocked until that subshell terminates. Could give an optional
directory argument to lock so you can get back into a directory, and
maybe have options to run a program there before or instead of the
subshell.

- following a resume-from-suspend or boot, shut off the delete-old-files-in-var-tmp mechanism for a while, maybe eight hours
or something like that. Maybe shorten the delay if it doesn't get to
run across multiple resume-or-boot cycles for a week or two.

- as discussed earlier, add /tmp/00-README and /var/tmp/00-README to
explain this old-file-deletion policy

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

Quoting Barak A. Pearlmutter (2024-05-13 10:47:43)

I'd like to hear some arguments *in favour* of making this change. Alignment with systemd-upstream, reduced package maintenance burden
are two that I can think of, but perhaps I've missed more. These two,
IMHO, are significantly outweighed by the risks.

Let me see if I understand the arguments being made in favor.

thank you, I'd also like to understand them.

1. Compatibility with upstream. This means all the upstream logic is sort of
imported by reference, so the below is mainly the upstream logic, as I
understand it.

Yes, I also think that there is value in doing the same thing that upstream or other distros are doing. There is a cost if Debian decides to deviate from what others decided to be the default.

2. Defend the system against buggy programs that leave debris in /var/tmp/,
and against debris left there when programs are terminated prematurely.
These are programs which use /var/tmp/ internally, but not as part of
their API, so the user would have no particular way of knowing that they
are leaving things there, would have no particular reason to check for and
delete such files, and might not be able to easily recognize which files
should be removed.

But I do not understand this as an advantage. In my mind it is quite the opposite. The buggy programs which leave files in /tmp will now have their bugs not noticed anymore because the files get cleaned up by systemd. On the other hand, we are now introducing new bugs in programs which should do an flock on the temporary directory but do not do so yet. Imagine I would not've read debian-devel. How would I as the mmdebstrap author have noticed that my tool as a user of /tmp should set up this flock? I imagine the bug report of somebody who has a weird problem with the chroot but somehow they are unable to reproduce it because it depends on the cleanup timing. Are the bugs we are introducing by regularly cleaning up /tmp not potentially super hard to diagnose and might thus just not get fixed? Is there an effort to go around and identify programs we ship with long lasting use of /tmp and is filing bugs so that they are performing an flock? And at the same time we are now ignoring the bugs in programs who leave files in /tmp and forget to clean them up. Is this not a disadvantage of this change instead of an advantage?

I looked at the upstream bug report https://github.com/systemd/systemd/issues/32674 which suggests that deletion of directory trees in /var/tmp/ be atomic, and trigger only when everything in the tree meets criteria for deletion. I added a comment suggesting that the policy be tweaked in two ways. (a) Use system-up time rather than wall-clock time for measuring file age, to address the "suspending or shutting down for over 30 days breaks running data processing scripts that uses /var/tmp/ for intermediate files" issue. I sort of have an invariant in my head, which is that suspending the computer doesn't break things, and also the whole point of /var/tmp/ is that files there are preserved across boots. And (b) check if a file is open by some process, the same way fuser(1) does, and if so, don't delete it. Could also preserve directories which are the current directory of some process, if you want to be even more user friendly.

The only response I got was "don't use temporary directories for things that you cannot afford to lose and recreate", which I don't really understand. It's like saying "you should have good backups, so it's not a problem to just delete anything in /home older than two days". Bottom line, it's not clear to me that upstream has really thought this through with users in mind. I'd suggest that Debian may wish to tweak the defaults on this stuff pretty hard to be more user friendly.

Thank you, the suspend issue is another issue that is created by this change. If we want to try and weigh cost against benefit, do the benefits really outweigh the cost? How costly is it to carry a patch in Debian and deviate from upstream versus all the problems that participants of this thread now listed? My gut feeling is, that the cost of these hard to debug problems is far greater than continuing to deviate from upstream and carry a Debian-specific patch, no?

- as discussed earlier, add /tmp/00-README and /var/tmp/00-README to explain this old-file-deletion policy

I think this is a really good idea.

Thanks!

cheers, josch
--==============097179399982010766=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmZB4JAACgkQ8sulx4+9 g+FeWA//V0dFhYtJT0U6DjDbdefsZtls3Tcm9tY8d4G83fFZmDvQqyAY0DaZFO64 sCesppn63PJvJbewy0H/SXnlSE4qmEq3D+d0hKPxYGdDr7t+DCfpxU8MbXSDwhSv 0YrxlN6DvDazrAb6zwxdPn+IwQ1kWUVtuS4h2MdlIndWF3sIV10KW++psPqYtWWp Uin9KitkGXowzdZ28RpxgRNpVlgmsDs0i6j707NK1ObSCAzd+MFhDnAeS0gmWJ2P Y9hfmpA/wMjep/mU9++AzksQbt4R88s2LCXuXF6/+D+6h10ZHDWzcco1VmR9fzqk Te9G3ZpfP/5IIqCLT76NZBHuJgV64AuMFaAhiYRXwsozbyVJWxsD8AxWUWSfzwcJ 5x5oTykL5osG3iuTL2SG/LOEV3N1YA+Y5ltSC7XWYOMs/gbJTXQQZaC8qQKq7fFS 5nxI1V4TAhcgmp7+L1asxevA7fsi5AGvLhFDtRyblAAOidPqp8xGZ2pf0fH/zU5K 31BV9K7DNLNo9sPof5rpFzATkthcr8rE1F86taWUaHmin3/ePSVv+zOcMEBOUDl3 H7E0pXhxKsLaS81P0HnBkd7n4SlYLUqZgDLRajC0Y7GJ+yyS28xzDmh3BC/47Vlt 3FewY1lsz+5waqVvk/5ensvrQ5ps2mtpqZEdK0inw2MPwAcKm3A=
=W/AP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Unless somebody's already put it there, I'm going to move these
suggestions to a wishlist bug against systemd. Not sure if it should
be one bug or a few, one for each suggestion.

Currently discussion about reaping /var/tmp/ is in https://bugs.debian.org/966621 and https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870585 but
these are discussing "should we turn on /var/tmp/ reaping" rather than
"if we do turn it on, should we take measures to make it safer".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, May 06, 2024 at 07:42:11AM -0700, Russ Allbery wrote:

Historically, deleting anything in /var/tmp that hadn't been accessed in
over seven days was a perfectly reasonable and typical configuration.
These days, we have the complication that it's fairly common to turn off atime updates for performance reasons, which makes it a bit harder to implement that policy when /var/tmp isn't its own partition and thus
inherits that setting from the rest of the system.

Apologies for being a bit late to this, but is this true? relatime-type
setups will still update atime if the time between the previous update
and the access is larger than some threshold, so you lose some degree of granularity but the rough policy should still apply.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Matthew Garrett <mjg59@srcf.ucam.org> writes:

On Mon, May 06, 2024 at 07:42:11AM -0700, Russ Allbery wrote:

Historically, deleting anything in /var/tmp that hadn't been accessed
in over seven days was a perfectly reasonable and typical
configuration. These days, we have the complication that it's fairly
common to turn off atime updates for performance reasons, which makes
it a bit harder to implement that policy when /var/tmp isn't its own
partition and thus inherits that setting from the rest of the system.

Apologies for being a bit late to this, but is this true? relatime-type setups will still update atime if the time between the previous update
and the access is larger than some threshold, so you lose some degree of granularity but the rough policy should still apply.

You are correct and I completely forgot about that.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)