How to cleanup tmp folder safely on Linux

Question

I use RAM for my tmpfs /tmp, 2GB, to be exact. Normally, this is enough but sometimes, processes create files in there and fail to cleanup after themselves. This can happen if they crash. I need to delete these orphaned tmp files or else future process will run out of space on /tmp.

How can I safely garbage collect /tmp? Some people do it by checking last modification timestamp, but this approach is unsafe because there can be long-running processes that still need those files. A safer approach is to combine the last modification timestamp condition with the condition that no process has a file handle for the file. Is there a program/script/etc that embodies this approach or some other approach that is also safe?

Incidentally, does Linux/Unix allow a mode of file opening with creation wherein the created file is deleted when the creating process terminates, even if it's from a crash?

Answer 1

You might want to try something like that:

find /tmp -mtime +7 -and -not -exec fuser -s {} ';' -and -exec echo {} ';'

find is used to find files that match certain criteria.

• -mtime +7 only selects files that are older than 7 days (you may use any other value)
• -exec fuser -s {} ';' calls fuser in silent mode for every file that matches the oldness criteria. fuser returns 0 (=true) for every file that's been accessed right now and 1 (= false) for the unaccessed ones. As we are only interested in the unaccessed ones, we put a -not in front of this -exec
• -exec echo {} ';' just prints all file names matching the criteria. you might want use -exec rm {} ';' instead here, but as this may delete some still-in-use files, I think it's safer to do a simple echo first.
• edit: You might want to add something like -name 'foo*.bar' or -uid 123 to limit the effects of the cleanup to specific file patterns or user IDs to avoid accidental effects.

To the last point: Consider that there might be files that are only written once (e.g. at system boot) but read frequently (e.g. any X-session-cookie). Therefore I recommend adding some name checks to only affect files created by your faulty programs.

edit2: To your last question: A file won't get deleted from disk until no process has an open handle to it (at least for native linux filesystems). The problem is that the directory entry is removed immediately which means that from the time you remove the file no new processes can open the file anymore (as there's no filename attached to it).

For details see: https://stackoverflow.com/questions/3181641/how-can-i-delete-a-file-upon-its-close-in-c-on-linux

edit3: But what if I wanted to automate the whole process?

As I said, there might be files that are written once and then read every once in a while (e.g. X session cookies, PID files, etc.). Those won't be excluded by this little removal script (which is the reason why you might wanna do a test run with echo first before actually deleting files).

One way to implement a safe solution is to use atime.
atime stores the time each file was last accessed. But that file system option often is disabled because it has quite some performance impact (according to this blog somewhere in the 20-30% region). There's relatime, but that one only writes the access time if mtime has changed, so this one won't help us.

If you want to use atime, I'd recommend to have /tmp on a separate partition (ideally a ramdisk) so that the performance impact on the whole system isn't too big.

Once atime is enabled, all you have to do is to replace the -mtime parameter in the above command line with -atime.
You might be able to remove the -not -exec fuser -s {} ';', but I'd keep it there just to be sure (in case applications keep files open for a long period of time).

But keep in mind to test the command using echo before you end up removing stuff your system still needs!

Answer 2

Don't roll your own.

Debian/Ubuntu have tmpreaper, it's probably available in other dists as well.

# tmpreaper - cleans up files in directories based on their age

sudo apt-get install tmpreaper

cat /etc/tmpreaper.conf 

Answer 3

Regarding the last part of your question:

While I don’t think that an ‘delete-this-if-I-die’ open/creation mode exists, a process can safely delete a file directly after creating it, as long as it keeps a handle to said file open. The kernel will then keep the file on disk and as soon as the last process who had opened the file exits (be it by crash or normally), the space occupied by the file will be freed.

For a general way around the problem that some processes sometimes don’t clean up /tmp, I would suggest having a look at mount namespaces, described, for example here or here. If the process in question is a system daemon, systemd and its native feature to allow private /tmp filesystems might be of interest.

Answer 4

You could just do rm -rf /tmp/* and hope nothing breaks...

Answer 5

use built-in tmpfiles.d instead of. Check this answer: https://askubuntu.com/a/857154/453746

I'm checking this on Ubuntu 16.10. I can certify that editing /etc/default/rcS has no effect at all anymore and the files in tmp are wiped out by reboot no matter what you put in that file. As others mention, tmpreaper is no longer used.

I think the right answer is that Ubuntu 16.10 has a new setup. There is a folder /etc/tmpfiles.d, documented in the man page "tmpfiles.d". In that folder, one should place a configuration file to control whether the /tmp is to be erased. This is what I am doing to stop reboots from erasing files in /tmp unless they are 20 days old:

#/etc/tmpfiles.d/tmp.conf

d /tmp 1777 root root 20d Replace "20d" by "-" if you never want files deleted. This is my best effort, that man page is nearly impenetrable with detail.

The advantage of the new setup is that a file cleaner can still run even if the system is not rebooted (as in the case of an always on server). That's a big plus, I think.

Answer 6

for a GUI try this; http://bleachbit.sourceforge.net/

cleans and scrubs. preview mode.

Answer 7

Obtain a list of files older than so an so, exclude files that are open by anything from that list:

find /tmp -mtime +7 |\
    egrep -v "`lsof -n +D /tmp | awk 'NR>1 {print $9}'| tr \\n \|`" 

lsof -n +D /tmp: look for open files in /tmp
awk 'NR>1 {print $9}': print only the ninth column of lsof output, excluding the headers
tr \\n \|: replace new-line by bar (OR in egrep)
egrep -v "foo|moo|bar": print lines NOT containing foo or moo or bar

Answer 8

I agree with the above, to add to it though- I always run lsof +L1 | grep tmp and either kill or restart the processes holding on to "deleted" tmp files: EXAMPLE-

# lsof +L1 | grep tmp
xfce4-ter  1699  user   32u   REG    8,6      192     0 818552 /tmp/vte966VLX (deleted)
chrome     3301  user  138u   REG    8,6    16400     0 818547 /tmp/etilqs_Z0guKD7p6ork9iG (deleted)