Resolving problems with /tmp directory mounted with NOEXEC

Issue

You have encountered an issue installing an application or PHP Module that is attempting to execute files that have been copied into the /tmp directory.

Reason

As a security precaution, /tmp and /var/tmp are mounted with noexec, nsuid and nodev to prevent the many simple exploits uploaded via vulnerable PHP applications from being able to execute commands in /tmp and/or /var/tmp.

Solution

In some cases you may need to have /tmp executable. Depending on what function you are using, there are a few options to bypass this restriction.

If you are using apt-get/aptitude, you can run a simple one-liner command to use /var/local/tmp instead of /tmp:

echo "APT::ExtractTemplates::TempDir \"/var/local/tmp\";" | tee /etc/apt/apt.conf.d/50extracttemplates && mkdir /var/local/tmp/

If you are attempting to install PECL extensions, setup a new temporary directory where the extensions are compiled by running the following commands:

mkdir -p ~/tmp/pear/cache

mkdir -p ~/tmp/pear/temp

pear config-set download_dir ~/tmp/pear/cache

If you're simply running ./configure to compile something, most Linux utilities will honor the TMPDIR option. TMPDIR is the canonical Unix environment variable that points to user scratch space. This will denote the scratch area for temporary files instead of the common default of /tmp. Other forms sometimes accepted are TEMP, TEMPDIR, and TMP but these are used more commonly by non-POSIX operating systems

Finally, if you are still having trouble you can bind /tmp and /var/tmp to another directory with executable permissions using the following example :

Do the substitute directories exist? If not then create them:

Then bind /tmp and /var/tmp to these new directories:

mount --bind ~/tmp /tmp

mount --bind ~/var/tmp /var/local/tmp

Keep in mind that if you reboot your VPS after you have done this, /tmp and var/tmp will return to 'noexec'

When you are finished, umount the new ~/tmp directory with the following command: