Per User Temp Dirs - Waikato Linux Users Group

Note: You are viewing an old revision of this page. View the current version.

This trick is for multiuser boxes to try and ammeleriate issues with people creating insecure temporary files (and to make it obvious which applications don't respect TMPDIR). The idea is to create a seperate directory for every user on the machine that's 700 to that user and point TMPDIR at it. I think that this idea could(/should?) be used by default by distributions.

The first part of the script goes in .bash_profile

Set up each users own temp directory (kinda)

mkdir /tmp/$USER 2>/dev/null if [ -O /tmp/$USER?; then

TMPDIR=/tmp/$USER

else

TMPDIR=$(mktemp -d /tmp/${USER}.XXXXXX)

touch $TMPDIR/.bash.$$

TMP=$TMPDIR TEMP=$TMPDIR

export TMPDIR TMP TEMP

Then in .bash_logout

rm $TMPDIR/.bash.$$ rmdir $TMPDIR 2>/dev/null

This means that it will remove the directory when the last shell is closed and there are no more files in the directory.

If users want scratch space to copy files between users etc, they can use /tmp directly as LFS suggests, however conformant programs should use /tmp/username or /tmp/username.uniqueid.

Ideally Linux could transparently produce a unique /tmp/ for each $USER on the system, but that would break LinuxStandardsBase compiliance and many applications.

CategorySecurity

One page links to PerUserTempDirs:

EnvironmentVariable

Version 3, saved on Tuesday, November 16, 2004 10:24:24 am by StuartYeates

Edit PageHistory Diff Info LikePages