[checkpath] / tmpdir.1

.\" -*-nroff-*-
.TH tmpdir 1 "6 April 1999" "Local tools"
.SH NAME
tmpdir \- choose, or check a choice of, temporary directory
.SH SYNOPSIS
.B tmpdir
.RB [ \-bc ]
.RB [ \-v
.IR dir ]
.SH USAGE
The
.B tmpdir
program creates a secure place for temporary files to be stored, and
outputs an assignment to the 
.B TMPDIR
variable suitable for execution by a shell.
.PP
Many programs aren't sufficiently careful about how they handle
temporary files.  For example, if a program which creates files in
.B /tmp
without making careful checks beforehand, a malicious user who can
predict the name that the program will use can create a symbolic link
with that name: when run, the program will then overwrite some file
using your current privileges.  Similarly, many programs create
temporary files using generous default permissions, which may well be a
mistake.
.PP
The
.B tmpdir
program finds a secure place for temporary files, creating one if
necessary.  The criteria it uses to choose a place are as follows:
.IP "   1."
The temporary directory must be owned by the user, and have mode 700
(i.e., readable, writable and searchable only by the owner).
.IP "   2."
The path through the filesystem to the temporary directory must be
secure against modifications by other malicious users.  See the
.BR chkpath (1)
manual page for a description of how this is done: the two programs work
in the same way.
.PP
First,
.B tmpdir
checks to see whether the current value of the
.B TMPDIR
environment variable is a secure place for temporary files.  If so, it
is accepted immediately.  Otherwise, it tries to find or create a
directory in
.B /tmp
(on the assumption that this is a fast disk suitable for temporary
files), with the name
.BI /tmp/ user \- suffix
for some
.IR suffix .
If that fails, it tries to create a directory in your home directory,
with the name
.BI ~/tmp\- suffix\fR.
If
.I that
fails too, then
.B tmpdir
gives up: if your home directory's not secure (or full) than a secure
temporary directory is the least of your worries.
.SS Options
The following options are supported:
.TP
.B "\-b, \-\-bourne"
Output an assignment using Bourne shell syntax.  The default is to
examine the user's shell and decide which syntax to use based on that.
.TP
.B "\-c, \-\-cshell"
Output an assignment using C shell syntax.
.TP
.BI "\-v, --verify " dir
Don't try to find a temporary directory; just see whether
.I dir
is secure, and exit successfully if it is (and unsuccessfully if it
isn't).
.SH BUGS
None known.
.SH SEE ALSO
.BR chkpath (1),
.BR checkpath (3),
.BR tmpnam (3),
.BR tmpfile (3).
.SH AUTHOR
Mark Wooding (mdw@nsict.org).
Commit	Line	Data
19cb3d11	1	.\" --nroff--
efa7a97b	2	.TH tmpdir 1 "6 April 1999" "Local tools"
	3	.SH NAME
	4	tmpdir \- choose, or check a choice of, temporary directory
	5	.SH SYNOPSIS
	6	.B tmpdir
	7	.RB [ \-bc ]
	8	.RB [ \-v
	9	.IR dir ]
	10	.SH USAGE
	11	The
	12	.B tmpdir
	13	program creates a secure place for temporary files to be stored, and
	14	outputs an assignment to the
	15	.B TMPDIR
	16	variable suitable for execution by a shell.
	17	.PP
	18	Many programs aren't sufficiently careful about how they handle
	19	temporary files. For example, if a program which creates files in
	20	.B /tmp
	21	without making careful checks beforehand, a malicious user who can
	22	predict the name that the program will use can create a symbolic link
	23	with that name: when run, the program will then overwrite some file
	24	using your current privileges. Similarly, many programs create
	25	temporary files using generous default permissions, which may well be a
	26	mistake.
	27	.PP
	28	The
	29	.B tmpdir
	30	program finds a secure place for temporary files, creating one if
	31	necessary. The criteria it uses to choose a place are as follows:
4a1f00c4	32	.IP " 1."
efa7a97b	33	The temporary directory must be owned by the user, and have mode 700
efa7a97b	34	(i.e., readable, writable and searchable only by the owner).
4a1f00c4	35	.IP " 2."
efa7a97b	36	The path through the filesystem to the temporary directory must be
	37	secure against modifications by other malicious users. See the
	38	.BR chkpath (1)
	39	manual page for a description of how this is done: the two programs work
	40	in the same way.
	41	.PP
	42	First,
	43	.B tmpdir
	44	checks to see whether the current value of the
	45	.B TMPDIR
	46	environment variable is a secure place for temporary files. If so, it
	47	is accepted immediately. Otherwise, it tries to find or create a
	48	directory in
	49	.B /tmp
	50	(on the assumption that this is a fast disk suitable for temporary
	51	files), with the name
	52	.BI /tmp/ user \- suffix
	53	for some
	54	.IR suffix .
	55	If that fails, it tries to create a directory in your home directory,
	56	with the name
	57	.BI ~/tmp\- suffix\fR.
	58	If
	59	.I that
	60	fails too, then
	61	.B tmpdir
	62	gives up: if your home directory's not secure (or full) than a secure
	63	temporary directory is the least of your worries.
1c5f5498	64	.SS Options
efa7a97b	65	The following options are supported:
	66	.TP
	67	.B "\-b, \-\-bourne"
	68	Output an assignment using Bourne shell syntax. The default is to
	69	examine the user's shell and decide which syntax to use based on that.
	70	.TP
	71	.B "\-c, \-\-cshell"
	72	Output an assignment using C shell syntax.
	73	.TP
1c5f5498	74	.BI "\-v, --verify " dir
efa7a97b	75	Don't try to find a temporary directory; just see whether
	76	.I dir
	77	is secure, and exit successfully if it is (and unsuccessfully if it
	78	isn't).
	79	.SH BUGS
	80	None known.
	81	.SH SEE ALSO
	82	.BR chkpath (1),
d7b5ee0c	83	.BR checkpath (3),
efa7a97b	84	.BR tmpnam (3),
	85	.BR tmpfile (3).
	86	.SH AUTHOR
	87	Mark Wooding (mdw@nsict.org).