Commit | Line | Data |
---|---|---|
19cb3d11 | 1 | .\" -*-nroff-*- |
efa7a97b | 2 | .TH tmpdir 1 "6 April 1999" "Local tools" |
3 | .SH NAME | |
4 | tmpdir \- choose, or check a choice of, temporary directory | |
5 | .SH SYNOPSIS | |
6 | .B tmpdir | |
3d62246f | 7 | .RB [ \-bcv ] |
7d5bdc25 MW |
8 | .RB [ \-g |
9 | .IR group ] | |
3d62246f | 10 | .RB [ \-C |
efa7a97b | 11 | .IR dir ] |
12 | .SH USAGE | |
13 | The | |
14 | .B tmpdir | |
15 | program creates a secure place for temporary files to be stored, and | |
263d6e0d | 16 | outputs an assignment to the |
efa7a97b | 17 | .B TMPDIR |
18 | variable suitable for execution by a shell. | |
19 | .PP | |
20 | Many programs aren't sufficiently careful about how they handle | |
21 | temporary files. For example, if a program which creates files in | |
22 | .B /tmp | |
23 | without making careful checks beforehand, a malicious user who can | |
24 | predict the name that the program will use can create a symbolic link | |
25 | with that name: when run, the program will then overwrite some file | |
26 | using your current privileges. Similarly, many programs create | |
27 | temporary files using generous default permissions, which may well be a | |
28 | mistake. | |
29 | .PP | |
30 | The | |
31 | .B tmpdir | |
32 | program finds a secure place for temporary files, creating one if | |
33 | necessary. The criteria it uses to choose a place are as follows: | |
4a1f00c4 | 34 | .IP " 1." |
efa7a97b | 35 | The temporary directory must be owned by the user, and have mode 700 |
36 | (i.e., readable, writable and searchable only by the owner). | |
4a1f00c4 | 37 | .IP " 2." |
efa7a97b | 38 | The path through the filesystem to the temporary directory must be |
39 | secure against modifications by other malicious users. See the | |
40 | .BR chkpath (1) | |
41 | manual page for a description of how this is done: the two programs work | |
42 | in the same way. | |
43 | .PP | |
44 | First, | |
45 | .B tmpdir | |
46 | checks to see whether the current value of the | |
47 | .B TMPDIR | |
48 | environment variable is a secure place for temporary files. If so, it | |
49 | is accepted immediately. Otherwise, it tries to find or create a | |
50 | directory in | |
51 | .B /tmp | |
52 | (on the assumption that this is a fast disk suitable for temporary | |
53 | files), with the name | |
54 | .BI /tmp/ user \- suffix | |
55 | for some | |
56 | .IR suffix . | |
57 | If that fails, it tries to create a directory in your home directory, | |
58 | with the name | |
59 | .BI ~/tmp\- suffix\fR. | |
60 | If | |
61 | .I that | |
62 | fails too, then | |
63 | .B tmpdir | |
64 | gives up: if your home directory's not secure (or full) than a secure | |
65 | temporary directory is the least of your worries. | |
1c5f5498 | 66 | .SS Options |
efa7a97b | 67 | The following options are supported: |
68 | .TP | |
69 | .B "\-b, \-\-bourne" | |
70 | Output an assignment using Bourne shell syntax. The default is to | |
71 | examine the user's shell and decide which syntax to use based on that. | |
72 | .TP | |
73 | .B "\-c, \-\-cshell" | |
74 | Output an assignment using C shell syntax. | |
75 | .TP | |
7d5bdc25 MW |
76 | .BI "\-g, \-\-group " group |
77 | Trust (the members of) | |
78 | .IR group : | |
79 | consider directories they can write to be safe. | |
80 | .TP | |
3d62246f MW |
81 | .B "-v, \-\-verbose" |
82 | Report problems to standard error. Repeat for more verbosity. | |
83 | .TP | |
84 | .BI "\-C, --check " dir | |
efa7a97b | 85 | Don't try to find a temporary directory; just see whether |
86 | .I dir | |
87 | is secure, and exit successfully if it is (and unsuccessfully if it | |
88 | isn't). | |
89 | .SH BUGS | |
90 | None known. | |
91 | .SH SEE ALSO | |
92 | .BR chkpath (1), | |
d7b5ee0c | 93 | .BR checkpath (3), |
efa7a97b | 94 | .BR tmpnam (3), |
95 | .BR tmpfile (3). | |
96 | .SH AUTHOR | |
97 | Mark Wooding (mdw@nsict.org). |