[checkpath] / tmpdir.1

.\" -*-nroff-*-
.TH tmpdir 1 "6 April 1999" "Local tools"
.SH NAME
tmpdir \- choose, or check a choice of, temporary directory
.SH SYNOPSIS
.B tmpdir
.RB [ \-bcv ]
.RB [ \-g
.IR group ]
.RB [ \-C
.IR dir ]
.SH USAGE
The
.B tmpdir
program creates a secure place for temporary files to be stored, and
outputs an assignment to the
.B TMPDIR
variable suitable for execution by a shell.
.PP
Many programs aren't sufficiently careful about how they handle
temporary files.  For example, if a program which creates files in
.B /tmp
without making careful checks beforehand, a malicious user who can
predict the name that the program will use can create a symbolic link
with that name: when run, the program will then overwrite some file
using your current privileges.  Similarly, many programs create
temporary files using generous default permissions, which may well be a
mistake.
.PP
The
.B tmpdir
program finds a secure place for temporary files, creating one if
necessary.  The criteria it uses to choose a place are as follows:
.IP "   1."
The temporary directory must be owned by the user, and have mode 700
(i.e., readable, writable and searchable only by the owner).
.IP "   2."
The path through the filesystem to the temporary directory must be
secure against modifications by other malicious users.  See the
.BR chkpath (1)
manual page for a description of how this is done: the two programs work
in the same way.
.PP
First,
.B tmpdir
checks to see whether the current value of the
.B TMPDIR
environment variable is a secure place for temporary files.  If so, it
is accepted immediately.  Otherwise, it tries to find or create a
directory in
.B /tmp
(on the assumption that this is a fast disk suitable for temporary
files), with the name
.BI /tmp/ user \- suffix
for some
.IR suffix .
If that fails, it tries to create a directory in your home directory,
with the name
.BI ~/tmp\- suffix\fR.
If
.I that
fails too, then
.B tmpdir
gives up: if your home directory's not secure (or full) than a secure
temporary directory is the least of your worries.
.SS Options
The following options are supported:
.TP
.B "\-b, \-\-bourne"
Output an assignment using Bourne shell syntax.  The default is to
examine the user's shell and decide which syntax to use based on that.
.TP
.B "\-c, \-\-cshell"
Output an assignment using C shell syntax.
.TP
.BI "\-g, \-\-group " group
Trust (the members of)
.IR group :
consider directories they can write to be safe.
.TP
.B "-v, \-\-verbose"
Report problems to standard error.  Repeat for more verbosity.
.TP
.BI "\-C, --check " dir
Don't try to find a temporary directory; just see whether
.I dir
is secure, and exit successfully if it is (and unsuccessfully if it
isn't).
.SH BUGS
None known.
.SH SEE ALSO
.BR chkpath (1),
.BR checkpath (3),
.BR tmpnam (3),
.BR tmpfile (3).
.SH AUTHOR
Mark Wooding (mdw@nsict.org).
Commit	Line	Data
19cb3d11	1	.\" --nroff--
efa7a97b	2	.TH tmpdir 1 "6 April 1999" "Local tools"
	3	.SH NAME
	4	tmpdir \- choose, or check a choice of, temporary directory
	5	.SH SYNOPSIS
	6	.B tmpdir
3d62246f	7	.RB [ \-bcv ]
7d5bdc25 MW	8	.RB [ \-g
7d5bdc25 MW	9	.IR group ]
3d62246f	10	.RB [ \-C
efa7a97b	11	.IR dir ]
	12	.SH USAGE
	13	The
	14	.B tmpdir
	15	program creates a secure place for temporary files to be stored, and
263d6e0d	16	outputs an assignment to the
efa7a97b	17	.B TMPDIR
	18	variable suitable for execution by a shell.
	19	.PP
	20	Many programs aren't sufficiently careful about how they handle
	21	temporary files. For example, if a program which creates files in
	22	.B /tmp
	23	without making careful checks beforehand, a malicious user who can
	24	predict the name that the program will use can create a symbolic link
	25	with that name: when run, the program will then overwrite some file
	26	using your current privileges. Similarly, many programs create
	27	temporary files using generous default permissions, which may well be a
	28	mistake.
	29	.PP
	30	The
	31	.B tmpdir
	32	program finds a secure place for temporary files, creating one if
	33	necessary. The criteria it uses to choose a place are as follows:
4a1f00c4	34	.IP " 1."
efa7a97b	35	The temporary directory must be owned by the user, and have mode 700
efa7a97b	36	(i.e., readable, writable and searchable only by the owner).
4a1f00c4	37	.IP " 2."
efa7a97b	38	The path through the filesystem to the temporary directory must be
	39	secure against modifications by other malicious users. See the
	40	.BR chkpath (1)
	41	manual page for a description of how this is done: the two programs work
	42	in the same way.
	43	.PP
	44	First,
	45	.B tmpdir
	46	checks to see whether the current value of the
	47	.B TMPDIR
	48	environment variable is a secure place for temporary files. If so, it
	49	is accepted immediately. Otherwise, it tries to find or create a
	50	directory in
	51	.B /tmp
	52	(on the assumption that this is a fast disk suitable for temporary
	53	files), with the name
	54	.BI /tmp/ user \- suffix
	55	for some
	56	.IR suffix .
	57	If that fails, it tries to create a directory in your home directory,
	58	with the name
	59	.BI ~/tmp\- suffix\fR.
	60	If
	61	.I that
	62	fails too, then
	63	.B tmpdir
	64	gives up: if your home directory's not secure (or full) than a secure
	65	temporary directory is the least of your worries.
1c5f5498	66	.SS Options
efa7a97b	67	The following options are supported:
	68	.TP
	69	.B "\-b, \-\-bourne"
	70	Output an assignment using Bourne shell syntax. The default is to
	71	examine the user's shell and decide which syntax to use based on that.
	72	.TP
	73	.B "\-c, \-\-cshell"
	74	Output an assignment using C shell syntax.
	75	.TP
7d5bdc25 MW	76	.BI "\-g, \-\-group " group
	77	Trust (the members of)
	78	.IR group :
	79	consider directories they can write to be safe.
	80	.TP
3d62246f MW	81	.B "-v, \-\-verbose"
	82	Report problems to standard error. Repeat for more verbosity.
	83	.TP
	84	.BI "\-C, --check " dir
efa7a97b	85	Don't try to find a temporary directory; just see whether
	86	.I dir
	87	is secure, and exit successfully if it is (and unsuccessfully if it
	88	isn't).
	89	.SH BUGS
	90	None known.
	91	.SH SEE ALSO
	92	.BR chkpath (1),
d7b5ee0c	93	.BR checkpath (3),
efa7a97b	94	.BR tmpnam (3),
	95	.BR tmpfile (3).
	96	.SH AUTHOR
	97	Mark Wooding (mdw@nsict.org).