←back to thread

Against /tmp

(dotat.at)
257 points todsacerdoti | 3 comments | | HN request time: 0.635s | source
Show context
Joker_vD ◴[] No.41913946[source]
> The fix, way back when, should have been for login(8) to create a per-user temporary directory in a sensible place before it drops privilege, and set $TMPDIR so the user’s shell and child processes can find it.

Something like

    tmpdir := "/tmp/${USERNAME}"
    loop:
        rmdir(tmpdir, recurse=true)
        while not mkdir(tmpdir, 0o700, must-create=true)
    chown(tmpdir, user=$USERNAME, group=$USERGROUP)
    export("TMPDIR", tmpdir)
with /tmp having root:root owner with 0o775 permissions on it? Yeah, would've been nice.
replies(3): >>41914009 #>>41914158 #>>41916846 #
1. tgv ◴[] No.41914158[source]
MacOS does something like this. Not by username, but through /private, which is a private mount, and then /tmp is linked to /private/tmp, as are /var and /etc.
replies(1): >>41914918 #
2. js2 ◴[] No.41914918[source]
You're right that macOS has per-user temp (and cache) dirs under /private/var/folders/ (since 10.5), but it still has traditional shared /tmp (via the /private/tmp symlink) since not everything respects the per-user temp dir.

https://magnusviri.com/what-is-var-folders.html

That's not the reason for /private though. Rather, /private is a holdover from NeXTSTEP days which could mount the OS via NFS (NetBoot), and where /private was local to the machine:

"Each NetBoot client will share the server's root file system, but there are several administrative files (such as the NetInfo database, log files, and the swapfile) that must be unique to each client. The server must have a separate directory tree for each client, which the client mounts on its own /private directory during startup. This lets a client keep its own files separate from those of other clients."

https://www.nextcomputers.org/files/manuals/nsa/13_NetBoot.h...

replies(1): >>41915185 #
3. lelandfe ◴[] No.41915185[source]
Thanks for that first link, explained some stuff I've been curious about