←back to thread

Against /Tmp

(dotat.at)
143 points todsacerdoti | 2 comments | 22 Oct 24 12:36 UTC | HN request time: 0.396s | source
Show context
Joker_vD ◴[22 Oct 24 13:18 UTC] No.41913946[source]
> The fix, way back when, should have been for login(8) to create a per-user temporary directory in a sensible place before it drops privilege, and set $TMPDIR so the user’s shell and child processes can find it.

Something like

    tmpdir := "/tmp/${USERNAME}"
    loop:
        rmdir(tmpdir, recurse=true)
        while not mkdir(tmpdir, 0o700, must-create=true)
    chown(tmpdir, user=$USERNAME, group=$USERGROUP)
    export("TMPDIR", tmpdir)
with /tmp having root:root owner with 0o775 permissions on it? Yeah, would've been nice.
replies(3): >>41914009 #>>41914158 #>>41916846 #
tgv ◴[22 Oct 24 13:40 UTC] No.41914158[source]
MacOS does something like this. Not by username, but through /private, which is a private mount, and then /tmp is linked to /private/tmp, as are /var and /etc.
replies(1): >>41914918 #
1. js2 ◴[22 Oct 24 14:56 UTC] No.41914918[source]
You're right that macOS has per-user temp (and cache) dirs under /private/var/folders/ (since 10.5), but it still has traditional shared /tmp (via the /private/tmp symlink) since not everything respects the per-user temp dir.

https://magnusviri.com/what-is-var-folders.html

That's not the reason for /private though. Rather, /private is a holdover from NeXTSTEP days which could mount the OS via NFS (NetBoot), and where /private was local to the machine:

"Each NetBoot client will share the server's root file system, but there are several administrative files (such as the NetInfo database, log files, and the swapfile) that must be unique to each client. The server must have a separate directory tree for each client, which the client mounts on its own /private directory during startup. This lets a client keep its own files separate from those of other clients."

https://www.nextcomputers.org/files/manuals/nsa/13_NetBoot.h...

replies(1): >>41915185 #
2. lelandfe ◴[22 Oct 24 15:21 UTC] No.41915185[source]
Thanks for that first link, explained some stuff I've been curious about