From owner-freebsd-questions Thu May 23 14:30:48 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id OAA22233 for questions-outgoing; Thu, 23 May 1996 14:30:48 -0700 (PDT) Received: from mistery.mcafee.com (jimd@mistery.mcafee.com [192.187.128.69]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id OAA22210 for ; Thu, 23 May 1996 14:30:42 -0700 (PDT) Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id OAA13174 for freebsd-questions@freebsd.org; Thu, 23 May 1996 14:45:22 -0700 From: Jim Dennis Message-Id: <199605232145.OAA13174@mistery.mcafee.com> Subject: /tmp ownership+perms; / and /usr mounted ro? To: freebsd-questions@freebsd.org (FreeBSD Questions) Date: Thu, 23 May 1996 14:45:22 -0700 (PDT) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I knew I'd have some other questions: I've moved /tmp to /export/tmp (it actually isn't NFS exported that's just the name) and set the sticky bit on it (then I created a symlink back to /tmp). Recently there was a message on bugtraq regarding a garbage collection script (in the RedHat Linux -- but applicable to others) that highlighted problems with using a /etc/crontab job and find to sweep files out of /tmp. Most of the issues could be resolved by simply preventing find from following symlinks (there's a switch for that). However, I was wondering what would be the implications of configuring /tmp (/export/tmp in this case) to be owned by nobody or owned by a special dummy account -- and then running the garbage collector under that account (eliminating the problems inherent in running them as root). It seems that the owner of the directory should be able to rm the files even if the sticky bit is set and the files are owned by someone else. (incidentally root's files, and my own user tmp files always set TEMP to be ~/tmp -- I don't share my tmp space with anyone and ~/tmp is mode 700; that seems to avoid the elm tempfile class of bugs)