Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Feb 2002 10:12:04 -0800 (PST)
From:      Roger Marquis <marquis@roble.com>
To:        security@FreeBSD.ORG
Subject:   Re: Third /tmp location ? (and maybe a fourth too)
Message-ID:  <20020226095708.Y20347-100000@roble.com>
In-Reply-To: <bulk.56278.20020225090015@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Bill Vermillion <bv@wjv.com> wrote:
> > From: Dag-Erling Smorgrav <des@ofug.org>
>
> > Bill Vermillion <bv@wjv.com> writes:
> > > > Is the /usr/tmp really used for somethink usefull ?
> > > I would think  man 7 hier will answer that for you in a hurry.
> > > Yes it really is usefull.
>
> > Bzzzt.  FreeBSD has never had /usr/tmp, and all software that expects
> > /usr/tmp has been changed to use /var/tmp instead.
>
> And I set /usr/tmp for many things because there is no reason that
> I can see to have var so big that it will hold large files I may
> have to edit.  I put /usr/tmp in almost all my .exrc files
> as too many times I've gotten 'file system full'.

File system full errors are typically caused by unnecessary
partitioning.  You rarely see them on single-partition systems.
Creating symlinks or additional tmp directories to avoid the
inevitable drawback of excess partitions is two bads, which don't
sum to a good.  Both also violate the KIS principle.

> As I said "Yes it really is usefull".  User applications really
> should probably go in /usr/tmp if you have a lot of users.

I do believe you're serious!?  A better solution, if you *really*
need a user+shared application space, would be /usr/local/${user}/...
but even that's a hack.  How about `mkdir /usr/local/$app ; chown
$user /usr/local/app ; ln -s /usr/local/$app/bin/$app /usr/local/bin`?

WRT security, shared user application directories, whether /var/tmp
or /cgi-bin, should be avoided where possible.  This is what
read-only permissions and root-only access are all about.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020226095708.Y20347-100000>