Date: Tue, 26 Feb 2002 18:24:34 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: Roger Marquis <marquis@roble.com> Cc: security@FreeBSD.ORG Subject: Re: Third /tmp location ? (and maybe a fourth too) Message-ID: <20020226182434.B45921@cowbert.2y.net> In-Reply-To: <20020226095708.Y20347-100000@roble.com>; from marquis@roble.com on Tue, Feb 26, 2002 at 10:12:04AM -0800 References: <bulk.56278.20020225090015@hub.freebsd.org> <20020226095708.Y20347-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 26, 2002 at 10:12:04AM -0800, Roger Marquis wrote:
> Bill Vermillion <bv@wjv.com> wrote:
> > > From: Dag-Erling Smorgrav <des@ofug.org>
> >
> > > Bill Vermillion <bv@wjv.com> writes:
> > > > > Is the /usr/tmp really used for somethink usefull ?
> > > > I would think man 7 hier will answer that for you in a hurry.
> > > > Yes it really is usefull.
> >
> > > Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects
> > > /usr/tmp has been changed to use /var/tmp instead.
> >
> > And I set /usr/tmp for many things because there is no reason that
> > I can see to have var so big that it will hold large files I may
> > have to edit. I put /usr/tmp in almost all my .exrc files
> > as too many times I've gotten 'file system full'.
>
> File system full errors are typically caused by unnecessary
> partitioning. You rarely see them on single-partition systems.
> Creating symlinks or additional tmp directories to avoid the
> inevitable drawback of excess partitions is two bads, which don't
> sum to a good. Both also violate the KIS principle.
>
Unfortunately, as demonstrated in another reply,
the optimal partition scheme (/, /usr, /var) is
preferred over single partition schemes.
However, it is unable to avoid this problem. Unless you are running
a news server or heavy mail server, /var doesn't need to be very
big (and you are wasting space by making it so). I have
a 50mb /var partition, but I wouldn't be able to say, pkg_add
StarOffice or something and have it fit like that.
Perhaps use of growfs(8) should be discussed?
(off this list of course :)
> > As I said "Yes it really is usefull". User applications really
> > should probably go in /usr/tmp if you have a lot of users.
>
> I do believe you're serious!? A better solution, if you *really*
> need a user+shared application space, would be /usr/local/${user}/...
> but even that's a hack. How about `mkdir /usr/local/$app ; chown
> $user /usr/local/app ; ln -s /usr/local/$app/bin/$app /usr/local/bin`?
>
Aren't ./tmp directories usually set sticky so that
Thus, everyone can create or write to their own file,
but they can not touch (in the literal sense) other people's
files in that directory.
To me, to replicate your scheme, one merely needs to
chmod 0770 (or 0660 only) stuff that gets put in there...
> WRT security, shared user application directories, whether /var/tmp
> or /cgi-bin, should be avoided where possible. This is what
> read-only permissions and root-only access are all about.
Read above...
>
> --
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/
860.427.4542 (Room)
860.486.1899 (Lab)
203.206.3784 (Cellphone)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020226182434.B45921>