On Sat, Mar 24, 2007 at 06:40:01PM +0000, andy wrote: > > Can someone advise me on the pros and cons of deleting the contents of > /tmp/ as part of general security conscious non-paranoia. I was thinking > that it would be an okay thing to do periodically (or at logout, etc.) > using a overwriting/shredding program. But, before I committed myself, > decided it was prudent to ask. >
Here's how I do it: 1. /tmp is on tmpfs so it automatically is gone on reboot. Yes the boot-up init-script also cleans out /tmp 2. swap (which then contains /tmp) is encrypted, on LVM, on raid1, and is large (twice my 1 GB ram) since disk space is cheap. 3. I use the libpam-tmpdir so that each user has their own tmp directory under /tmp/user 4. Each user has a symlink from /home/$USER/tmp to their actual temp dir, so that they can easily browse to their tmpdir. Also helpfull for some apps where you get a dialog to choose a cache directory and you can't directly enter a path but must browse to it. 5. TMP and TMPDIR are both set. I think this takes care of the users' tmp files. If they want to garbage-collect from their own $TMPDIR, let them. For non-user stuff, I just trust the debian team to make apps/packages that take care of this on their own. Do you find any specific files or file types in /tmp that worry you? YMMV. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]