Bill Freeman <ke1g...@gmail.com> writes:
>
> I can probably count on running on a linux box, so I can probably count on
> the FHS. But the downside of tmp is that any process can also delete my pid
> file (as opposed to having to be either root or the user created for the
> program).
The sticky-bit (0001, or +t) set on /tmp prevents that from being true,
e.g.:
jrosen@jz:~$ touch /tmp/foo
jrosen@jz:~$ ls -ld /tmp /tmp/foo
drwxrwxrwt 17 root root 4096 May 21 20:05 /tmp
-rw-r--r-- 1 jrosen jrosen 0 May 21 20:05 /tmp/foo
jrosen@jz:~$ sudo chown nobody.nogroup /tmp/foo
[sudo] password for jrosen:
jrosen@jz:~$ ls -ld /tmp /tmp/foo
drwxrwxrwt 17 root root 4096 May 21 20:05 /tmp
-rw-r--r-- 1 nobody nogroup 0 May 21 20:05 /tmp/foo
jrosen@jz:~$ rm /tmp/foo
rm: remove write-protected regular empty file `/tmp/foo'? y
rm: cannot remove `/tmp/foo': Operation not permitted
I don't see "/tmp should be sticky" in FHS, but I think everyone
(maybe excepting some embedded systems) does it, don't they?
Seems like /tmp would be a *very* scary place without a sticky-bit....
--
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
