Bart Smaalders wrote:
> Bill Sommerfeld wrote:
> > (note: I rearranged the subject line to make better use of limited
> > space)
> >> If the directory specified
> >> by "/tmp/${LOGNAME}" does not exist "/etc/profile"&co. will be
> >> responsible
> >> for creating this directory with the same permissions as the current
> >> "/tmp".
> >> If the directory already exists "/etc/profile"&co. is responsible to
> >> check
> >> whether the directory is owned by the current user (e.g.
> >> $ /usr/bin/test -O dir #) and writeable (e.g. /usr/bin/test -w dir #),
> >> if these conditions are not met TMPDIR will not be set.
> >
> > I think there's an error in this spec -- the way I read this, TMPDIR
> > would never get set for any user other than root.
> >
> > - file permissions include owner, group, mode, and acl.
> > - by default, /tmp is owned by root, group root, mode 01777, no acl.
> > - if the per-user subdir is created owned by root, then it would fail
> > the "owned by the current user" test.
> >
> > I don't see the rationale, however, for making the per-user subdirs be
> > mode 01777 ; 0700 or 0711 would make more sense.
>
> I always make mine 0700.
>
> The only real downside I've run into is that pkgadd is braindead
> about non-writable TMPDIR.
The point is to create a "home dir for temporary files" and not trying
to tweak security (e.g. this is about usuabilty (and helping the admins
a little bit)). The "/tmp/${LOGNAME}"-directories should work like the
normal "/tmp", e.g. have the same mode mask (e.g. "1777") including the
sticky bit and should be owned by the current user.
----
Bye,
Roland
P.S:: Fixing "shell-discussion at opensolaris.org" to
"shell-discuss at opensolaris.org"
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 7950090
(;O/ \/ \O;)
