On Thu, Oct 19, 2006 at 12:06:23PM +1000, Roger Barnes wrote:
>
> > On Thu, Oct 19, 2006 at 08:47:45AM +1000, James Gray wrote:
> > ....
> > > # Make any generated files only readable by moi umask 077
> > > MAILROOT=~/Mail TMP=/tmp/mail-addresses.tmp
> > ...
> > > egrep ..... >> $TMP
> >
> > This is sorta off topic, but setting umask is not enough.
> > Someone else could have a file of the same name as $TMP open
> > already, so the restrictive permissions are ineffective.
> >
>
> There are also utilities to do this safely. See mktemp
> (debian package is mktemp) and tempfile (part of debianutils
> package, I believe).
Yeah I'd heard of mktemp and forgotten why I
didn't care for it, so I looked at it again.
1. It's not standard on other unixes. For better or
worse I'd like to have my scripts work on
solaris at least. Also small or old Linuxes.
2. I'd like to create an containing dir, not a file,
so the actual files created within can have
sensible readable names.
3. In light of the atomicity guarantee of mkdir, using
a C program is unnecessary and the randomness
is unnecessary, beyond wanting to have something
you probably haven't used before. (a easily
attained predictability, not a security
requirement)
I use something obvious/meaningful to me or a
fellow sysadmin like
/tmp/$(basename $0).$(date +%Y%m%d.%H%M%S).$PID
Random remarks:
3 may not be actually true if /tmp is on NFS and your
version of NFS is broken or stupid. I don't know the details
and don't care because this never applies for me.
(Note for penedo) The pid on some unixes (AIX?) is 'random'
already. This is meant to be helpful for creating tmpfile names
but it actually backfires because you're far less certain of
avoiding re-using a pid.
Matt
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
