Craig Dibble <[email protected]> writes:
> Does anyone have any thoughts on removing the sticky bit on the /var/tmp
> directory and setting it to 777?
Why would you want to allow unprivileged user to delete temporary files
created by other unprivileged users?
> Something about it doesn't sit quite right with me but I can't so far find
> any negative impact of doing so.
Other than the marginally increased, and probably mostly theoretical in these
days of one-user-per-machine, security risk there isn't much.
> The reason for this is that we have a large amount of data moving through
> that folder, in the order of more than 100GB. We have cleanup scripts which
> need to be able to remove files and folders to reclaim space every time a
> job finishes but the files are created by the user who launched the job, and
> the control process, and hence the cleanup, runs as a different user. And
> there we have a problem as the sticky bit prevents the cleanup from running
> and we have boxes falling over because their disks fill up.
>
> I'm fairly sure the first response to this will be "Use sudo", as that was
> our first response too, or "store the data somewhere else". Both of these are
> possible but difficult, the latter exceedingly so. We've tried to think of
> every sensible alternative but the simplest fix would be to just change the
> permissions and hope there isn't something which is going to bite us as a
> result.
...er, is there any strong reason to run the cleanup script as some user other
than root?
Daniel
--
✣ Daniel Pittman ✉ [email protected] ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
