| 1 | .\" -*-nroff-*- |
| 2 | .TH tmpdir 1 "6 April 1999" "Local tools" |
| 3 | .SH NAME |
| 4 | tmpdir \- choose, or check a choice of, temporary directory |
| 5 | .SH SYNOPSIS |
| 6 | .B tmpdir |
| 7 | .RB [ \-bcv ] |
| 8 | .RB [ \-g |
| 9 | .IR group ] |
| 10 | .RB [ \-C |
| 11 | .IR dir ] |
| 12 | .SH USAGE |
| 13 | The |
| 14 | .B tmpdir |
| 15 | program creates a secure place for temporary files to be stored, and |
| 16 | outputs an assignment to the |
| 17 | .B TMPDIR |
| 18 | variable suitable for execution by a shell. |
| 19 | .PP |
| 20 | Many programs aren't sufficiently careful about how they handle |
| 21 | temporary files. For example, if a program which creates files in |
| 22 | .B /tmp |
| 23 | without making careful checks beforehand, a malicious user who can |
| 24 | predict the name that the program will use can create a symbolic link |
| 25 | with that name: when run, the program will then overwrite some file |
| 26 | using your current privileges. Similarly, many programs create |
| 27 | temporary files using generous default permissions, which may well be a |
| 28 | mistake. |
| 29 | .PP |
| 30 | The |
| 31 | .B tmpdir |
| 32 | program finds a secure place for temporary files, creating one if |
| 33 | necessary. The criteria it uses to choose a place are as follows: |
| 34 | .IP " 1." |
| 35 | The temporary directory must be owned by the user, and have mode 700 |
| 36 | (i.e., readable, writable and searchable only by the owner). |
| 37 | .IP " 2." |
| 38 | The path through the filesystem to the temporary directory must be |
| 39 | secure against modifications by other malicious users. See the |
| 40 | .BR chkpath (1) |
| 41 | manual page for a description of how this is done: the two programs work |
| 42 | in the same way. |
| 43 | .PP |
| 44 | First, |
| 45 | .B tmpdir |
| 46 | checks to see whether the current value of the |
| 47 | .B TMPDIR |
| 48 | environment variable is a secure place for temporary files. If so, it |
| 49 | is accepted immediately. Otherwise, it tries to find or create a |
| 50 | directory in |
| 51 | .B /tmp |
| 52 | (on the assumption that this is a fast disk suitable for temporary |
| 53 | files), with the name |
| 54 | .BI /tmp/ user \- suffix |
| 55 | for some |
| 56 | .IR suffix . |
| 57 | If that fails, it tries to create a directory in your home directory, |
| 58 | with the name |
| 59 | .BI ~/tmp\- suffix\fR. |
| 60 | If |
| 61 | .I that |
| 62 | fails too, then |
| 63 | .B tmpdir |
| 64 | gives up: if your home directory's not secure (or full) than a secure |
| 65 | temporary directory is the least of your worries. |
| 66 | .SS Options |
| 67 | The following options are supported: |
| 68 | .TP |
| 69 | .B "\-b, \-\-bourne" |
| 70 | Output an assignment using Bourne shell syntax. The default is to |
| 71 | examine the user's shell and decide which syntax to use based on that. |
| 72 | .TP |
| 73 | .B "\-c, \-\-cshell" |
| 74 | Output an assignment using C shell syntax. |
| 75 | .TP |
| 76 | .BI "\-g, \-\-group " group |
| 77 | Trust (the members of) |
| 78 | .IR group : |
| 79 | consider directories they can write to be safe. |
| 80 | .TP |
| 81 | .B "-v, \-\-verbose" |
| 82 | Report problems to standard error. Repeat for more verbosity. |
| 83 | .TP |
| 84 | .BI "\-C, --check " dir |
| 85 | Don't try to find a temporary directory; just see whether |
| 86 | .I dir |
| 87 | is secure, and exit successfully if it is (and unsuccessfully if it |
| 88 | isn't). |
| 89 | .SH BUGS |
| 90 | None known. |
| 91 | .SH SEE ALSO |
| 92 | .BR chkpath (1), |
| 93 | .BR checkpath (3), |
| 94 | .BR tmpnam (3), |
| 95 | .BR tmpfile (3). |
| 96 | .SH AUTHOR |
| 97 | Mark Wooding (mdw@nsict.org). |