Permissions on /tmp

[Joshua Judson Rosen]

Joshua Judson Rosen <rozzin at geekspace.com> writes:
>
> Bill Freeman <ke1g.nh at gmail.com> writes:
> >
> >    I can probably count on running on a linux box, so I can probably count on
> > the FHS.  But the downside of tmp is that any process can also delete my pid
> > file (as opposed to having to be either root or the user created for the
> > program).
>
> The sticky-bit (0001, or +t) set on /tmp prevents that from being true,
> e.g.:

Uh, oops: sticky is 01000, not 0001.

Forgot to htons() before sending, or something....

>     jrosen at jz:~$ touch /tmp/foo
>     jrosen at jz:~$ ls -ld /tmp /tmp/foo
>     drwxrwxrwt 17 root   root   4096 May 21 20:05 /tmp
>     -rw-r--r--  1 jrosen jrosen    0 May 21 20:05 /tmp/foo
>     jrosen at jz:~$ sudo chown nobody.nogroup /tmp/foo
>     [sudo] password for jrosen: 
>     jrosen at jz:~$ ls -ld /tmp /tmp/foo
>     drwxrwxrwt 17 root   root    4096 May 21 20:05 /tmp
>     -rw-r--r--  1 nobody nogroup    0 May 21 20:05 /tmp/foo
>     jrosen at jz:~$ rm /tmp/foo
>     rm: remove write-protected regular empty file `/tmp/foo'? y
>     rm: cannot remove `/tmp/foo': Operation not permitted
>
> I don't see "/tmp should be sticky" in FHS, but I think everyone
> (maybe excepting some embedded systems) does it, don't they?
>
> Seems like /tmp would be a *very* scary place without a sticky-bit....

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."