Re: Separate tmp-dir for every user?
Maarten:
If you're using tmpfs, then my understanding is that the files are
stored in ram and will not persist on reboots. Then how do you
maintain the per-user temp directories between reboots? Do you create
them all and save an image of the ramdisk, which is then loaded into
the system on every boot-up? Is there a script in init.d somewhere
that does that?
Cheers,
Jon
On Mon, Dec 1, 2008 at 10:28 AM, Maarten Vink <vink@interstroom.nl> wrote:
>> On Mon, Dec 01, 2008 at 03:12:29PM +0100, Paul van der Vlis wrote:
>>>
>>> Hello,
>>>
>>> I am installing a new shared hosting server, and I would like to know
>>> how important it is to have a seperate tmp-dir for every user.
>>>
>>> What are the disadvantages/risks of a shared tmp-dir?
>>
>> Can you really elliminate the need for a shared /tmp? I guess you would
>> be really lucky not to come across an application which has /tmp
>> hardcoded and does not consult $T{E,}MPDIR
>>
>> As for the risks, the biggest is probably the possibility of having a
>> symlink attack vulnerability in one of your applications. Having
>> per-user tmp dirs avoids the problem for applications which will use
>> them.
>
> Actually, we've been using this kind of setup for a while now, and we have
> yet to see any major problems. And one doesn't exclude the other; just set
> up a separate tmp-dir for each user, and still allow everyone to write to
> /tmp. That way any application that has the paths hardcoded will still
> function.
>
> Regards,
>
> Maarten Vink
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: