Re: Debian packages relying on TMPDIR
>>>>> "Shane" == Shane Wegner <shane@debian.org> writes:
Shane> Hi all, I'm not sure if this has previously been discussed
Shane> on debian-devel but I haven't found anything. I have
Shane> encountered some packages which when started as root and
Shane> drop privileges rely on the TMPDIR environment
Shane> variable. That is $TMPDIR must be writable. This is a
Shane> problem here as I'm sure it is on other systems. I have my
Shane> $TMPDIR set to /root/.tmp for security and that directory
Shane> is mode 0700. If I upgraded MySQL for example and dpkg
Shane> restarts it, it inharits my secure TMPDIR but MySQL drops
Shane> root privilege and cannot write to it.
Shane> I am wondering if it is my responsibility as a user to
Shane> clear TMPDIR on a dist-upgrade, the init.d script to clear
Shane> it or the upstream program to check to see if it's writable
Shane> and use /tmp if not.
Just my two initial thoughts on the matter (I haven't actually got an
opinion on these as yet):
1. should daemons really use the TMPDIR value, or should this be for
non-daemon type programs?
2. If yes, then perhaps /etc/init.d/file should reset TMPDIR=/tmp when
starting the daemon?
3. Or perhaps /etc/somedir/somefile could contain a small shell script
which sets the default policy for all environment variables for all
daemons?
--
Brian May <bam@debian.org>
Reply to: