[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Separate tmp-dir for every user?

On Mon, Dec 01, 2008 at 03:12:29PM +0100, Paul van der Vlis wrote:

I am installing a new shared hosting server, and I would like to know
how important it is to have a seperate tmp-dir for every user.

What are the disadvantages/risks of a shared tmp-dir?

Can you really elliminate the need for a shared /tmp? I guess you would
be really lucky not to come across an application which has /tmp
hardcoded and does not consult $T{E,}MPDIR

As for the risks, the biggest is probably the possibility of having a
symlink attack vulnerability in one of your applications. Having
per-user tmp dirs avoids the problem for applications which will use

Actually, we've been using this kind of setup for a while now, and we have yet to see any major problems. And one doesn't exclude the other; just set up a separate tmp-dir for each user, and still allow everyone to write to /tmp. That way any application that has the paths hardcoded will still function.


Maarten Vink

Reply to: