[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Separate tmp-dir for every user?


If you're using tmpfs, then my understanding is that the files are
stored in ram and will not persist on reboots. Then how do you
maintain the per-user temp directories between reboots? Do you create
them all and save an image of the ramdisk, which is then loaded into
the system on every boot-up? Is there a script in init.d somewhere
that does that?



On Mon, Dec 1, 2008 at 10:28 AM, Maarten Vink <vink@interstroom.nl> wrote:
>> On Mon, Dec 01, 2008 at 03:12:29PM +0100, Paul van der Vlis wrote:
>>> Hello,
>>> I am installing a new shared hosting server, and I would like to know
>>> how important it is to have a seperate tmp-dir for every user.
>>> What are the disadvantages/risks of a shared tmp-dir?
>> Can you really elliminate the need for a shared /tmp? I guess you would
>> be really lucky not to come across an application which has /tmp
>> hardcoded and does not consult $T{E,}MPDIR
>> As for the risks, the biggest is probably the possibility of having a
>> symlink attack vulnerability in one of your applications. Having
>> per-user tmp dirs avoids the problem for applications which will use
>> them.
> Actually, we've been using this kind of setup for a while now, and we have
> yet to see any major problems. And one doesn't exclude the other; just set
> up a separate tmp-dir for each user, and still allow everyone to write to
> /tmp. That way any application that has the paths hardcoded will still
> function.
> Regards,
> Maarten Vink
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

Reply to: