Re: deleting content of /tmp
On Sat, Mar 24, 2007 at 06:40:01PM +0000, andy wrote:
>
> Can someone advise me on the pros and cons of deleting the contents of
> /tmp/ as part of general security conscious non-paranoia. I was thinking
> that it would be an okay thing to do periodically (or at logout, etc.)
> using a overwriting/shredding program. But, before I committed myself,
> decided it was prudent to ask.
>
Here's how I do it:
1. /tmp is on tmpfs so it automatically is gone on reboot. Yes
the boot-up init-script also cleans out /tmp
2. swap (which then contains /tmp) is encrypted, on LVM, on raid1,
and is large (twice my 1 GB ram) since disk space is cheap.
3. I use the libpam-tmpdir so that each user has their own
tmp directory under /tmp/user
4. Each user has a symlink from /home/$USER/tmp to their actual
temp dir, so that they can easily browse to their tmpdir. Also
helpfull for some apps where you get a dialog to choose a cache
directory and you can't directly enter a path but must browse to
it.
5. TMP and TMPDIR are both set.
I think this takes care of the users' tmp files. If they want to
garbage-collect from their own $TMPDIR, let them. For non-user stuff, I
just trust the debian team to make apps/packages that take care of this
on their own.
Do you find any specific files or file types in /tmp that worry you?
YMMV.
Doug.
Reply to: