Private Var Tmp
🔞 ALL INFORMATION CLICK HERE 👈🏻👈🏻👈🏻
Private Var Tmp
/tmp/ and /var/tmp/ are two world-writable directories Linux systems
provide for temporary files. The former is typically on tmpfs and thus
backed by RAM/swap, and flushed out on each reboot. The latter is typically a
proper, persistent file system, and thus backed by physical storage. This
means:
/tmp/ should be used for smaller, size-bounded files only; /var/tmp/
should be used for everything else.
Data that shall survive a boot cycle shouldn’t be placed in /tmp/ .
If the $TMPDIR environment variable is set, use that path, and neither use
/tmp/ nor /var/tmp/ directly.
See
file-hierarchy(7)
for details about these two (and most other) directories of a Linux system.
Note that /tmp/ and /var/tmp/ each define a common namespace shared by all
local software. This means guessable file or directory names below either
directory directly translate into a 🚨 Denial-of-Service (DoS) 🚨 vulnerability
or worse: if some software creates a file or directory /tmp/foo then any
other software that wants to create the same file or directory /tmp/foo
either will fail (as the file already exists) or might be tricked into using
untrusted files. Hence: do not use guessable names in /tmp/ or /var/tmp/ —
if you do you open yourself up to a local DoS exploit or worse. (You can get
away with using guessable names, if you pre-create subdirectories below /tmp/
for them, like X11 does with /tmp/.X11-unix/ through tmpfiles.d/
drop-ins. However this is not recommended, as it is fully safe only if these
directories are pre-created during early boot, and thus problematic if package
installation during runtime is permitted.)
To protect yourself against these kinds of attacks Linux provides a couple of
APIs that help you avoiding guessable names. Specifically:
Use mkstemp()
(POSIX), mkostemp() (glibc),
mkdtemp() (POSIX),
tmpfile() (C89)
memfd_create()
(Linux; this doesn’t bother with /tmp/ or /var/tmp/ at all, but uses the
same RAM/swap backing as tmpfs uses, hence is very similar to /tmp/
semantics.)
For system services systemd provides the PrivateTmp= boolean setting. If
turned on for a service (👍 which is highly recommended), /tmp/ and
/var/tmp/ are replaced by private sub-directories, implemented through Linux
file system namespacing and bind mounts. This means from the service’s point of
view /tmp/ and /var/tmp/ look and behave like they normally do, but in
reality they are private sub-directories of the host’s real /tmp/ and
/var/tmp/ , and thus not system-wide locations anymore, but service-specific
ones. This reduces the surface for local DoS attacks substantially. While it is
recommended to turn this option on, it’s highly recommended for applications
not to rely on this solely to avoid DoS vulnerabilities, because this option is
not available in environments where file system namespaces are prohibited, for
example in certain container environments. This option is hence an extra line
of defense, but should not be used as an excuse to rely on guessable names in
/tmp/ and /var/tmp/ . When this option is used, the per-service temporary
directories are removed whenever the service shuts down, hence the lifecycle of
temporary files stored in it is substantially different from the case where
this option is not used. Also note that some applications use /tmp/ and
/var/tmp/ for sharing files and directories. If this option is turned on this
is not possible anymore as after all each service gets its own instances of
both directories.
By default, systemd-tmpfiles will apply a concept of ⚠️ “ageing” to all files
and directories stored in /tmp/ and /var/tmp/ . This means that files that
have neither been changed nor read within a specific time frame are
automatically removed in regular intervals. (This concept is not new to
systemd-tmpfiles btw, it’s inherited from previous subsystems such as
tmpwatch .) By default files in /tmp/ are cleaned up after 10 days, and
those in /var/tmp after 30 days.
This automatic clean-up is important to ensure disk usage of these temporary
directories doesn’t grow without bounds, even when programs abort unexpectedly
or otherwise don’t clean up the temporary files/directories they create. On the
other hand it creates problems for long-running software that does not expect
temporary files it operates on to be suddenly removed. There are a couple of
strategies to avoid these issues:
Make sure to always keep a file descriptor to the temporary files you
operate on open, and only access the files through them. This way it doesn’t
matter whether the files have been unlinked from the file system: as long as
you have the file descriptor open you can still access the file for both
reading and writing. When operating this way it is recommended to delete the
files right after creating them to ensure that on unexpected program
termination the files or directories are implicitly released by the kernel.
🥇 Use memfd_create() or O_TMPFILE . This is an extension of the
suggestion above: files created this way are never linked under a filename
in the file system. This means they are not subject to ageing (as they come
unlinked out of the box), and there’s no time window where a directory entry
for the file exists in the file system, and thus behaviour is fully robust
towards unexpected program termination as there are never files on disk that
need to be explicitly deleted.
🥇 Operate below a sub-directory of /tmp/ and /var/tmp/ you created, and
take a BSD file lock ( flock(dir_fd,
LOCK_SH) ) on that
sub-directory. This is particularly interesting when operating on more than
a single file, or on file nodes that are not plain regular files, for
example when extracting a tarball to a temporary directory. The ageing
algorithm will skip all directories (and everything below them) that are
locked through a BSD file lock. As BSD file locks are automatically released
when the file descriptor they are taken on is closed, and all file
descriptors opened by a process are implicitly closed when it exits, this is
a robust mechanism that ensures all temporary files are subject to ageing
when the program that owns them dies, but not while it is still running. Use
this when decompressing tarballs that contain files with old
modification/access times, as extracted files are otherwise immediately
candidates for deletion by the ageing algorithm. The
flock tool of the
util-linux packages makes this concept available to shell scripts. Note
that systemd-tmpfiles only checks for BSD file locks on directories, locks
on other types of file nodes (including regular files) are not considered.
Keep the access time of all temporary files created current. In regular
intervals, use utimensat() or a related call to update the access time
(“atime”) of all files that shall be kept around. Since the ageing algorithm
looks at the access time of files when deciding whether to delete them, it’s
sufficient to update their access times in sufficiently frequent intervals to
ensure the files are not deleted. Since most applications (and tools such as
ls ) primarily care for the modification time (rather than the access time)
using the access time for this purpose should be acceptable.
Set the “sticky” bit on regular files. The ageing logic skips deletion of
all regular files that have the sticky bit ( chmod +t ) set. This is
honoured for regular files only however, and has no effect on directories as
the sticky bit has a different meaning for them.
Don’t use /tmp/ or /var/tmp/ , but use your own sub-directory under
/run/ or $XDG_RUNTIME_DIRECTORY (the former if privileged, the latter if
unprivileged), or /var/lib/ and ~/.config/ (similar, but with
persistency and suitable for larger data). The two temporary directories
/tmp/ and /var/tmp/ come with the implicit clean-up semantics described
above. When this is not desired, it’s possible to create private per-package
runtime or state directories, and place all temporary files there. However,
do note that this means opting out of any kind of automatic clean-up, and it
is hence particularly essential that the program cleans up generated files
in these directories when they are no longer needed, in particular when the
program dies unexpectedly. Note: this strategy is only really suitable for
packages that operate in a “system wide singleton” fashion with “long”
persistence of its data or state, i.e. as opposed to programs that run in
multiple parallel or short-living instances. This is because a private
directory under /run (and the other mentioned directories) is itself
system and package specific singleton with greater longevity.
Exclude your temporary files from clean-ups via a tmpfiles.d/ drop-in
(which includes drop-ins in the runtime-only directory
/run/tmpfiles.d/ ). The x / X line types may be used to exclude files
matching the specified globbing patterns from the ageing logic. If this is
used, automatic clean-up is not done for matching files and directory, and
much like with the previous option it’s hence essential that the program
generating these temporary files carefully removes the temporary files it
creates again, and in particular so if it dies unexpectedly.
🥇 The semantics of options 2 (in case you only deal with temporary files, not
directories) and 3 (in case you deal with both) in the list above are in most
cases the most preferable. It is thus recommended to stick to these two
options.
While the ageing logic is very useful as a safety concept to ensure unused
files and directories are eventually removed a well written program avoids even
creating files that need such a clean-up. In particular:
Use memfd_create() or O_TMPFILE when creating temporary files.
unlink() temporary files right after creating them. This is very similar
to O_TMPFILE behaviour: consider deleting temporary files right after
creating them, while keeping open a file descriptor to them. Unlike
O_TMPFILE this method also works on older Linux systems and other OSes
that do not implement O_TMPFILE .
Generally, files allocated from /tmp/ and /var/tmp/ are allocated from a
pool shared by all local users. Moreover the space available in /tmp/ is
generally more restricted than /var/tmp/ . This means, that in particular in
/tmp/ space should be considered scarce, and programs need to be prepared
that no space is available. Essential programs might require a fallback logic
using a different location for storing temporary files hence. Non-essential
programs at least need to be prepared for ENOSPC errors and generate useful,
actionable error messages.
Some setups employ per-user quota on /var/tmp/ and possibly /tmp/ , to make
ENOSPC situations less likely, and harder to trigger from unprivileged
users. However, in the general case no such per-user quota is implemented
though, in particular not when tmpfs is used as backing file system, because
— even today — tmpfs still provides no native quota support in the kernel.
Both /tmp/ and /var/tmp/ are not necessarily available during early boot,
or — if they are available early — are not writable. This means software that
is intended to run during early boot (i.e. before basic.target — or more
specifically local-fs.target — is up) should not attempt to make use of
either. Interfaces such as memfd_create() or files below a package-specific
directory in /run/ are much better options in this case. (Note that some
packages instead use /dev/shm/ for temporary files during early boot; this is
not advisable however, as it offers no benefits over a private directory in
/run/ as both are backed by the same concept: tmpfs . The directory
/dev/shm/ exists to back POSIX shared memory (see
shm_open() and
related calls), and not as a place for temporary files. /dev/shm is
problematic as it is world-writable and there’s no automatic clean-up logic in
place.)
Everywhere
Threads
This forum
This thread
Everywhere
Threads
This forum
This thread
Everywhere
Threads
This forum
This thread
Everywhere
Threads
This forum
This thread
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
/private/var/tmp Gone... How to get it back
Thread starter
ingenious
Start date
Sep 12, 2007
Sort by reaction score
Jan 13, 2004
1,508
1
Washington, D.C.
This is the culmination of a long series of events.
It all started with not properly uninstalling Microsoft Office 2004 Test Drive before installing Office.
Then, I started (of course) having problems. If I opened Word first, everything was normal. However, if I clicked on a Word document first without Word being open, a German localized version would open instead.
I tried to hunt down the Remove Office application, but I had the name wrong and so I didn't find it in my normal Office install. I found it in /private/var/tmp/ "something" / "and then the folder that contained what I took to be the Office Test Drive [German/every other language inside]" I ran it, and it did strange things.
For one thing, it showed a copy of Office X Test Drive on the computer (there's not one) along with two copies of Office, 2004 and 2004 Test Drive. I clicked Remove and it did its thing, but everything was still there (except for my registered version).
I, unfortunately in hindsight, since I was having trouble getting this to remove, thought that the folder had been created by Microsoft Office because I had never heard of it. I then proceeded to delete the folder and empty the trash.
Now, all sorts of weird things are happening.
The keychain is stored in that folder (no saved passwords, no ability to recreate keychain).
No Web 2.0 apps.
No secure connections.
Weird Word printing errors (click File > Print and Word immediately crashes)
Microsoft AutoUpdate won't.
edit: I tried manually updating Office (I reinstalled from the CD) and the installer says Office is not installed.
Is there anyway to just install the parts I need or should I just Archive and Install?
Is there anyway to just install the parts I need or should I just Archive and Install?
Oct 2, 2006
6,387
372
The Land of Hope and Glory
As stated above, you should just be able to recreate it making sure the user is root, the group is wheels and the permissions are set to 777.
Jan 13, 2004
1,508
1
Washington, D.C.
but, of course, my keychain is gone...?
but, of course, my keychain is gone...?
Jan 13, 2004
1,508
1
Washington, D.C.
I would hope that the Apple engineers are smart enough to not put
anything that important in a more or less standard UNIX temporary
directory!
Jan 13, 2004
1,508
1
Washington, D.C.
I just tried recreating the directory, and after a restart, everything's back to normal (except Mail and iChat passwords don't show up in the keychain... in fact, almost nothing's there except for a certificate, but it's working again.).
Can someone explain this to me?
Why was this directory so important and why wasn't it "in use by Mac OS X"?
Why did I need to restart?
Why was this directory so important and why wasn't it "in use by Mac OS X"?
Why did I need to restart?
Jan 13, 2004
1,508
1
Washington, D.C.
Lots of processes running on your computer use files in the /private/var/tmp
folder. Some of them will fail to start if that folder does not exist. You
needed to reboot to make sure that all of those processes got a chance to
start up correctly. Most (hopefully all) of the files found in that folder are
of a completely temporary nature. In fact, a lot of UNIX based OSes clean
out their temporary directories (such as /private/var/tmp, /var/tmp, /tmp,
/opt/tmp) as one of the first things that happens when the machine is
restarted.
Files can be removed in UNIX even when they are in use under certain
circumstances. Any software that has a file open when it is removed will,
in general, continue to function properly. At least until it closes the file and
then tries to re-open it for reading.
Jan 13, 2004
1,508
1
Washington, D.C.
OK, I'm still having problems.
The keychain will still NOT remember any passwords, and it's causing problems (Mail won't send [doesn't always ask for passwords], iChat needs to have its password everytime...)
Help, again?
Hey, thanks for the explanation!
edit: so would the folder and everything else have come back on their own if the computer had just been restarted?
Jan 13, 2004
1,508
1
Washington, D.C.
Probably not. The system assumes the /private/var/tmp folder exists, and that it has the correct permissions. Why shouldn't it?
At this point I'm not sure why there are still problems with your keychain. As I said, I'm pretty surprised that the removal of /private/var/tmp should have had such an effect. Is it possible that your keychain file, which generally lives in /users/USERNAME/Library/Keychains/login.keychain has been damaged, deleted, or had its permissions changed?
Navigate to it and double click on that file to see if keychain access can open it. If not, hopefully it will give you some error message that points you in the right direction to a fix.
Jan 13, 2004
1,508
1
Washington, D.C.
[Mod, can you please move this to the pre-Leopard troubleshooting forum?]
Okay, sorry to resurrect such an old thread, but it was the easiest way for everyone to know what was going on.
Anyway, the problem never completely went away; I still had issues with passwords being remembered and things like that.
It was tolerable in hopes that someday I'd get it fixed, until today.
Today I tried to install Leopard, and it won't install because of this problem (I think.) It says it must wipe the drive because it can't write to it... and Disk Utility on the Leopard DVD says the HD needs repair. I repaired both the drive and its permissions with the Tiger DVD (Leopard DVD wouldn't do it) and it said the drive didn't need repair, but it fixed a myriad of permissions issues.
I honestly cannot afford to wipe this drive, and the only external drive I have is a 250GB USB drive formatted in FAT32.
Is there someway to migrate the account and network settings (etc.) to an external volume for use with Migration Assistant after Leopard wipes the drive?
macOS El Capitan (10.11) is unable to install any software updates or install any software because the /tmp and the /private/tmp folders don't seem to be writeable. Running this: sudo /usr/libexec/
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Sign up or log in to cus
Milfs Orgasm Masturbate
Girl Getting Naked
Hidden Masturbating Caught