From owner-freebsd-security Tue Feb 26 10:12:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (mx0.roble.com [206.40.34.14]) by hub.freebsd.org (Postfix) with ESMTP id C30B337B405 for ; Tue, 26 Feb 2002 10:12:05 -0800 (PST) Received: from localhost (marquis@localhost) by roble.com with ESMTP id g1QIC4T20759 for ; Tue, 26 Feb 2002 10:12:05 -0800 (PST) Date: Tue, 26 Feb 2002 10:12:04 -0800 (PST) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: Third /tmp location ? (and maybe a fourth too) In-Reply-To: Message-ID: <20020226095708.Y20347-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bill Vermillion wrote: > > From: Dag-Erling Smorgrav > > > Bill Vermillion writes: > > > > Is the /usr/tmp really used for somethink usefull ? > > > I would think man 7 hier will answer that for you in a hurry. > > > Yes it really is usefull. > > > Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects > > /usr/tmp has been changed to use /var/tmp instead. > > And I set /usr/tmp for many things because there is no reason that > I can see to have var so big that it will hold large files I may > have to edit. I put /usr/tmp in almost all my .exrc files > as too many times I've gotten 'file system full'. File system full errors are typically caused by unnecessary partitioning. You rarely see them on single-partition systems. Creating symlinks or additional tmp directories to avoid the inevitable drawback of excess partitions is two bads, which don't sum to a good. Both also violate the KIS principle. > As I said "Yes it really is usefull". User applications really > should probably go in /usr/tmp if you have a lot of users. I do believe you're serious!? A better solution, if you *really* need a user+shared application space, would be /usr/local/${user}/... but even that's a hack. How about `mkdir /usr/local/$app ; chown $user /usr/local/app ; ln -s /usr/local/$app/bin/$app /usr/local/bin`? WRT security, shared user application directories, whether /var/tmp or /cgi-bin, should be avoided where possible. This is what read-only permissions and root-only access are all about. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message