Classic Shell Scripting - Arnold Robbins [149]
$ df /tmp
Show disk free space for /tmp
Filesystem 1K-blocks Used Available Use% Mounted on
swap 25199032 490168 24708864 2% /tmp
Putting the filesystem in the swap area means that it resides in memory until memory resources run low, at which point some of it may be written to swap.
* * *
Tip
The temporary-file directories are shared resources, making them subject to denial of service from other jobs that fill up the filesystem (or swap space), and to snooping or to file removal by other users. System management may therefore monitor space usage in those directories, and run cron jobs to clean out old files. In addition, the sticky permission bit is normally set on the directory so that only root and the files' owner can remove them. It is up to you to set file permissions to restrict access to files that you store in such directories. Shell scripts should normally use the umask command (see Section B.6.1.3 in Appendix B), or else first create the needed temporary files with touch, and then run chmod to set suitable permissions.
* * *
To ensure that a temporary file is removed on job completion, programmers of compiled languages can first open the file, and then issue an unlink( ) system call. That deletes the file immediately, but because it is still open, it remains accessible until it is closed or until the job terminates, whichever happens first. The technique of unlink-after-open generally does not work on non-Unix operating systems, or in foreign filesystems mounted on directories in the Unix filesystem, and is not usable in most scripting languages.
* * *
Tip
On many systems, /tmp and /var/tmp are relatively small filesystems that are often mounted in separate partitions away from the root partition so that their filling up cannot interfere with, say, system logging. In particular, this means that you may not be able to create large temporary files in them, such as ones needed for a filesystem image of a CD or DVD. If /tmp fills up, you might not even be able to compile programs until your system manager fixes the problem, unless your compiler allows you to redirect temporary files to another directory.
* * *
The $$ Variable
Shared directories, or multiple running instances of the same program, bring the possibility of filename collisions. The traditional solution in shell scripts is to use the process ID (see Section 13.2), available in the shell variable $$, to form part of temporary filenames. To deal with the possibility of a full temporary filesystem, it is also conventional to allow the directory name to be overridden by an environment variable, traditionally called TMPDIR. In addition, you should use a trap command to request deletion of temporary files on job completion (see Section 13.3.2). A common shell-script preamble is:
umask 077 Remove access for all but user
TMPFILE=${TMPDIR-/tmp}/myprog.$$ Generate a temporary filename
trap 'rm -f $TMPFILE' EXIT Remove temporary file on completion
The mktemp Program
Filenames like /tmp/myprog.$$ have a problem: they are readily guessable. An attacker only needs to list the directory a few times while the target is running to figure out what temporary files are being used. By creating a suitably named file in advance, the attacker might be able to get your program to fail, or to read forged data, or to set the file permissions to allow the attacker to read the file.
To deal with this security issue, filenames must be unpredictable. BSD and GNU/Linux systems have the mktemp command for creating names of temporary files that are hard to guess. While the underlying mktemp( ) library call is standardized by POSIX, the mktemp command is not. If your system lacks mktemp, we recommend that you install a portable version[2] derived from OpenBSD.
mktemp takes an optional filename template containing a string of trailing X characters, preferably at least a dozen of them. It replaces