man: use paragraphs in descriptions of /tmp and /var/tmp
We have three somewhat separate ideas: what the directory is for, what $TMPDIR is for, and security considerations. Let's use paragraphs. Also, conjunctions in titles aren't capitalized usually.
This commit is contained in:
parent
278c13431b
commit
422128b46d
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
title: Using /tmp/ And /var/tmp/ Safely
|
title: Using /tmp/ and /var/tmp/ Safely
|
||||||
category: Interfaces
|
category: Interfaces
|
||||||
layout: default
|
layout: default
|
||||||
---
|
---
|
||||||
|
|
||||||
# Using `/tmp/` And `/var/tmp/` Safely
|
# Using `/tmp/` and `/var/tmp/` Safely
|
||||||
|
|
||||||
`/tmp/` and `/var/tmp/` are two world-writable directories Linux systems
|
`/tmp/` and `/var/tmp/` are two world-writable directories Linux systems
|
||||||
provide for temporary files. The former is typically on `tmpfs` and thus
|
provide for temporary files. The former is typically on `tmpfs` and thus
|
||||||
|
|
|
@ -127,20 +127,23 @@
|
||||||
<term><filename>/tmp/</filename></term>
|
<term><filename>/tmp/</filename></term>
|
||||||
<listitem><para>The place for small temporary files. This directory is usually mounted as a
|
<listitem><para>The place for small temporary files. This directory is usually mounted as a
|
||||||
<literal>tmpfs</literal> instance, and should hence not be used for larger files. (Use
|
<literal>tmpfs</literal> instance, and should hence not be used for larger files. (Use
|
||||||
<filename>/var/tmp/</filename> for larger files.) Since the directory is accessible to other users of
|
<filename>/var/tmp/</filename> for larger files.) This directory is usually flushed at boot-up. Also,
|
||||||
the system, it is essential that this directory is only written to with the <citerefentry
|
files that are not accessed within a certain time may be automatically deleted.</para>
|
||||||
project='man-pages'><refentrytitle>mkstemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
|
||||||
<citerefentry
|
<para>If applications find the environment variable <varname>$TMPDIR</varname> set, they should use
|
||||||
project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry> and
|
the directory specified in it instead of <filename>/tmp/</filename> (see <citerefentry
|
||||||
related calls. This directory is usually flushed at boot-up. Also, files that are not accessed within
|
|
||||||
a certain time are usually automatically deleted. If applications find the environment variable
|
|
||||||
<varname>$TMPDIR</varname> set, they should prefer using the directory specified in it over directly
|
|
||||||
referencing <filename>/tmp/</filename> (see <citerefentry
|
|
||||||
project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
|
project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
|
||||||
<ulink url="http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03">IEEE
|
<ulink url="http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03">IEEE
|
||||||
Std 1003.1</ulink> for details). For further details about this directory, see <ulink
|
Std 1003.1</ulink> for details).</para>
|
||||||
url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ And /var/tmp/
|
|
||||||
Safely</ulink>.</para></listitem>
|
<para>Since <filename>/tmp/</filename> is accessible to other users of the system, it is essential
|
||||||
|
that files and subdirectories under this directory are only created with <citerefentry
|
||||||
|
project='man-pages'><refentrytitle>mkstemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
|
<citerefentry
|
||||||
|
project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
|
and similar calls. For more details, see <ulink url="https://systemd.io/TEMPORARY_DIRECTORIES">Using
|
||||||
|
/tmp/ and /var/tmp/ Safely</ulink>.</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
@ -334,20 +337,22 @@
|
||||||
<term><filename>/var/tmp/</filename></term>
|
<term><filename>/var/tmp/</filename></term>
|
||||||
<listitem><para>The place for larger and persistent temporary files. In contrast to
|
<listitem><para>The place for larger and persistent temporary files. In contrast to
|
||||||
<filename>/tmp/</filename>, this directory is usually mounted from a persistent physical file system
|
<filename>/tmp/</filename>, this directory is usually mounted from a persistent physical file system
|
||||||
and can thus accept larger files. (Use <filename>/tmp/</filename> for smaller files.) This directory
|
and can thus accept larger files. (Use <filename>/tmp/</filename> for small ephemeral files.) This
|
||||||
is generally not flushed at boot-up, but time-based cleanup of files that have not been accessed for
|
directory is generally not flushed at boot-up, but time-based cleanup of files that have not been
|
||||||
a certain time is applied. The same security restrictions as with <filename>/tmp/</filename> apply,
|
accessed for a certain time is applied.</para>
|
||||||
and hence only <citerefentry
|
|
||||||
|
<para>If applications find the environment variable <varname>$TMPDIR</varname> set, they should use
|
||||||
|
the directory specified in it instead of <filename>/var/tmp/</filename> (see <citerefentry
|
||||||
|
project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
||||||
|
details).</para>
|
||||||
|
|
||||||
|
<para>The same security restrictions as with <filename>/tmp/</filename> apply: <citerefentry
|
||||||
project='man-pages'><refentrytitle>mkstemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
project='man-pages'><refentrytitle>mkstemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
<citerefentry
|
<citerefentry
|
||||||
project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry> or
|
project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||||
similar calls should be used to make use of this directory. If applications find the environment
|
and similar calls should be used. For further details about this directory, see <ulink
|
||||||
variable <varname>$TMPDIR</varname> set, they should prefer using the directory specified in it over
|
url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ and /var/tmp/ Safely</ulink>.</para>
|
||||||
directly referencing <filename>/var/tmp/</filename> (see <citerefentry
|
</listitem>
|
||||||
project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
|
|
||||||
details). For further details about this directory, see <ulink
|
|
||||||
url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ And /var/tmp/
|
|
||||||
Safely</ulink>.</para></listitem>
|
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
Loading…
Reference in a new issue