mktemp on macOS Not Honoring $TMPDIR – Solutions

environment-variablesmacosmktemp

I've noticed this before, but it was brought up again as I was answering "How to move directory into a directory with the same name?":

The mktemp utility on macOS does not behave the same as the utility of the same name on Linux or BSD (or least OpenBSD) with respect to the TMPDIR environment variable.

To create a temporary file in the current directory, I can usually say

tmdfile=$(TMPDIR=. mktemp)

tmpfile=$(TMPDIR=$PWD mktemp)

(and similarly for a temporary directory with mktemp -d).

On macOS, I will have to force the utility to use the current directory by giving it an actual template, as in

tmpfile=(mktemp ./tmp.XXXXXXXX)

because using the more convenient tmpfile=$(TMPDIR=. mktemp) would ignore the TMPDIR variable and create the file under /var/folders/qg/s5jp5ffx2p1fxv0hy2l_p3hm0000gn/T or in a similarly named directory.

The manual for mktemp on macOS mentions that

If the -t prefix option is given, mktemp will generate a template string based on the prefix and
the _CS_DARWIN_USER_TEMP_DIR configuration variable if available. Fallback locations if
_CS_DARWIN_USER_TEMP_DIR is not available are TMPDIR and /tmp.

On my system, _CS_DARWIN_USER_TEMP_DIR appears to be unset:

$ getconf _CS_DARWIN_USER_TEMP_DIR
getconf: no such configuration parameter `_CS_DARWIN_USER_TEMP_DIR'

but e.g.

tmpfile=$(TMPDIR=. mktemp -t hello)

still creates a file under /var/folders/.../ (also when using $PWD in place of .).

I'm noticing that

$ getconf DARWIN_USER_TEMP_DIR
/var/folders/qg/s5jp5ffx2p1fxv0hy2l_p3hm0000gn/T/

but this doesn't help me much as I wouldn't know how to change this value.

The macOS mktemp utility is said to come from FreeBSD, which in turn got it from OpenBSD (which must have been quite a while ago).

Question:

Is this a bug (or omission) in the macOS implementation of mktemp? How do I change the DARWIN_USER_TEMP_DIR value (or _CS_DARWIN_USER_TEMP_DIR mentioned by the manual) from within a script (I would ideally want to unset it so that $TMPDIR takes precedence)?

Best Answer

/var/folders/qg/s5jp5ffx2p1fxv0hy2l_p3hm0000gn/

This is your Darwin user local directory. Its name is simply a modified base 32 encoding of the concatenation your MacOS User UUID and your MacOS (BSD) user ID. The first two letters of the encoding are used as a "bucket" system to attempt to keep directory sizes low. Those two characters are the encoded first 10 bits of the User UUID, because in base 32 one digit is of course 5 bits.

Its subdirectories are your user local temp and user local cache directories. Their names used to be -Caches- and -Tmp- but those have been shortened to C and T. It should be apparent that all of these names are fixed and unchangeable, unless you are willing to change your user ID or user UUID.

When an application calls confstr(_CS_DARWIN_USER_TEMP_DIR,…), the C library first tries to ensure that you have a user local directory, then tries to ensure that you have a user local temp directory within it.

Ensuring that you have a user local directory is non-trivial, because you do not have write access to /var/folders. So there is a dirhelper Mach launch dæmon that runs with superuser privileges and that securely creates these directories, responding to Mach IPC calls from applications from within the implementation of confstr() in their C libraries. You do have write access to the user local directory (once created) and so the C libraries just mkdir() its children directly if they do not already exist.

If this succeeeds, the mktemp program never looks at the value of the TMPDIR environment variable, because the fallback in mktemp's code is from calling confstr() to calling getenv() not the other way around. confstr(_CS_DARWIN_USER_TEMP_DIR,…) will almost always succeed. Its failure modes are things like the dirhelper launch dæmon not being able to be run, or the attempt to create the T subdirectory failing with an error other than that the directory already exists.

You could put something other than a directory as T, but this will be regularly cleaned up by the dirhelper launch dæmon, which is also what deletes stuff in /var/folders. Disabling the dirhelper launch dæmon will cause problems of its own, not the least of which will be /var/folders not getting cleaned. Denying yourself write permission on your user local directory will potentially interfere with all other uses of it, it being used for more than just a T subdirectory.

Your best option (aside from supplying a template) is to make T a symbolic link, but this is still far from good because it will of course affect all running applications of yours that might, at the very same instant, be wanting to create a temporary file.

Neither DARWIN_USER_TEMP_DIR nor _CS_DARWIN_USER_TEMP_DIR are variable names. They are names, for the getconf utility and for the confstr() library function, of a configuration string.

Related Solutions

Shell – Why is there no mktemp command in POSIX

That comes up regularly on the Austin Group mailing list, and I'm not under the impression the Open Group would be opposed to specifying it. It just needs someone to propose something. See for instance this message from Eric Blake (Red Hat, sits on the weekly POSIX meeting) from 2011 (here copied from gmane):

Date: Tue, 10 May 2011 07:13:32 -0600
From: Eric Blake <eblake-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Nico Schottelius <nico-posix-xuaVFQXs+5hIG4jRRZ66WA@public.gmane.org>
Cc: austin-group-l-7882/jkIBncuagvECLh61g@public.gmane.org
Newsgroups: gmane.comp.standards.posix.austin.general
Subject: Re: No mktemp in posix?
Organization: Red Hat
Message-ID: <4DC939FC.2040407@redhat.com>
References: <20110510105051.GA1767@ethz.ch>
Xref: news.gmane.org gmane.comp.standards.posix.austin.general:4151

On 05/10/2011 04:50 AM, Nico Schottelius wrote:
> Good morning,
>
> digging through Issue 7, I haven't found any utility that gives
> the ability to create a secure, temporary file that is usually
> implemented in mktemp.

echo 'mkstemp(fileXXXXXX)' | m4

will output the name of a just-created temporary file.  However, I agree
that there does not seem to be any standardized utility that gives
mkdtemp functionality, which is often more useful than mkstemp (after
all, once you have a secure temporary directory, then you can create
secure fifos within that directory, rather than having to wish for a
counterpart 'mkftemp' function).

> Is there no mktemp utility by intent or can we add it in the
> next issue?

I know both BSD and GNU have a mktemp(1) that wraps mktemp(), mkstemp(),
and mkdtemp().  In my inbox, I have record of some off-list email in
February of this year regarding some work between those teams to try and
converge on some common functionality and to word that in a manner
appropriate for the standard, although I can't find any publicly
archived messages to that effect.  But yes, I think adding mktemp(1) to
the next revision of the standard would be worthwhile.  I'll try to
revive those efforts and actually post some proposed wording.

--
Eric Blake   eblake-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

In a more recent thread (worth reading), Geoff Clare (from the Open Group):

Date: Wed, 2 Nov 2016 15:13:46 +0000
From: Geoff Clare <gwc-7882/jkIBncuagvECLh61g@public.gmane.org>
To: austin-group-l-7882/jkIBncuagvECLh61g@public.gmane.org
Newsgroups: gmane.comp.standards.posix.austin.general
Subject: Re: [1003.1(2013)/Issue7+TC1 0001016]: race condition with set -C
Message-ID: <20161102151346.GB24416@lt.loopback>
Xref: news.gmane.org gmane.comp.standards.posix.austin.general:13408

Stephane Chazelas <stephane.chazelas-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote, on 02 Nov 2016:
>
> At the moment, there's no way (that I know) to create a temp file
> reliably with POSIX utilities

Given an m4 utility that conforms to the 2008 standard, there is:

tmpfile=$(echo 'mkstemp(/tmp/fooXXXXXX)' | m4)

However, I don't know how widespread support for the new mkstemp()
macro is.

--
Geoff Clare <g.clare-7882/jkIBncuagvECLh61g@public.gmane.org>
The Open Group, Apex Plaza, Forbury Road, Reading, RG1 1AX, England

(which is where I learned that trick which you're referring to in your question).

Best Answer

Related Solutions

Shell – Why is there no mktemp command in POSIX

Related Question