Using the shared /tmp
directory is known to have lead to many security vulnerabilities when predictable filenames have been used. And randomly generated names aren't really nice looking.
I am thinking that maybe it would be better to use a per user temporary directory instead. Many applications will use the TMPDIR
environment variable in order to decide where temporary files goes.
On login I could simply set TMPDIR=/temp/$USER
where /temp
would then have to contain a directory for each user with that directory being writable to that user and nobody else.
But in that case I would still like /temp
to be a tmpfs
mountpoint, which means that the subdirectories would not exist after a reboot and need to be recreated somehow.
Is there any (de-facto) standard for how to create a tmpfs
with per user subdirectories? Or would I have to come up with my own non-standard tools to dynamically generate such directories?
Best Answer
You can use pam-tmpdir for this. It creates a directory for each user that logs in, at the start of their PAM session.
See How to remount filesystem at logout? for a little more context...
In Debian, Ubuntu and derivatives it's available in
libpam-tmpdir
.