I am using ubuntu 10.04 lts on my vps. Is it secure to leave /tmp directory without doing any tweaks. What i want to mean because it is set to chmod 777 do i have to harden its security? If yes, how?

Thank you.

Leave it as 777 although running

chmod +t /tmp

is a good idea this adds the sticky bit to the directory which on linux prevents anyone that isn't the owner or root from deleting it (the owner should be root).

This is what your permissions should look like

ls -lhd /tmp
drwxrwxrwt 4 root root 4.0K 2011-11-25 06:55 /tmp

Some people also like to put /tmp in a separate partition, this stops any rogue processes from filling up the drive, you can also set the noexec and nosuid mount options for a little extra protection thought I wouldn't recommend those unless you know what you're doing they can break package managers (especially cpan for perl)

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

obs thanks for the info! one last similar question.i have a wordpress blog. whenever a user uploads and image, i setup it to store them on a subdomain.

blog url is domain.com
subdomain for uploaded media is img.domain.com

subdomain root directory which is /img should be 777 because with 755 upload not possible. so is this secure ?

(i am running nginx web server btw)

777 means any user on the server can do anything in that directory, if you only have one wordpress site then it doesn't really matter.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Thanks!