View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions securing tmp directories
Log in to Ask a Question

securing tmp directories

linux

I am using centos 6.

Should i secure /var/tmp or /tmp directories ?

Any guide on this .

thank you

5 Replies

Those directories must be owned by root and group root and must be permission 1777 ("ls -ld /tmp" should show drwxrwxrwt). Anything else is a problem and will break things.

@sweh:

Those directories must be owned by root and group root and must be permission 1777 ("ls -ld /tmp" should show drwxrwxrwt). Anything else is a problem and will break things. 

% ls -ld /tmp /var/tmp
drwxrwxrwt 4 root root 4096 May 23 22:28 /tmp
drwxrwxrwt 2 root root 4096 May 18 06:25 /var/tmp

thank's

Because /tmp is a world read+write+execute directory it can be advisable to have it on its own partition and to mount it as nonexec. This means should someone be able to get a malicious program into your /tmp directory they will have a harder time executing it.

Also by having /tmp on its own partition if something goes crazy, from malice or mistake, with writing to it your entire drive won't get filled.

Some information on this at http://www.debian-administration.org/articles/57

I know you are running CentOS but same things apply.

Note noexec can break things such as compiling php modules using phpize etc..

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct