On Tuesday, April 03, 2012 13:19:33 Ludwig Nussel wrote:
Andreas Jaeger wrote:
On 03/30/2012 11:04 AM, Ludwig Nussel wrote:
Cristian Rodríguez wrote:
- For users, implement what Lnussel and fcrozat suggested, a separate tmp per user in /run/<user>/ tmpfs. Otherwise temporary file creation bugs will keep biting us forever.
I'm in favor of a per user $TMPDIR. I didn't say I like having it in /run/ ie tmpfs. tmpfs of course has the advantage of avoiding fragile and racy cleanup operations, at least on systems with short uptimes. In fact I use tmpfs myself for /tmp on my EEE PC with SSD. I don't use that system for any serious work though. I doubt it is a good idea for a general purpose installation to put TMPDIR on tmpfs. So I'd rather like to see TMPDIR per user, on persistent storage. The exact location would be the next controversial subject then though I guess :-)
I blogged about this thread: http://jaegerandi.blogspot.de/2012/03/tmp-as-tmpfs-for-opensuse.html
Lennart commented on my post with two points - one adressing your point above and the other that it's easy to revert the default:
"AJ, if you want private /tmp directories for users, I'd suggest to use kernel namespaces for that (there's a PAM module for that), instead of relying on $TMPDIR. This might break a few things which expect that /tmp is shared though, but is more comprehensive and secure, and leaves $TMPDIR to the admin and user (Which I think is a good thing). It also mimics more closely what we do for services with PrivateTmp=yes.
Well, for services this may make sense but for user sessions the namespace for /tmp doesn't answer the question whether to use tmpfs or if not where to store the local tmp. Also a namespace on /tmp would permanently hide the real /tmp from the user, right?
Yes, it would hide it, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org