[opensuse-factory] Cleaning /tmp on boot
Hi, Being hit by a bug caused by wrong permissions in a directory in /tmp, I wondered why /tmp is not cleaned on boot (which is obviously not the right fix for the bug I'm seeing, I agree). I see that it's possible to configure this in /etc/sysconfig/cron: CLEAR_TMP_DIRS_AT_BOOTUP="no" Does anyone know the rationale for this being disabled by default? Thanks, Vincent -- Les gens heureux ne sont pas pressés. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, May 06, 2008 at 10:03:47AM +0200, Vincent Untz wrote:
Hi,
Being hit by a bug caused by wrong permissions in a directory in /tmp, I wondered why /tmp is not cleaned on boot (which is obviously not the right fix for the bug I'm seeing, I agree).
I see that it's possible to configure this in /etc/sysconfig/cron: CLEAR_TMP_DIRS_AT_BOOTUP="no"
Does anyone know the rationale for this being disabled by default?
Its difficult to get secure deletion, and also some people like their data to stay there over reboots. Also, I wonder why the /tmp/pulse-vuntz/ was created by root:root, perhaps after a "su" or "sudo". And why pulseaudio did not handle this bug like all other /tmp/GNOMEAPP-USER users, which do this just fine already. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le mardi 06 mai 2008, à 10:18 +0200, Marcus Meissner a écrit :
On Tue, May 06, 2008 at 10:03:47AM +0200, Vincent Untz wrote:
Hi,
Being hit by a bug caused by wrong permissions in a directory in /tmp, I wondered why /tmp is not cleaned on boot (which is obviously not the right fix for the bug I'm seeing, I agree).
I see that it's possible to configure this in /etc/sysconfig/cron: CLEAR_TMP_DIRS_AT_BOOTUP="no"
Does anyone know the rationale for this being disabled by default?
Its difficult to get secure deletion, and also some people like their data to stay there over reboots.
Nod. Makes sense, I guess.
Also, I wonder why the /tmp/pulse-vuntz/ was created by root:root, perhaps after a "su" or "sudo".
Yeah, it's not clear to me why this is happening. I don't use sudo on this computer, and looking at the bash history of root doesn't show anything obvious. As far as I can tell, yast2 is the only graphical application run as root. Probably an application launched via a launcher, but I fail to see which...
And why pulseaudio did not handle this bug like all other /tmp/GNOMEAPP-USER users, which do this just fine already.
Agree :-) Thanks, Vincent -- Les gens heureux ne sont pas pressés. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Vincent Untz escribió:
Nod. Makes sense, I guess.
you can also try installing the "tmpwatch" package. -- "Progress is possible only if we train ourselves to think about programs without thinking of them as pieces of executable code.” - Edsger W. Dijkstra Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-06 at 14:17 -0400, Cristian Rodríguez wrote:
Vincent Untz escribió:
Nod. Makes sense, I guess.
you can also try installing the "tmpwatch" package.
nimrodel:/ # zypper search tmpwatch Downloading repository 'Non-OSS-fctry' metadata [done] Building repository 'Non-OSS-fctry' cache [done] Downloading repository 'OSS-fctry' metadata [done] Building repository 'OSS-fctry' cache [done] Error building the cache database: repo2solv.sh "/var/cache/zypp/raw/OSS-fctry" > "/var/cache/zypp/solv/OSS-fctry/solv" Bad dependency line: =Prq: # Warning: Disabling repository 'OSS-fctry' because of the above error. Reading installed packages... No resolvables found. :-? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIIKomtTMYHG2NR9URAg1QAJ9qAPUdvFgrg2iGDlHxeixcDWMoYwCfa7sb LhWAFLaJLAM8xSAS1oQfxho= =+SFN -----END PGP SIGNATURE-----
Carlos E. R. escribió:
Warning: Disabling repository 'OSS-fctry' because of the above error.
There is a bug in the patterns, should be fixed soon. -- "Progress is possible only if we train ourselves to think about programs without thinking of them as pieces of executable code.” - Edsger W. Dijkstra Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/
On Tue 06 May 2008 20:18:51 NZST +1200, Marcus Meissner wrote:
I see that it's possible to configure this in /etc/sysconfig/cron: CLEAR_TMP_DIRS_AT_BOOTUP="no"
Does anyone know the rationale for this being disabled by default?
Its difficult to get secure deletion,
Even at that stage of the boot process, before any service is started, when you know only root is running anything and race-condition attacks aren't possible? (Out of interest - I have no issues with default=no). Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Wed, May 07, 2008 at 12:04:54AM +1200, Volker Kuhlmann wrote:
On Tue 06 May 2008 20:18:51 NZST +1200, Marcus Meissner wrote:
I see that it's possible to configure this in /etc/sysconfig/cron: CLEAR_TMP_DIRS_AT_BOOTUP="no"
Does anyone know the rationale for this being disabled by default?
Its difficult to get secure deletion,
Even at that stage of the boot process, before any service is started, when you know only root is running anything and race-condition attacks aren't possible? (Out of interest - I have no issues with default=no).
Err, no. At boot its easier to secure it. Just during runtime it is very hard. :) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, May 06, 2008 at 10:03:47AM +0200, Vincent Untz wrote: [ 8< ]
Does anyone know the rationale for this being disabled by default?
Caution and defensive. I consider this approach as the right one. Independent if it is /tmp, /var/tmp or any different directory. And as it is possible to configure it different the administrator has the choise. BTW Doing it different would cause the same repetitive complains as there are still regarding SuSEconfig overwriting settings. This had been the case in the very, very early S.u.S.E. days but trolls still put out this rumour. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-06 at 10:18 +0200, Lars Müller wrote:
On Tue, May 06, 2008 at 10:03:47AM +0200, Vincent Untz wrote: [ 8< ]
Does anyone know the rationale for this being disabled by default?
Caution and defensive. I consider this approach as the right one. Independent if it is /tmp, /var/tmp or any different directory. And as it is possible to configure it different the administrator has the choise.
Related to this. Aged temp files are deleted, but not if they belong to root. Shouldn't they be deleted too? Alternatively, couldn't they be handled with another set of settings for root's temp files?
BTW Doing it different would cause the same repetitive complains as there are still regarding SuSEconfig overwriting settings. This had been the case in the very, very early S.u.S.E. days but trolls still put out this rumour.
:-) I recently heard about some yast module overwriting local settings with no warning. Maybe postfix, I don't remember. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIIEnTtTMYHG2NR9URAsY+AJwLdrS08C9jS2gjzijS3pSF8jLo/QCdH7vh a4oE9xRDxI0qFp5qA9X/p84= =qVwa -----END PGP SIGNATURE-----
On Tue, May 06, 2008 at 02:06:42PM +0200, Carlos E. R. wrote: [ 8< ]
Aged temp files are deleted, but not if they belong to root.
By default no files are deleted. Independent of the user. See /etc/sysconfig/cron:MAX_DAYS_IN_TMP
Shouldn't they be deleted too? Alternatively, couldn't they be handled with another set of settings for root's temp files?
/etc/sysconfig/cron already provides this. Cf. OWNER_TO_KEEP_IN_TMP.
BTW Doing it different would cause the same repetitive complains as there are still regarding SuSEconfig overwriting settings. This had been the case in the very, very early S.u.S.E. days but trolls still put out this rumour.
:-)
I recently heard about some yast module overwriting local settings with no warning. Maybe postfix, I don't remember.
I recently heard ... Bugzilla, our life is driven by bugzilla. Without a report in bugzilla and a case to reproduce the defect there is no bug. ;) Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-06 at 14:33 +0200, Lars Müller wrote:
On Tue, May 06, 2008 at 02:06:42PM +0200, Carlos E. R. wrote: [ 8< ]
Aged temp files are deleted, but not if they belong to root.
By default no files are deleted. Independent of the user. See /etc/sysconfig/cron:MAX_DAYS_IN_TMP
I didn't say otherwise, I know that variable. But I think it was enabled by default years back.
Shouldn't they be deleted too? Alternatively, couldn't they be handled with another set of settings for root's temp files?
/etc/sysconfig/cron already provides this. Cf. OWNER_TO_KEEP_IN_TMP.
Yes, but the fact that, by default, root is listed there, implies there is some danger in doing that - or you would have cleared that variable years ago. For instance, it occurs to me that the MAX_DAYS_IN_TMP should be ignored if the uptime is greater.
BTW Doing it different would cause the same repetitive complains as there are still regarding SuSEconfig overwriting settings. This had been the case in the very, very early S.u.S.E. days but trolls still put out this rumour.
:-)
I recently heard about some yast module overwriting local settings with no warning. Maybe postfix, I don't remember.
I recently heard ... Bugzilla, our life is driven by bugzilla. Without a report in bugzilla and a case to reproduce the defect there is no bug. ;)
If it were me, I might. As this is a mail list for commenting things, I mentioned what I said. Someone may remember exact ocassions and report them :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIIFbptTMYHG2NR9URAmh5AJ9ECc7ljzAnPCw2/p3Q4H0bY/gWqQCfZJ9a Ht4JlCZSq+o5OQap3t2sVcU= =eNkq -----END PGP SIGNATURE-----
* Carlos E. R.
The Tuesday 2008-05-06 at 10:18 +0200, Lars Müller wrote:
BTW Doing it different would cause the same repetitive complains as there are still regarding SuSEconfig overwriting settings. This had been the case in the very, very early S.u.S.E. days but trolls still put out this rumour.
:-)
I recently heard about some yast module overwriting local settings with no warning. Maybe postfix, I don't remember.
/etc/postfix/main.cf *is* overwritten w/o notice. -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Patrick Shanahan
* Carlos E. R.
[05-06-08 08:08]: The Tuesday 2008-05-06 at 10:18 +0200, Lars Müller wrote:
BTW Doing it different would cause the same repetitive complains as there are still regarding SuSEconfig overwriting settings. This had been the case in the very, very early S.u.S.E. days but trolls still put out this rumour.
:-)
I recently heard about some yast module overwriting local settings with no warning. Maybe postfix, I don't remember.
/etc/postfix/main.cf *is* overwritten w/o notice.
Please file a bug report for this, this should not happen, Andreas -- Andreas Jaeger, Director Platform / openSUSE, aj@suse.de SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
* Andreas Jaeger
Patrick Shanahan
writes: * Carlos E. R.
[05-06-08 08:08]: I recently heard about some yast module overwriting local settings with no warning. Maybe postfix, I don't remember.
/etc/postfix/main.cf *is* overwritten w/o notice.
Please file a bug report for this, this should not happen,
I have been trying for about two hours. bugzilla.novell.com is *Waiting* ????? https://bugzilla.novell.com/enter_bug.cgi?classification=7340&product=SUSE+Linux+10.1&submit=Use+This+Product -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
* Andreas Jaeger
Patrick Shanahan
writes: * Carlos E. R.
[05-06-08 08:08]: The Tuesday 2008-05-06 at 10:18 +0200, Lars Müller wrote:
BTW Doing it different would cause the same repetitive complains as there are still regarding SuSEconfig overwriting settings. This had been the case in the very, very early S.u.S.E. days but trolls still put out this rumour.
:-)
I recently heard about some yast module overwriting local settings with no warning. Maybe postfix, I don't remember.
/etc/postfix/main.cf *is* overwritten w/o notice.
Please file a bug report for this, this should not happen,
Bug #388046 -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (8)
-
Andreas Jaeger
-
Carlos E. R.
-
Cristian Rodríguez
-
Lars Müller
-
Marcus Meissner
-
Patrick Shanahan
-
Vincent Untz
-
Volker Kuhlmann