Timeline for What are correct permissions for /tmp ? I unintentionally set it all public recursively
Current License: CC BY-SA 4.0
25 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 13, 2024 at 6:55 | history | edited | Stéphane Chazelas | CC BY-SA 4.0 |
added 102 characters in body
|
| S Jul 20, 2022 at 16:47 | history | edited | Gilles 'SO- stop being evil' | CC BY-SA 4.0 |
more clear
|
| S Jul 20, 2022 at 16:47 | history | suggested | Scrooge McDuck | CC BY-SA 4.0 |
more clear
|
| Jul 20, 2022 at 14:59 | review | Suggested edits | |||
| S Jul 20, 2022 at 16:47 | |||||
| Sep 27, 2021 at 8:06 | comment | added | Gilles 'SO- stop being evil' | @John This is an answer to the question “What are correct permissions for /tmp ?” | |
| Sep 27, 2021 at 8:03 | comment | added | John |
@Gilles'SO-stopbeingevil' Why should invoke run chmod 1777 /tmp when /tmp is not tmpfs filesystem?
|
|
| Sep 27, 2021 at 8:01 | comment | added | Gilles 'SO- stop being evil' |
@John To see if /tmp is a tmpfs filesystem, run df /tmp and see whether it's something like /dev/… … … … … / (part of the root filesystem) or tmpfs … … … … /tmp (a separate tmpfs filesystem). As for chmod 1777 /tmp, not sure what to add. It's the command to set /tmp to the permissions it should have.
|
|
| Sep 27, 2021 at 4:58 | comment | added | John |
@Gilles'SO-stopbeingevil' "If your /tmp is a tmpfs filesystem, a reboot will restore everything. Otherwise, run chmod 1777 /tmp." Two question arise: 1. how to know whether /tmp is tmpfs filesystem or not? 2. what do you want to tell us by "Otherwise, run chmod 1777 /tmp", could you please explain that in more detail for me?
|
|
| Sep 27, 2021 at 4:55 | review | Suggested edits | |||
| Sep 27, 2021 at 8:02 | |||||
| Jul 28, 2020 at 7:06 | comment | added | Gilles 'SO- stop being evil' |
@alper No, do not do that. 1777 is for /tmp itself, which is writable by everybody. Almost all directories in /tmp should only be readable and writable by their owner.
|
|
| Jul 28, 2020 at 2:42 | comment | added | alper |
Should I also do chmod 1777 -R /tmp for reaching out to subfolders I have created?
|
|
| Apr 12, 2020 at 4:26 | comment | added | rubo77 |
also check /var/tmp the same way, maybe you have the same error there
|
|
| Apr 12, 2020 at 4:18 | comment | added | rubo77 |
wouldnt this be enough? (if you are able to reboot the server) chmod 1777 /tmp; reboot
|
|
| Apr 21, 2018 at 8:58 | comment | added | Gilles 'SO- stop being evil' | @GabrielFair I replaced the command using wildcards by one using find which won't run into that problem. | |
| Apr 21, 2018 at 8:58 | history | edited | Gilles 'SO- stop being evil' | CC BY-SA 3.0 |
there may be other socket directories such as /tmp/.XIM-unix, /tmp/.font-unix, etc.; use find to avoid going over the command line length limit
|
| Apr 20, 2018 at 10:43 | comment | added | Gabriel Fair |
I'm running chmod -R go-rwx /tmp/* /tmp/.[!.]* on Ubuntu 16.04 and getting an error: -bash: /usr/bin/sudo: Argument list too long
|
|
| Oct 8, 2013 at 21:51 | comment | added | kurtm | The +t is referred to as the sticky bit. That's what keep anyone other than the owner from being able to remove files, even though the permissions are 777 otherwise. The sticky bit was originally to get the kernel to leave commonly programs in memory when they exited so they wouldn't have to be fetched from disk when next run. We're talking PDP11 days.... | |
| S Apr 8, 2013 at 12:33 | history | suggested | user | CC BY-SA 3.0 |
Add directory permissions
|
| Apr 8, 2013 at 11:58 | review | Suggested edits | |||
| S Apr 8, 2013 at 12:33 | |||||
| Apr 8, 2013 at 11:12 | comment | added | Olivier Dulac | @BartlomiejLewandowski: chmod -go-rwx : set "rwx" rights to Owner and Group. r=read, w=write, x=execute(for file) or enter/traverse(for directory). 777 = rwxrwxrwx (the right part can be seen as : "set 'r' set 'w' set 'x', set 'r' set 'w' set 'x', set 'r' set 'w' set 'x'" , which in binary is represented as "111111111" (1 to set, 0 to unset) . And "111111111" in binary is represented in octal as "777" (octal = groups of 3 bits, each group having value 0 to 7). if "rwxr-xr--" it would be "111101100" which in octal is "754" | |
| Apr 8, 2013 at 9:35 | history | edited | Gilles 'SO- stop being evil' | CC BY-SA 3.0 |
explain the chmod a bit; the X11 socket needs to be publicly accessible
|
| Apr 8, 2013 at 9:28 | comment | added | Gilles 'SO- stop being evil' |
@BartlomiejLewandowski go-rwx: no permissions for group and others. This sets the permissions to rwx------ (except that files that were created since the chmod may end up with fewer permissions, e.g. rw-------). In other words, the files will be accessible only by their owner. /tmp/.[!.]* is to include dot files, which commonly exist in /tmp.
|
|
| Apr 8, 2013 at 8:38 | comment | added | Bartlomiej Lewandowski | could you explain the second chmod more? | |
| Apr 8, 2013 at 0:54 | vote | accept | Stephane Rolland | ||
| Apr 8, 2013 at 0:47 | history | answered | Gilles 'SO- stop being evil' | CC BY-SA 3.0 |