libpam-tmpdir default in 14.10
John Moser
john.r.moser at gmail.com
Sun Apr 27 13:49:43 UTC 2014
As a matter of course, can libpam-tmpdir be used throughout the 14.10
development cycle?
libpam-tmpdir sets $TMP and $TMPDIR to /tmp/user/$(id -u)/ and ensures
that the directories exist:
/tmp/user/ 711 root:root
/tmp/user/$(id -u)/ 700 $(id -u):$(id -g)
This prevents /tmp from becoming cluttered, and prevents people from
seeing filenames still in /tmp. Firefox and Thunderbird put attachment
and downloaded (viewed) file names in /tmp, i.e. if you open a torrent
there's /tmp/fuzzydogs.torrent visible. With libpam-tmpdir, these files
fall into their own directory, which has restricted access.
In my experience, libpam-tmpdir causes no problems; however I would
suggest running it through a quality assurance cycle before installing
it by default. I do recommend shipping it installed by default.
More information about the Ubuntu-devel-discuss
mailing list