I'm wondering if /tmp should be owned by root, or rather nobody? Now with safe mode there are some conflicts, but I am worried about security if I change it to be owned by nobody...
Any advice will be very appreciated.
Answer
It should be owned by root, but must be readable and writable by anyone with one important factor: the sticky bit on the directory must be set in order to make it an append-only directory. In other words, only users who own a file inside the /tmp directory and have read/write permissions can remove or rename the file. You may read the man page for sticky(8) for more information on what the sticky bit is.
No comments:
Post a Comment