Geek Answers Handbook

How to create a file in the UNIX / tmp directory so that all users can read and write it?

I am trying to create a file in the / tmp directory (works on Linux UBUNTU 7.10) that has read / write / execute access for any user. Therefore, I use the open function (fileName, O_CREAT | O_RDWR, 0777) to create a file (from program C) in the user1 account, and I would like user2 to be able to write to a specific file. However, when I check the / tmp directory (with ls -l), I see that I do not have write permission for user2 (given the fact that user1 created it, I have write access for user1, but user2, which is considered to be "other" has no access). I tried using mode 0766 in an open function (and such combinations of 7 and 6 for modes), so that I can access write access for user2, but I still do not have the required access.

+4
source share
5 answers

You need to set umask to 000. The bits on umask are removed from the resolution you choose, and by default umask is usually 022 or 002.

Please note that things like the default ACLs and SELinux tags can also affect the readability and writeability of files. Use getfacl to view ACLs and ls -Z to see SELinux labels; for SELinux, you should also know which policies are active and what effect they have. The presence of an ACL can also be seen on ls -l as the + symbol after permissions.

+8
source

As CesarB noted, Unix disables the bits set in the umask process, so you must temporarily disable umask to gain full access.

mode_t oldmask = umask(0); fd = open(...); oldmask = umask(oldmask); assert(oldmask == 0);

(OK, you do not need to make this statement, it does not work.)

As Pistos noted, creating files in / tmp is a fraught process. If you think the file does not exist yet, add O_EXCL to prevent symbolic links from appearing in unexpected places.

One last point - why are you making an executable file? I think you should strive only for resolution 666, not 777 or 766. You certainly should not run a program that others can change at any time (therefore, the owner should not have permission to execute a file that others can write) , and the group members would probably also not appreciate the generosity. Others may perhaps get what they deserve if they execute the file, but still not very nice.

+3
source

FWIW, this is a security risk for creating something in / tmp (or / var / tmp, etc.) with a fixed name. A symbolic link can be set to / tmp with the same name pointing to anything, and your program will destroy the target file if the user running your program has permissions to do this.

For programs created programmatically in / tmp, random names should be assigned, but it is better not to use this directory at all if your system is not protected (potentially malicious users).

+2
source

I assume that you are trying to run some IPC. Have you analyzed some other ways to achieve this goal, for example, using dbus or som another system designed for this purpose?

+2
source

The only thing you can do is chmod the file after creating it:

 #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> int main() { creat("/tmp/foo", 0); chmod("/tmp/foo", 0666); }

In any case, it is unsafe to have such files.

+1
source

More articles:


All Articles