Xref: utzoo comp.unix.wizards:7256 comp.bugs.sys5:396
Path: utzoo!mnetor!uunet!husc6!uwvax!rutgers!mtune!mtgzz!mtgzy!ecl
From: ecl@mtgzy.UUCP (Evelyn C. Leeper)
Newsgroups: comp.unix.wizards,comp.bugs.sys5
Subject: cleaning sticky directories (was Re: Guide to writing secure setuid programs?)
Message-ID: <3503@mtgzy.UUCP>
Date: 21 Mar 88 14:19:13 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <1037@woton.UUCP> <700@virginia.acc.virginia.edu> <7616@oberon.USC.EDU> <8468@eddie.MIT.EDU> <3098@pegasus.UUCP> <7476@brl-smoke.ARPA>
Reply-To: ecl@mtgzy.UUCP (Evelyn C. Leeper)
Organization: AT&T Information Systems, Middletown NJ
Lines: 24
Keywords: sticky bit, directories, security
Summary: Use the cron!

In article <7476@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
> [re /tmp and /usr/tmp being shipped "sticky"]
> the system administrator ends up having to periodically clean out
> /tmp and /usr/tmp.  With this new scheme, he'll have to become
> superuser to do this, unless a privileged operator-executable
> cleanup utility is provided (or the system is rebooted and does
> this on each reboot).

As a system administrator, I don't enjoy "baby-sitting" /tmp and /usr/tmp.
So I don't--I use the cron to do cleanups (with a shell script):
	touch /tmp /usr/tmp
	find /tmp -type f -mtime +0 -print | xargs rm -f 2>/dev/null
	find /usr/tmp -type f -mtime +2 -print | xargs rm -f 2>/dev/null
(You can change the time as necessary.  It's a little trickier if you need to
do cleanups of files based on hours rather than days, but it can be done.)
I also use this script to send me mail if /usr is starting to run low and lots
of other neat things.

Moral: Use the cron!

					Evelyn C. Leeper
					201-957-2070
				UUCP:	mtune!mtgzy!ecl or ecl@mtgzy.att.com
				ARPA:	ecl%mtgzy@att.arpa