Партнёры:
Хостинг:
stmpclean - remove old files from a world-writable directory
The stmpclean utility never removes files or directories owned by root. It is a feature, not a bug. Great care is taken while descending into the directory, and the operation is secure. Anything that's not a directory, regular file, or symbolic link is also left alone (because programs like screen(1) create sockets and FIFOs under /tmp and expect them to be long-lived; we accomodate this practice). Unlike floating around Perl scripts that do the same task stmpclean never forks and consumes limited amount of memory (these Perl scripts easily turn into forking bombs when someone creates a lot a directories under ``/tmp''). If your system is attacked and the attacker creates an extremely deep file hierarchy, stmpclean won't add to the problem by crashing your system trying to remove it. But it won't help you in fighting the attack, either, because it descends only to a limited depth (currently, 30 levels). If stmpclean determines a race condition it'll log the situation (you can look for the word ``RACE'' in log files) and exit with a failure.
So, stmpclean will clean temporary directories for you fine when there are no attacks, and, when there is an attack, stmpclean won't make the situation worse (in particular, it cannot be tricked into removing files outside specified directories or consume unlimited amount of resources).
The following option is available:
The stmpclean utility exits 0 on success, and >0 if an error occurs.
#include <FreeBSD>
stmpclean
invocation should be placed into the file
/etc/periodic/daily/110.clean-tmps
In other versions of BSD it should go into the
/etc/daily
script.
On LSB-compliant Linux distributions, the invocation of
stmpclean
may be placed in a script under
/etc/cron.daily
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |