5

I'm often using, on unix servers I'm working with, the /tmp folder as a folder where I write temporal stuff needed for my software (mainly web applications). It has usually 777 permissions.

I found in my local machine, which mounts OsX Maverick, that the /tmp folder does NOT have 777 permissions, but drwxr-xr-x.

/tmp is actually a symbolic link to /private/tmp, which has the same permissions.

My question is: is there any security reason why /tmp (or /private/tmp) should not have 777 permissions? Practical explanatory examples would be great!

Improve this question
5
  • /tmp with mode 0777 wouldn't be very nice on a multi-user system; it means anyone can delete anyone else's temporary files. You probably meant 1777, which is world writable with the sticky bit set, so any user can write but only the owner of a file can delete the file.
    – user
    Commented May 15, 2014 at 11:21
  • I think the key to answering your question is the /private part. What exactly is that used for in OS X?
    – user
    Commented May 15, 2014 at 11:22
  • In unix if you have write permissions on a folder, you can write or delete any file inside that folder. /private is a container for parts of the standard unix filesystem hierarchy that may vary between individual computers (e.g. /etc is a symlink to /private/etc, where the actual config files are). AIUI this was originally done to support netbooting under NextSTEP. Taken from: unix.stackexchange.com/questions/63555/…
    – clami219
    Commented May 15, 2014 at 12:30
  • "In unix if you have write permissions on a folder, you can write or delete any file inside that folder." Unless the sticky bit is set on the directory. See for example superuser.com/a/153723/53590 as well as the other answers on that question.
    – user
    Commented May 15, 2014 at 13:13
  • Ok, good point.
    – clami219
    Commented May 15, 2014 at 14:04

2 Answers 2

Reset to default
9

The /private/tmp/ directory should have permission modes 1777 (drwxrwxrwt) and not 0755 (drwxr-xr-x) as you are seeing.

Theses same modes (1777) should also be set on /var/tmp/

I can't speculate on the causes of your non-standard modes.

Improve this answer
5
  • I agree with you. Still, with a fresh installation of Maverick, I had 0755.
    – clami219
    Commented May 15, 2014 at 15:09
  • On my 10.9.2 host the permissions are as follows: user@host:~ # ls -ld@ /tmp lrwxr-xr-x@ 1 root wheel 11 Oct 23 2013 /tmp -> private/tmp com.apple.FinderInfo 32 user@host:~ # ls -ld@ /private/tmp drwxrwxrwt 12 root wheel 408 May 16 08:27 /private/tmp
    – gurple
    Commented May 16, 2014 at 6:28
  • Fair enough!...
    – clami219
    Commented May 16, 2014 at 14:39
  • How come I can't change the permissions via sudo chmod?
    – AlxVallejo
    Commented Jul 17, 2014 at 13:49
  • 1
    @AlxVallejo, I will guess that you are trying to change the permission modes on a symbolic link. Unless you are using the '-h' option with chmod you will be changing the permission modes on the file or directory that the symbolic link points to rather than the link itself.
    – gurple
    Commented Jul 22, 2014 at 6:34
2

you can also use this:

sudo diskutil repairPermissions / - repairs permissions of system directories (like if /tmp is incorrect)

source: http://www.macworld.com/article/1052220/repairpermissions.html

Improve this answer
2
  • 1
    Welcome to Super User. Although this may answer the question, you should give a more detailed description of the linked content and explain how it relates to the question. This will help ensure that this answer remains useful in the event the linked page goes is removed or goes offline. For more information, see this Meta Stack Exchange post.
    – bwDraco
    Commented Jan 26, 2015 at 16:09
  • This answer seems out of date for El Capitain as my diskutil has no repairPermissions action.
    – velop
    Commented May 30, 2016 at 14:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .