Improving mktemp

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite
1












I am wondering how to best improve on mktemp for use with encrypted containers or file systems.



The issue that I am dealing with is that I would like my shell scripts to store temporary files inside the file system that contains the working directory, if possible.



The normal behaviour of mktemp seems to be to use a root path specified in an environment variables or /tmp. This will, however, routinely leak temporary data to unencrypted locations if I am working with files inside encrypted containers.



The idea is to first check the presence of a tmp directory in the mount point of the current file system and to use /tmponly as a last resort. How can I reliably (and efficiently) realize that.



Edit



A possible way to identify the mount directory of a given path is the following 



dir=`realpath [path]`; 
res=1; 
while [ $res -ne 0 ]; do 
 dir="$dir%/*"; 
 mountpoint -q "$dir/"; 
 res=$?; 
done; 
echo "$dir";


I am not sure, however, if that is the most efficient one.




bash mktemp




share|improve this question






















  • Why not just encrypt /tmp, or use tmpfs so it stays in ram?
    – psusi
    Jan 5 at 23:59










  • My tmp is already encrypted, but with a security policy different from the differing policies of the various containers, so it won't help. For the same reason, I would need a different tmpfs for each container.
    – highsciguy
    Jan 6 at 14:13










  • When you say "container" are you talking about LXC containers? If so, then yes, they absolutely should each have their own /tmp.
    – psusi
    Jan 6 at 17:17










  • You may think of truecrypt containers or volumes mounted somewhere in a users home directory.
    – highsciguy
    Jan 6 at 17:34














up vote
1
down vote

favorite
1












I am wondering how to best improve on mktemp for use with encrypted containers or file systems.



The issue that I am dealing with is that I would like my shell scripts to store temporary files inside the file system that contains the working directory, if possible.



The normal behaviour of mktemp seems to be to use a root path specified in an environment variables or /tmp. This will, however, routinely leak temporary data to unencrypted locations if I am working with files inside encrypted containers.



The idea is to first check the presence of a tmp directory in the mount point of the current file system and to use /tmponly as a last resort. How can I reliably (and efficiently) realize that.



Edit



A possible way to identify the mount directory of a given path is the following 



dir=`realpath [path]`; 
res=1; 
while [ $res -ne 0 ]; do 
 dir="$dir%/*"; 
 mountpoint -q "$dir/"; 
 res=$?; 
done; 
echo "$dir";


I am not sure, however, if that is the most efficient one.




bash mktemp




share|improve this question






















  • Why not just encrypt /tmp, or use tmpfs so it stays in ram?
    – psusi
    Jan 5 at 23:59










  • My tmp is already encrypted, but with a security policy different from the differing policies of the various containers, so it won't help. For the same reason, I would need a different tmpfs for each container.
    – highsciguy
    Jan 6 at 14:13










  • When you say "container" are you talking about LXC containers? If so, then yes, they absolutely should each have their own /tmp.
    – psusi
    Jan 6 at 17:17










  • You may think of truecrypt containers or volumes mounted somewhere in a users home directory.
    – highsciguy
    Jan 6 at 17:34












up vote
1
down vote

favorite
1









up vote
1
down vote

favorite
1






1





I am wondering how to best improve on mktemp for use with encrypted containers or file systems.



The issue that I am dealing with is that I would like my shell scripts to store temporary files inside the file system that contains the working directory, if possible.



The normal behaviour of mktemp seems to be to use a root path specified in an environment variables or /tmp. This will, however, routinely leak temporary data to unencrypted locations if I am working with files inside encrypted containers.



The idea is to first check the presence of a tmp directory in the mount point of the current file system and to use /tmponly as a last resort. How can I reliably (and efficiently) realize that.



Edit



A possible way to identify the mount directory of a given path is the following 



dir=`realpath [path]`; 
res=1; 
while [ $res -ne 0 ]; do 
 dir="$dir%/*"; 
 mountpoint -q "$dir/"; 
 res=$?; 
done; 
echo "$dir";


I am not sure, however, if that is the most efficient one.




bash mktemp




share|improve this question














I am wondering how to best improve on mktemp for use with encrypted containers or file systems.



The issue that I am dealing with is that I would like my shell scripts to store temporary files inside the file system that contains the working directory, if possible.



The normal behaviour of mktemp seems to be to use a root path specified in an environment variables or /tmp. This will, however, routinely leak temporary data to unencrypted locations if I am working with files inside encrypted containers.



The idea is to first check the presence of a tmp directory in the mount point of the current file system and to use /tmponly as a last resort. How can I reliably (and efficiently) realize that.



Edit



A possible way to identify the mount directory of a given path is the following 



dir=`realpath [path]`; 
res=1; 
while [ $res -ne 0 ]; do 
 dir="$dir%/*"; 
 mountpoint -q "$dir/"; 
 res=$?; 
done; 
echo "$dir";


I am not sure, however, if that is the most efficient one.





bash mktemp





share|improve this question













share|improve this question




share|improve this question








edited Mar 23 at 12:42

























asked Jan 5 at 21:48









highsciguy

88931121




88931121











  • Why not just encrypt /tmp, or use tmpfs so it stays in ram?
    – psusi
    Jan 5 at 23:59










  • My tmp is already encrypted, but with a security policy different from the differing policies of the various containers, so it won't help. For the same reason, I would need a different tmpfs for each container.
    – highsciguy
    Jan 6 at 14:13










  • When you say "container" are you talking about LXC containers? If so, then yes, they absolutely should each have their own /tmp.
    – psusi
    Jan 6 at 17:17










  • You may think of truecrypt containers or volumes mounted somewhere in a users home directory.
    – highsciguy
    Jan 6 at 17:34
















  • Why not just encrypt /tmp, or use tmpfs so it stays in ram?
    – psusi
    Jan 5 at 23:59










  • My tmp is already encrypted, but with a security policy different from the differing policies of the various containers, so it won't help. For the same reason, I would need a different tmpfs for each container.
    – highsciguy
    Jan 6 at 14:13










  • When you say "container" are you talking about LXC containers? If so, then yes, they absolutely should each have their own /tmp.
    – psusi
    Jan 6 at 17:17










  • You may think of truecrypt containers or volumes mounted somewhere in a users home directory.
    – highsciguy
    Jan 6 at 17:34















Why not just encrypt /tmp, or use tmpfs so it stays in ram?
– psusi
Jan 5 at 23:59




Why not just encrypt /tmp, or use tmpfs so it stays in ram?
– psusi
Jan 5 at 23:59












My tmp is already encrypted, but with a security policy different from the differing policies of the various containers, so it won't help. For the same reason, I would need a different tmpfs for each container.
– highsciguy
Jan 6 at 14:13




My tmp is already encrypted, but with a security policy different from the differing policies of the various containers, so it won't help. For the same reason, I would need a different tmpfs for each container.
– highsciguy
Jan 6 at 14:13












When you say "container" are you talking about LXC containers? If so, then yes, they absolutely should each have their own /tmp.
– psusi
Jan 6 at 17:17




When you say "container" are you talking about LXC containers? If so, then yes, they absolutely should each have their own /tmp.
– psusi
Jan 6 at 17:17












You may think of truecrypt containers or volumes mounted somewhere in a users home directory.
– highsciguy
Jan 6 at 17:34




You may think of truecrypt containers or volumes mounted somewhere in a users home directory.
– highsciguy
Jan 6 at 17:34










1 Answer
1






active

oldest

votes

















up vote
0
down vote













You can specify any directory to mktemp; either using the -p option or setting a different TMPDIR.



-p temp-dir, --tmpdir=temp-dir
 temp directory for the file. This option is a member of the
 tmpdir class of options.

 If this option is not provided, mktemp will use the environment
 variable TMPDIR to find a suitable directory. If these are not
 available, it will fall back to ~/tmp or /tmp. A <file-pat>
 command line argument containing a directory component will con-
 flict with this option.


For instance:



#!/bin/bash
TMPDIR=`pwd`
mktemp





share|improve this answer




















  • OK, need to try that. My man page reads a little bit differently. Will it find a tmp directory in a super directory of pwd if there is none in pwd itself?
    – highsciguy
    Jan 6 at 14:10










  • Try it and see how it behaves.
    – Rui F Ribeiro
    Jan 6 at 14:27










  • Tried it. On my system, TMPDIR=pwd; export TMPDIR; mktemp will create a temporary file in pwd. This is not the behaviour that I want, since it will create temporary files everywhere. Perhaps that is better than leaking confidential information to directories that are not encrypted. However, I would still prefer to have my temporary files in a central location for each container.
    – highsciguy
    Jan 6 at 17:57










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f415098%2fimproving-mktemp%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













You can specify any directory to mktemp; either using the -p option or setting a different TMPDIR.



-p temp-dir, --tmpdir=temp-dir
 temp directory for the file. This option is a member of the
 tmpdir class of options.

 If this option is not provided, mktemp will use the environment
 variable TMPDIR to find a suitable directory. If these are not
 available, it will fall back to ~/tmp or /tmp. A <file-pat>
 command line argument containing a directory component will con-
 flict with this option.


For instance:



#!/bin/bash
TMPDIR=`pwd`
mktemp





share|improve this answer




















  • OK, need to try that. My man page reads a little bit differently. Will it find a tmp directory in a super directory of pwd if there is none in pwd itself?
    – highsciguy
    Jan 6 at 14:10










  • Try it and see how it behaves.
    – Rui F Ribeiro
    Jan 6 at 14:27










  • Tried it. On my system, TMPDIR=pwd; export TMPDIR; mktemp will create a temporary file in pwd. This is not the behaviour that I want, since it will create temporary files everywhere. Perhaps that is better than leaking confidential information to directories that are not encrypted. However, I would still prefer to have my temporary files in a central location for each container.
    – highsciguy
    Jan 6 at 17:57














up vote
0
down vote













You can specify any directory to mktemp; either using the -p option or setting a different TMPDIR.



-p temp-dir, --tmpdir=temp-dir
 temp directory for the file. This option is a member of the
 tmpdir class of options.

 If this option is not provided, mktemp will use the environment
 variable TMPDIR to find a suitable directory. If these are not
 available, it will fall back to ~/tmp or /tmp. A <file-pat>
 command line argument containing a directory component will con-
 flict with this option.


For instance:



#!/bin/bash
TMPDIR=`pwd`
mktemp





share|improve this answer




















  • OK, need to try that. My man page reads a little bit differently. Will it find a tmp directory in a super directory of pwd if there is none in pwd itself?
    – highsciguy
    Jan 6 at 14:10










  • Try it and see how it behaves.
    – Rui F Ribeiro
    Jan 6 at 14:27










  • Tried it. On my system, TMPDIR=pwd; export TMPDIR; mktemp will create a temporary file in pwd. This is not the behaviour that I want, since it will create temporary files everywhere. Perhaps that is better than leaking confidential information to directories that are not encrypted. However, I would still prefer to have my temporary files in a central location for each container.
    – highsciguy
    Jan 6 at 17:57












up vote
0
down vote










up vote
0
down vote









You can specify any directory to mktemp; either using the -p option or setting a different TMPDIR.



-p temp-dir, --tmpdir=temp-dir
 temp directory for the file. This option is a member of the
 tmpdir class of options.

 If this option is not provided, mktemp will use the environment
 variable TMPDIR to find a suitable directory. If these are not
 available, it will fall back to ~/tmp or /tmp. A <file-pat>
 command line argument containing a directory component will con-
 flict with this option.


For instance:



#!/bin/bash
TMPDIR=`pwd`
mktemp





share|improve this answer












You can specify any directory to mktemp; either using the -p option or setting a different TMPDIR.



-p temp-dir, --tmpdir=temp-dir
 temp directory for the file. This option is a member of the
 tmpdir class of options.

 If this option is not provided, mktemp will use the environment
 variable TMPDIR to find a suitable directory. If these are not
 available, it will fall back to ~/tmp or /tmp. A <file-pat>
 command line argument containing a directory component will con-
 flict with this option.


For instance:



#!/bin/bash
TMPDIR=`pwd`
mktemp






share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 5 at 21:53









Rui F Ribeiro

35.3k1270114




35.3k1270114











  • OK, need to try that. My man page reads a little bit differently. Will it find a tmp directory in a super directory of pwd if there is none in pwd itself?
    – highsciguy
    Jan 6 at 14:10










  • Try it and see how it behaves.
    – Rui F Ribeiro
    Jan 6 at 14:27










  • Tried it. On my system, TMPDIR=pwd; export TMPDIR; mktemp will create a temporary file in pwd. This is not the behaviour that I want, since it will create temporary files everywhere. Perhaps that is better than leaking confidential information to directories that are not encrypted. However, I would still prefer to have my temporary files in a central location for each container.
    – highsciguy
    Jan 6 at 17:57
















  • OK, need to try that. My man page reads a little bit differently. Will it find a tmp directory in a super directory of pwd if there is none in pwd itself?
    – highsciguy
    Jan 6 at 14:10










  • Try it and see how it behaves.
    – Rui F Ribeiro
    Jan 6 at 14:27










  • Tried it. On my system, TMPDIR=pwd; export TMPDIR; mktemp will create a temporary file in pwd. This is not the behaviour that I want, since it will create temporary files everywhere. Perhaps that is better than leaking confidential information to directories that are not encrypted. However, I would still prefer to have my temporary files in a central location for each container.
    – highsciguy
    Jan 6 at 17:57















OK, need to try that. My man page reads a little bit differently. Will it find a tmp directory in a super directory of pwd if there is none in pwd itself?
– highsciguy
Jan 6 at 14:10




OK, need to try that. My man page reads a little bit differently. Will it find a tmp directory in a super directory of pwd if there is none in pwd itself?
– highsciguy
Jan 6 at 14:10












Try it and see how it behaves.
– Rui F Ribeiro
Jan 6 at 14:27




Try it and see how it behaves.
– Rui F Ribeiro
Jan 6 at 14:27












Tried it. On my system, TMPDIR=pwd; export TMPDIR; mktemp will create a temporary file in pwd. This is not the behaviour that I want, since it will create temporary files everywhere. Perhaps that is better than leaking confidential information to directories that are not encrypted. However, I would still prefer to have my temporary files in a central location for each container.
– highsciguy
Jan 6 at 17:57




Tried it. On my system, TMPDIR=pwd; export TMPDIR; mktemp will create a temporary file in pwd. This is not the behaviour that I want, since it will create temporary files everywhere. Perhaps that is better than leaking confidential information to directories that are not encrypted. However, I would still prefer to have my temporary files in a central location for each container.
– highsciguy
Jan 6 at 17:57












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f415098%2fimproving-mktemp%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Peggy Mitchell

Image
EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
Read more

Palaiologos

Image
Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
Read more

The Forum (Inglewood, California)

Image
The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
Read more