Why do we need mktemp?

linux shell filesystems
Shehbaz Jaffer picture Shehbaz Jaffer · Jul 24, 2012 · Viewed 47.1k times · Source

I do not understand the function of mktemp and what a temporary file means.

Whats the difference between say touch xyz and mktemp xyz (apart from the fact that mktemp will create some file with xxx appended to it and will have 600 permissions?)

Please clarify.

Answer

Igor Chubin picture Igor Chubin · Jul 24, 2012

mktemp randomizes the name. It is very important from the security point of view.

Just imagine that you do something like:

echo something > /tmp/temporary-file

in your root-running script.

And someone (who has read your script) does

ln -s /etc/passwd /tmp/temporary-file

before.

This results in /etc/passwd being overwritten. Now everyone has root access on this system!

The mktemp command could help you in this situation:

TEMP=$(mktemp /tmp/temporary-file.XXXXXXXX)
echo something > ${TEMP}

Now this ln /etc/passwd attack will not work.

Related questions

is there a way to see the actual contents of a symlink?

When you do cat some-symlink-to-some-real-file it shows the contents of the real file, not what is within the symlink itself. Is there a way to see what's actually in it?

Read More
How can I recursively find all files in current and subfolders based on wildcard matching?

How can I recursively find all files in current and subfolders based on wildcard matching?

Read More
How to exclude a directory in find . command

I'm trying to run a find command for all JavaScript files, but how do I exclude a specific directory? Here is the find code we're using. for file in $(find . -name '*.js') do java -jar config/yuicompressor-2.4.2.jar --type …

Read More