[Xastir-Dev] Moved "tmp" files out of /var/tmp (CVS)
Chris Bell
cbell at junknet.com
Fri Jun 20 20:30:39 EDT 2003
>
> For those of you depending on the /var/tmp location to allow web
> servers access to your snapshot files. I just broke it:
>
> In CVS, I just moved all of the tmp files into ~/.xastir/tmp, which
> is a new directory that will be created when you start up Xastir.
>
> If your permissions are set such that a normal user can't read your
> "~/.xastir/tmp" directory, then your web server will probably have
> difficulty getting to it as well. The permissions are set fairly
> restrictively on the tmp directory as Xastir creates it. More than
> likely your home and ~/.xastir directories are also set fairly
> restrictively.
>
> In order to get Apache to read the file I had to open up
> permissions. I then closed the permissions down after testing. I'm
> looking for a better way to do this. Perhaps the snapshot file
> should be created in ~/.xastir/tmp and then moved to public_html?
>
> /var/tmp shouldn't be used by Xastir at all anymore. This fix is
> to help run Xastir more securely.
>
Yay for moving out of /var/tmp!
How about a config option for dir/name of snapshot files? Still use
the private tmp, but then copy the final outcome to a "published"
place? Maybe even have %options for things like Date, time, user,
incrementing counter, for people that want to archive versions instead
of overwriting the "current" view?
Chris.
More information about the Xastir-dev
mailing list