[Xastir] Moved "tmp" files out of /var/tmp (CVS)

[Jack Twilley]

>>>>> "Curt" == Curt Mills <hacker at tc.fluke.com> writes:

Curt> For those of you depending on the /var/tmp location to allow web
Curt> servers access to your snapshot files.  I just broke it:

Curt> In CVS, I just moved all of the tmp files into ~/.xastir/tmp,
Curt> which is a new directory that will be created when you start up
Curt> Xastir.

Yay!

Curt> If your permissions are set such that a normal user can't read
Curt> your "~/.xastir/tmp" directory, then your web server will
Curt> probably have difficulty getting to it as well.  The permissions
Curt> are set fairly restrictively on the tmp directory as Xastir
Curt> creates it.  More than likely your home and ~/.xastir
Curt> directories are also set fairly restrictively.

This is traditionally a feature.

Curt> In order to get Apache to read the file I had to open up
Curt> permissions.  I then closed the permissions down after testing.
Curt> I'm looking for a better way to do this.  Perhaps the snapshot
Curt> file should be created in ~/.xastir/tmp and then moved to
Curt> public_html?

This should be done outside of xastir, perhaps with a script that is
contributed by a user.  This kind of script is definitely valuable,
but it shouldn't be part of xastir itself.  If we had a contrib
directory, I'd say to stick it there.

Curt> /var/tmp shouldn't be used by Xastir at all anymore.  This fix
Curt> is to help run Xastir more securely.

Yay Curt.  Major bonus points. :-)

Jack.
-- 
Jack Twilley
jmt at twilley dot org
http colon slash slash www dot twilley dot org slash tilde jmt slash