13

The XDG Base Directory Specification is a very interesting spec for user directories. It also provides good default values, except for XDG_RUNTIME_DIR.

Now I am writing a software that needs to create named pipes. It is a per-user client-server framework (there is a FIFO for the server and a FIFO per client).

If XDG_RUNTIME_DIR is not defined, I am currently using a per-user subdirectory in /tmp — but it does not ensure all the specified conditions (viz. the paragraph starting with "The lifetime of the directory MUST be bound to the user being logged in…")

Is /tmp/myserver-$USER good enough?

Edit

I saw elsewhere a few suggestions:

  • . is quite unsatisfactory (at least because it is not an absolute path).
  • I also saw /var/run/user/$USER — not bad, but that directory does not exist (at least on my box running a Debian testing)
kelvin
  • 103
  • 5
cadrian
  • 1,245
  • 2
  • 8
  • 13

3 Answers3

9

SystemD makes /run/user/$USER kinda mandatory.

http://www.freedesktop.org/software/systemd/man/file-hierarchy.html

Unprivileged Write Access

Unprivileged processes generally lack write access to most of the hierarchy.

The exceptions for normal users are /tmp, /var/tmp, /dev/shm, as well as the home directory $HOME (usually found below /home) and the runtime directory $XDG_RUNTIME_DIR (found below /run/user) of the user, which are all writable.

For unprivileged system processes only /tmp, /var/tmp and /dev/shm are writable. If an unprivileged system process needs a private, writable directory in /var or /run, it is recommended to either create it before dropping privileges in the daemon code, to create it via tmpfiles.d(5) fragments during boot, or via the RuntimeDirectory= directive of service units (see systemd.unit(5) for details).

go2null
  • 255
  • 3
  • 5
  • `/run/user/${USER}` on my machine means `/run/user/mazunki`, while systemd uses `/run/user/1000` on all the machines I've seen, and I am pretty sure this is the norm. There is `/run/user/${UID}`, or the better `/run/user/$(id -u)`. Or am I misunderstanding something? – mazunki Jul 20 '22 at 19:17
6

/tmp is used by plenty of programs in a similar way already. On my system I can see the /tmp/orbit-$USER (used by Gnome's ORBit2) and /tmp/.X11-unix/ (Xorg and X11) directories with plenty of pipes, ehm, sockets, in them. I am sure there are also others, so I see nothing wrong with what you are doing. Just be prepared that since it is a world writeable location a malicious process can hijack the location (verify the permissions before you write to it).

I can also recommend $TMPDIR for those who use pam_mktemp, as this directory is only accessible by the user.

chutz
  • 7,569
  • 1
  • 28
  • 57
2

Create directory /tmp/service-$USER.id with unique id. For exsmple, in shell:

mktemp -d /tmp/service-"$USER".XXX
Selivanov Pavel
  • 2,126
  • 3
  • 23
  • 47
  • 1
    How do you ensure the requirement that the same directory is used from the first login to the last logout of the user? – cadrian Jun 01 '12 at 13:10
  • Hmmm... create symlink ~user/.service/tmp_dir. If linked directory does not exist, create new – Selivanov Pavel Jun 02 '12 at 01:05
  • `export XDG_RUNTIME_DIR=$(ls -d /tmp/service-$USER.???* 2>/dev/null || mktemp -d /tmp/service-$USER.XXX | tee >(xargs chmod 0700))` – Ryan Lue Jul 12 '22 at 01:51