TMPREAPER(8) | System Manager's Manual | TMPREAPER(8) |
NAME¶
tmpreaper - removes files which haven't been accessed for a period of timeSYNOPSIS¶
tmpreaper [-htvfmMsaT] [--help] [--test] [--verbose] [--force] [--delay=x] [--runtime=x] [--showdeleted] [--ctime] [--mtime] [--mtime-dir] [--symlinks] [--all] [[--protect '<shell_pattern>']...] <time_spec> <dirs>...DESCRIPTION¶
tmpreaper recursively searches for and removes files and empty directories which haven't been accessed for a given number of seconds. Normally, it's used to clean up directories which are used for temporary holding space, such as "/tmp". Please read the WARNINGS section of this manual.OPTIONS¶
- <noargs>, -h, --help
- Print a brief version, copyright, and usage statement on
stderr, then exit with error status 1.
- -t, --test
- Don't actually remove any files, but go through the
motions, checking through the directory, then pretend to remove the
eligible files.
- -v, --verbose
- Print a verbose display. Two levels of verbosity are
available---use this option twice to get the most verbose output. The
--test option automaticly sets --verbose once.
- --showdeleted
- Show what files and directories are deleted. The output is
in the form of shell commands, i.e. "rm /dir/dir2/file" and
"rmdir /dir/dir2".
- -f, --force
- Remove files even if EUID doesn't have write access
(akin to rm -f). Normally, files owned by the current EUID,
with no write bit set are not removed.
- --delay=x
- Delay execution at the start for a random time, up to
x seconds; if no value is specified, the default maximum time to
delay is 256 seconds. This is an option useful in cron scripts to make the
execution of tmpreaper less predictable, thus making things a little
harder for those who would attempt to use tmpreaper to thwart security.
- -T x, --runtime=x
- Execution of tmpreaper will aborted after x seconds;
this is to prevent attacks that create many, many files. By default the
timeout is set to 55 seconds. A value of 0 will disable this feature,
which is not advised as this feature prevents possible race-conditions
between different instances of tmpreaper.
- -m, --mtime
- Base the decision of whether to remove the file on its
mtime, rather than on its atime.
- -M, --mtime-dir
- Base the decision of whether to remove the directory on its
mtime, rather than on its atime.
- -c, --ctime
- Base the decision of whether to remove the file on its
ctime, in addition to its atime. Only applicable if
the --mtime options is not given!
- -s, --symlinks
- Remove symlinks too, not just regular files and
directories.
- -a, --all
- Remove all file types, not just regular files, symlinks,
and directories.
- --protect '<shell_pattern>'
- Protect the files that match the
<shell_pattern> from deletion. This option may be used more
than once. It has no one letter abbreviation, you must spell out the full
word "protect".
'.X*-{lock,unix,unix/*}' --protect '.ICE-{unix{/*,}}' \
5d /tmp # 5 day grace period
TIPS¶
As long as there are files present inside a subdirectory, it won't get removed. You can use a non-writable, self-owned file, perhaps named ".tmpreaper", or, if you are su, a file that has the ext2fs immutable attribute set, to keep a subdirectory from being deleted. Of course, you could just as easily use use the --protect option to obtain the same result.--protect './tmp/{blah?,dir{/blah4,}}' ./tmp \
--protect '/tmp/.X*' /tmp
... Note that if you use --all or --symlinks, it will have global effect. If you only want it turned on for one directory, you must use separate commands.
WARNINGS¶
Please do not ever run tmpreaper on `/'!!! There are no safeguards against this built into the program, because that would make it difficult to use in a chrooted environment.SEE ALSO¶
chattr(1) chdir(2) chroot(8) cron(1) getopt_long(3) ls(1) lsattr(1) rm(1) stat(1)[1] http://seclists.org/lists/bugtraq/1996/May/0046.html or http://www.security-express.com/archives/bugtraq/1996_2/0054.html http://linuxgazette.net/18/tmp.html (formerly http://www.linuxgazette.com/issue18/tmp.html) http://linuxgazette.net/20/followup.html
AUTHOR¶
Karl M. Hegbloom <karlheg@debian.org>
Erik Troan <ewt@redhat.com>
Paul Slootman <paul@debian.org>
Mon May 19 2008 | 4th Berkeley Distribution |