This is pam_tmpdir, a module for (if needed) creating a secure directory for users' temporary files and setting TMP and TMPDIR. It is written by Tollef Fog Heen <tfheen@err.no>, and you may use this under the conditions of the GPL version 2, as noted in <http://www.gnu.org/copyleft/gpl.html>. I'd appreciate any bug reports, patches, suggestions etc. It is based on pam_env which in turn is based on pam_mail. To use this module, be sure to add a line like session optional pam_tmpdir.so to the services where you want to set $TMPDIR and $TMP. Note that using "optional" instead of "required" will allow users to login even if pam_tmpdir fails to create the safe tmpdir ($TMP and $TMPDIR will remain unset in this case). Using "required" will deny login if an error occurs while setting up the safe tmpdir, this could allow for a DoS attack if a malicious user gets the chance to create /tmp/user before pam_tmpdir does. The directory in which the users' temporary directories are created can be set using an entry in /etc/security/tmpdir.conf: tmpdir=/path/to/tmpdir pam_tmpdir will fail to create a safe tmpdir if this directory or any of its parents is group or world writable.
Generated by dwww version 1.15 on Fri Aug 29 01:28:07 CEST 2025.