Posted July 30, 2019
The /tmp directory is a temporary landing place for files. Users also have write access to this directory, which can be a bad thing, but there is a solution.
By a show of hands, how many of you like to reboot your servers? I don’t see any hands.
Long uptimes are impressive, aren’t they? It makes you one of the cool kids to brag about your 853-day uptime on a production system. What’s not so cool is that your users like to use
/tmp as their personal dumping ground without regard for the overall system’s health, or your uptime bragging rights. And rebooting doesn’t get rid of user files, only system ones—even that relief is temporary until services restart and users open applications.
Note: An exception to not deleting user temp files after a reboot is to enable
tmp.mount, but that’s a topic for a different article. Plus, there are system housekeeping scripts in place for RHEL 7 and later.
It’s impossible to force users to comply with the policy of removing files from the
/tmp directory in a timely manner. So, what’s a frustrated system administrator to do when you have dozens, hundreds, or even thousands of
/tmp directories and users to deal with? The answer is to deploy user file housekeeping scripts.
You can create housekeeping scripts and place them in
crontab to periodically remove user files from the
/tmp directory. It’s an unfortunate but necessary service to provide for your users. Most seasoned system administrators will tell you that you shouldn’t remove files from
/tmp unless you know that they’re not being used, though. That’s good advice. Some services write lock files to
/tmp, some applications use it, and users use it. So, how do you determine which files your housekeeping script can sweep away without any issue?
How about filtering files by last accessed time? It’s a good choice if you have a time limit on files left in
/tmp. For example, if you warn your users that files left in the
/tmp directory will be removed if they haven’t been accessed in two days, on a rolling basis, they should take notice. Using the last accessed time for user files solves the problem if you also exclude files owned by the root user. For example, use:
find /tmp -type f \( ! -user root \) -atime +2
This script displays all files in the
/tmp directory not owned by root that have been accessed more than two days ago. Now to add the command’s removal switch:
find /tmp -type f \( ! -user root \) -atime +2 -delete
Copy that text into a file, make it executable, and create a
crontab entry that runs this script every eight hours. For example, you might add this to your
* */8 * * * /opt/scripts/tmp.clean.sh
This script and schedule ensure that your
/tmp directory is kept relatively free of garbage. It isn’t foolproof, however. If a user decides to dump a huge amount of data into the
/tmp directory, this action can cause other problems, such as not being able to log into the system via SSH.
/tmp directory isn’t easy. Users love to dump files into
/tmp and leave them there indefinitely. Fortunately, for repeat offenders, there’s always the possibility of locking their account or sending a strongly worded email about losing access to a system until the matter is cleared through their manager. These tactics usually get the user’s attention and further offenses are rare.