Shehbaz Jaffer Shehbaz Jaffer - 2 months ago 11
Linux Question

Why do we need mktemp?

I do not understand the function of

mktemp
and what a temporary file means.

Whats the difference between say
touch xyz
and
mktemp xyz
(apart from the fact that
mktemp
will create some file with xxx appended to it and will have 600 permissions?)

Please clarify.

Answer

mktemp randomizes the name. It is very important from the security point of view.

Just imagine that you do something like:

echo something > /tmp/temporary-file

in your root-running script.

And someone (who has read your script) does

ln -s /etc/passwd /tmp/temporary-file

before.

The mktemp command could help you in this situation:

TEMP=$(mktemp /tmp/temporary-file.XXXXXXXX)
echo something > ${TEMP}

Now this ln /etc/passwd attack will not work.