Differences between /tmp and /var/tmp

While reading an article today, I came across a pretty basic thing which I had never thought of before. Have you ever wondered what could possibly be the difference between /tmp and /var/tmp. Its not rocket science but there is still a fair chance that most of you linuxers might not be aware of this basic fact (just like me ).

As the name suggests, /tmp is to be used by the programs to save temporary data. They shouldn't expect the data to be preserved in the /tmp folder between the invocations of the program. According to the recommendation of the Filesystem Hierachy standard (FHS), the files and directories located in /tmp should be deleted whenever the system is booted.

Although the data stored in /tmp folder can be deleted in  a site-specific manner, most of the Linux based systems follow FHS standard now.

Since in most of the default installations the /tmp folder will be cleaned in every reboot. This is where /var/tmp comes in to play. Here, applications can expect their data to be preserved between reboots. In other words, data stored here is more persitant than /tmp.

How to set the deletion time interval of files in /tmp folder for Debian/ubuntu based systems?

You can always set the time interval for deletion by setting the variable TMPTIME in /etc/default/rcS. Open the file /etc/default/rcS and change the value of the variable TMPTIME to the number of days you want your data to survive /tmp. For example, a value 6 will ensure that only data older than 6 days will be deleted on reboot. A value of 0 means that clean the whole /tmp.

How to set the deletion time interval of files in /tmp folder in Fedora/RedHat based systems?

A important point to note is that not all data is deleted on boot here. You may want to check the scripts in /etc/cron.daily/tmpwatch and /etc/rc.d/rc.sysinit. In Fedora/RedHat based systems, you can't control the deletion time for /tmp data using a single variable, since it is controlled by cron you can configure it according to your needs.

Basically different Operating systems following the FHS model have different ways of handling deletion of data in /tmp folder. So, you might want to check out the respective OS documentation about how it handles it.

10 Comments

Meanasspenguin (not verified)
March 12th, 2010 07:42 am
This is a handy bit of knowledge. In fact, I've known several people that didn't even know about the existence of /var/tmp. I'd like to point out that it's important to remember that on systems which are publicly accessible (like web hosting servers), the /var/tmp should be equally as secured as /tmp. So, if some of the precautions you take (like loop mounting noexec to /tmp) - you might want to consider doing the same to /var/tmp.
Unix security geek (not verified)
January 8th, 2011 02:06 pm
The noexec mount option is not a security feature. http://www.mail-archive.com/bugtraq@securityfocus.com/msg00598.html
meanasspenguin (not verified)
January 8th, 2011 06:24 pm
noexec is a library for preventing process from doing exec system call. Plain and simple. It is a tool. It's effective in countering perl and php exploits that make their way into /tmp (commonly one of the few places which are writable by the apache webserver). In that respect it is a security feature.
lefty.crupps (not verified)
March 12th, 2010 06:55 pm
I've become very disappointed that /var/tmp/ holds some of my desktop settings; isn't this meant to be stored in my /home/ , as my account, without outside access if I choose?
Ridgeland (not verified)
March 12th, 2010 07:56 pm
I use Gnome. I checked /var/tmp and the only thing there is /var/tmp/kdecache-ridgeland Lot of layers under that for a greeting card program I looked at but dropped, stuck there forever I guess. I think it's a KDE issue, not a gnome issue.
Anon Linuxer (not verified)
January 8th, 2011 10:26 am
The title is the difference between /tmp and /var/tmp and you've only described what /tmp is.
Anon Linuxer (not verified)
January 8th, 2011 06:31 pm
This isn't Twitter. You're supposed to read all paragraphs before you hit "reply".
Ally (not verified)
January 8th, 2011 03:52 pm
The FHS model seems to be really bad for servers then.
meanasspenguin (not verified)
January 8th, 2011 06:24 pm
noexec is a library for preventing process from doing exec system call. Plain and simple. It is a tool. It's effective in countering perl and php exploits that make their way into /tmp (commonly one of the few places which are writable by the apache webserver). In that respect it is a security feature.
Unix security geek (not verified)
January 9th, 2011 04:40 am
But "perl /tmp/foo" will work if perl is executable. Security geeks must not only know about how stuff works but also the forgotten half of technology - how stuff doesn't work. Tons of people form security opinions/guesses without realising that.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <h1> <h2> <h3> <h4> <h5> <h6> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Image links with 'rel="lightbox"' in the <a> tag will appear in a Lightbox when clicked on.

More information about formatting options

Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.