On 11/29/2011 05:20 PM, clemens fischer wrote:
With tmpwatch one gets to choose files not accessed or modified for a certain period, and it needs no config file. Arch-tmpfiles, OTOH, would require such a thing.
Then again, a simple "find<some-dirs> -atime +<time-spec> -exec /bin/rm '{}' +" does about the same as tmpwatch.
Use -execdir instead, for security reasons (to protect against race conditions at least a little bit better). Or even better, just use -delete, which is built into find and also does everything to make the command able to delete long-unaccessed directories too. Still, for something this sensitive to mistakes*, I'd be more likely to trust a command made specifically for the purpose. For example, web search found me a tmpwatch man-page that says various things it's careful about: "When changing directories, tmpwatch is very sensitive to possible race conditions and will exit with an error if one is detected. It does not follow symbolic links in the directories it's cleaning (even if a symbolic link is given as its argument), will not switch filesystems, and only removes empty directories and regular files." ... and I think there's more. (disclosure: I don't need it personally, as tmpfs /tmp meets my needs.) -Isaac * at least: shared /tmp is a bit of a security disaster ; programs like X keep socket-type files there ; perhaps more: how many people know all of these parts well enough to write robust generic /tmp-related code?