Linux 在 bash 中创建临时文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10982911/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Creating temporary files in bash
提问by Strapakowsky
Are there objectively better ways to create temporary files in bash scripts?
客观上是否有更好的方法在 bash 脚本中创建临时文件?
I normally just name them whatever comes to my mind, such as tempfile-123, since it will be deleted when the script is over. Is there any disadvantage in doing this other than overwriting a possible tempfile-123 in current folder? Or is there any advantage in creating a temporary file in a more careful way?
我通常只是将它们命名为我想到的任何名称,例如 tempfile-123,因为它会在脚本结束时被删除。除了覆盖当前文件夹中可能的 tempfile-123 之外,这样做还有什么缺点吗?或者以更谨慎的方式创建临时文件有什么好处?
采纳答案by kojiro
The mktemp(1)man page explains it fairly well:
该mktemp(1)手册页解释了它相当好:
Traditionally, many shell scripts take the name of the program with the pid as a suffix and use that as a temporary file name. This kind of naming scheme is predictable and the race condition it creates is easy for an attacker to win. A safer, though still inferior, approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead.
传统上,许多 shell 脚本采用带有 pid 的程序名称作为后缀,并将其用作临时文件名。这种命名方案是可预测的,它创建的竞争条件很容易让攻击者获胜。一种更安全但仍然较差的方法是使用相同的命名方案创建一个临时目录。虽然这确实可以保证临时文件不会被破坏,但它仍然允许简单的拒绝服务攻击。由于这些原因,建议改用 mktemp。
In a script, I invoke mktemp something like
在脚本中,我调用 mktemp 之类的东西
mydir=$(mktemp -d "${TMPDIR:-/tmp/}$(basename > mktemp
/tmp/tmp.xx4mM3ePQY
>
).XXXXXXXXXXXX")
which creates a temporary directory I can work in, and in which I can safely name the actual files something readable and useful.
这会创建一个我可以在其中工作的临时目录,我可以在其中安全地将实际文件命名为可读且有用的内容。
mktempis not standard, but it does exist on many platforms. The "X"s will generally get converted into some randomness, and more will probably be more random; however, some systems (busybox ash, for one) limit this randomness more significantly than others
mktemp不是标准的,但它确实存在于许多平台上。“X”通常会被转换成一些随机性,更多可能会更随机;然而,一些系统(busybox ash,例如)比其他系统更显着地限制了这种随机性
By the way, safe creation of temporary files is important for more than just shell scripting. That's why python has tempfile, perl has File::Temp, ruby has Tempfile, etc…
顺便说一句,安全创建临时文件不仅对 shell 脚本很重要。这就是为什么 python 有tempfile, perl 有File::Temp, ruby 有Tempfile等等......
回答by John Lawrence
You might want to look at mktemp
你可能想看看 mktemp
The mktemp utility takes the given filename template and overwrites a portion of it to create a unique filename. The template may be any filename with some number of 'Xs' appended to it, for example /tmp/tfile.XXXXXXXXXX. The trailing 'Xs' are replaced with a combination of the current process number and random letters.
mktemp 实用程序采用给定的文件名模板并覆盖其中的一部分以创建唯一的文件名。模板可以是任何文件名并附加一些“X”,例如 /tmp/tfile.XXXXXXXXXX。尾随的“X”被替换为当前进程号和随机字母的组合。
For more details: man mktemp
欲知更多详情:man mktemp
回答by Paul
回答by kenorb
Is there any advantage in creating a temporary file in a more careful way
以更谨慎的方式创建临时文件有什么好处
The temporary files are usually created in the temporary directory (such as /tmp) where all other users and processes has read and write access (any other script can create the new files there). Therefore the script should be careful about creating the files such as using with the right permissions (e.g. read only for the owner, see: help umask) and filename should be be not easily guessed (ideally random). Otherwise if the filenames aren't unique, it can create conflict with the same script ran multiple times (e.g. race condition) or some attacker could either hiHyman some sensitive information (e.g. when permissions are too open and filename is easy to guess) or create/replacing the file with their own version of the code (like replacing the commands or SQL queries depending on what is being stored).
临时文件通常/tmp在所有其他用户和进程具有读写访问权限的临时目录(例如)中创建(任何其他脚本都可以在那里创建新文件)。因此,脚本应该小心创建文件,例如使用正确的权限(例如,所有者只读,请参阅help umask:)并且文件名应该不容易被猜到(理想情况下是随机的)。否则,如果文件名不是唯一的,它可能会与多次运行的同一个脚本产生冲突(例如竞争条件) 或者一些攻击者可以劫持一些敏感信息(例如,当权限太开放并且文件名很容易猜测时)或用他们自己的代码版本创建/替换文件(例如根据正在发生的事情替换命令或 SQL 查询)存储)。
You could use the following approach to create the temporary directory:
您可以使用以下方法来创建临时目录:
TMPFILE=".${0##*/}-$$" && touch "$TMPFILE"
or temporary file:
或临时文件:
$ diff <(echo hello world) <(echo foo bar)
However it is still predictable and not considered safe.
然而,它仍然是可预测的,不被认为是安全的。
As per man mktemp, we can read:
根据man mktemp,我们可以阅读:
Traditionally, many shell scripts take the name of the program with the pid as a suffix and use that as a temporary file name. This kind of naming scheme is predictable and the race condition it creates is easy for an attacker to win.
传统上,许多 shell 脚本采用带有 pid 的程序名称作为后缀,并将其用作临时文件名。这种命名方案是可预测的,它创建的竞争条件很容易让攻击者获胜。
So to be safe, it is recommended to use mktempcommand to create unique temporary file or directory (-d).
所以为了安全起见,建议使用mktemp命令来创建唯一的临时文件或目录 ( -d)。
回答by Barry Jones
mktempis probably the most versatile, especially if you plan to work with the file for a while.
mktemp可能是最通用的,特别是如果您打算使用该文件一段时间。
You can also use a process substitution operator<()if you only need the file temporarily as input to another command, e.g.:
如果您只需要临时将该文件作为另一个命令的输入,您也可以使用进程替换运算符<(),例如:
