4

I have application which during run-time generates interesting intermediate outputs to ./tmp directory.
At the end of execution this directory is deleted.
How can I preserve contents of it?

I do not have uid 0 on the system.
Therefor I can't intercept (block unlink) any I/O operations.
Currently I am stopping this app and cp contents of it.

Application is statically compiled therefor shared libraries + LD_PRELOAD wouldn't help. Application is using **./**tmp folder which is not related to any env variable.

Thanks for the replies.

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
user23364
  • 145
  • 4

2 Answers2

11

It could be using the value of TMPDIR or TEMPDIR environment variables. You could try setting this to a different directory and see if the program uses that instead. Perhaps it is a config setting.

If you're able to delete the /tmp directory or everything in in it, as a non-root user, then your permissions seem wrong.

The permissions I have on my system are:

drwxr-xr-x 26 root root 4096 2009-10-14 12:00 /
drwxrwxrwt 27 root root 12288 2009-10-19 16:10 /tmp

The / directory only allows root to delete top level directories and the sticky bit on /tmp only allows owners to delete their own files in /tmp. Obviously, you would need root to correct these problems.

Assuming it uses the unlink function to delete the files, you can create a small shared library that you preload, which overrides the system unlink function.

Create unlink.c containing:

int unlink(const char *pathname) {
   return 0; 
}

int unlinkat(int dirfd, const char *pathname, int flags) {
   return 0;
}

We also override the unlinkat function too in case it uses that. You can now run:

% gcc unlink.c --shared -o unlink.so
% file unlink.so
unlink.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), 
dynamically linked, not stripped
% touch foo
% LD_PRELOAD=./unlink.so rm foo
% ls foo 
foo

If you find that your program needs to delete other files, you can make your replacement functions more intelligent, by for example, checking the path that's being asked to be deleted.

David Pashley
  • 23,497
  • 2
  • 46
  • 73
2

Two thoughts come to mind:

  1. You can try to add the immutable flag to the directory. +i

    chattr +i /path/to/files/*

  2. If the program is a script, unlink the rm command for this user. Create an alias that 'does nothing' for rm:

    alias rm='echo'

I think the first would prevent the files from being deleted but would not happen automatically. The second would prevent the application from deleting any files, using the RM command at least. If it is using a filesystem call then you are going to have a hard time preventing deletion this way.

Dave Drager
  • 8,375
  • 29
  • 45