What are these files in my /tmp directory?

Discussion in 'Linux VPS/Dedicated - cPanel' started by LeMarque, Feb 18, 2009.

  1. LeMarque

    LeMarque Member

    I have about 50+ files that look like:

    sess_47804d320a001987100012030453998

    Most of them are empty but a few - nobody and a client site - have random characters.

    Also, there are about 2 dozen dirs in /tmp that look like:

    rcsQR1JFQ/

    Are these safe to delete and where did they come from?

    TIA
     
  2. mylinear

    mylinear Member

    The sess_* files store PHP session data. These should be deleted by the PHP scripts itself or based on PHP system settings after a specified time. Some of the files with 0 bytes seems to be created by system processes.

    You must have some program running that creates the rcs directories. Programs such as SpamAssassin etc also create temporary directories to store data.
     
  3. LeMarque

    LeMarque Member

    Thanks mylinear

    I was thinking they were php session files but wondered why they were/are not being deleted.

    //edit

    Well I put on my spectacles and noticed the rcs files are from 10/08 so are many of the session files with some of recent date.
     
  4. Dan

    Dan Moderator

    Hello LeMarque,

    I see the same thing with session files not being deleted all the time. On my system they're created by Squirrelmail not that there is much relevance there. I run a script via cron to delete files from my /tmp directory if they have not been accessed in the last day.

    I have seen directories with names like those be created when I switch the PHP handler from say cgi to suPHP and/or back again. I normally run in cgi mode and have removed those folders with no adverse effects so perhaps suPHP mode creates and uses them, I'm not sure.
     
  5. LeMarque

    LeMarque Member

    Hi Dan

    So with an App like Joomla!, mysql will write session files to /tmp ?

    Also, please explain is /tmp and /var/tmp the same?

    And <sheesh this guy asks a lot of questions> when I run ls -ld /tmp I get;

    drwxrwxrwt 51 root root 24576 Feb 19 16:20 /tmp/ - which is because I'm logged in a root; correct?

    cPanel/WHM has a script that can be run called, appropriately, securetmp. Any experience with this?

    Just being my paranoid self...
     
  6. Dan

    Dan Moderator

    Heya LeMarque,

    For me Joomla doesn't. Only my serverwide install of Squirrelmail which seems odd since my serverwide install of Roundcube does not do it. I have Joomla on one of my domains and have no problems with session files on it at all.

    I had to Google this one ;) Files in the /var/tmp directory are persistent through a reboot and files in the /tmp directory are not. The files in these two folders should not be the same. I only have a symlink to mysql.sock in the /var/tmp folder.

    I'm not sure what the question really is here. You're asking for a detailed list of directories for the /tmp directory and that's what you're getting lol. If you want a list of files in the /tmp directory try using "ls -l /tmp".

    I do not think that this works on VPSs. I just tried and it wouldn't and I have also seen forum posts to that effect.

    There are numerous tutorials out there for securing a cPanel VPS just search on that phrase :) Also I highly recommend CSF if you're not using a firewall. It also has a "check server security" function in it's WHM interface that is very handy.

    Hope that helps!
     
  7. Dan

    Dan Moderator

    I'd guess that the session files you're seeing are from people logging into cPanel's webmail but just closing the window when they're done and not hitting log out.

    They may even be plain text, try looking at one and see what it says because you might just find your culprit ;)

    I can help you to come up with a script to delete them daily if you'd like too.
     
  8. LeMarque

    LeMarque Member

    At your convience.

    Thanks - it helped
     
  9. Dan

    Dan Moderator

    It needs to be world writeable for a web server

    Code:
    find /tmp -type f -maxdepth 1 -atime +0 | xargs rm -f
    That will find files in the /tmp folder that have not been accessed for 24 hours and delete them. Just add it to your crontab and have it run once a day.
     

Share This Page