What are these files in my /tmp directory?

LeMarque

Member
I have about 50+ files that look like:

sess_47804d320a001987100012030453998

Most of them are empty but a few - nobody and a client site - have random characters.

Also, there are about 2 dozen dirs in /tmp that look like:

rcsQR1JFQ/

Are these safe to delete and where did they come from?

TIA
 

mylinear

Member
The sess_* files store PHP session data. These should be deleted by the PHP scripts itself or based on PHP system settings after a specified time. Some of the files with 0 bytes seems to be created by system processes.

You must have some program running that creates the rcs directories. Programs such as SpamAssassin etc also create temporary directories to store data.
 

LeMarque

Member
Thanks mylinear

I was thinking they were php session files but wondered why they were/are not being deleted.

//edit

Well I put on my spectacles and noticed the rcs files are from 10/08 so are many of the session files with some of recent date.
 

Dan

Moderator
Hello LeMarque,

I see the same thing with session files not being deleted all the time. On my system they're created by Squirrelmail not that there is much relevance there. I run a script via cron to delete files from my /tmp directory if they have not been accessed in the last day.

I have seen directories with names like those be created when I switch the PHP handler from say cgi to suPHP and/or back again. I normally run in cgi mode and have removed those folders with no adverse effects so perhaps suPHP mode creates and uses them, I'm not sure.
 

LeMarque

Member
Hi Dan

So with an App like Joomla!, mysql will write session files to /tmp ?

Also, please explain is /tmp and /var/tmp the same?

And <sheesh this guy asks a lot of questions> when I run ls -ld /tmp I get;

drwxrwxrwt 51 root root 24576 Feb 19 16:20 /tmp/ - which is because I'm logged in a root; correct?

cPanel/WHM has a script that can be run called, appropriately, securetmp. Any experience with this?

Just being my paranoid self...
 

Dan

Moderator
Heya LeMarque,

So with an App like Joomla!, mysql will write session files to /tmp ?
For me Joomla doesn't. Only my serverwide install of Squirrelmail which seems odd since my serverwide install of Roundcube does not do it. I have Joomla on one of my domains and have no problems with session files on it at all.

Also, please explain is /tmp and /var/tmp the same?
I had to Google this one ;) Files in the /var/tmp directory are persistent through a reboot and files in the /tmp directory are not. The files in these two folders should not be the same. I only have a symlink to mysql.sock in the /var/tmp folder.

when I run ls -ld /tmp I get;

drwxrwxrwt 51 root root 24576 Feb 19 16:20 /tmp/ - which is because I'm logged in a root; correct?
I'm not sure what the question really is here. You're asking for a detailed list of directories for the /tmp directory and that's what you're getting lol. If you want a list of files in the /tmp directory try using "ls -l /tmp".

cPanel/WHM has a script that can be run called, appropriately, securetmp. Any experience with this?
I do not think that this works on VPSs. I just tried and it wouldn't and I have also seen forum posts to that effect.

There are numerous tutorials out there for securing a cPanel VPS just search on that phrase :) Also I highly recommend CSF if you're not using a firewall. It also has a "check server security" function in it's WHM interface that is very handy.

Hope that helps!
 

Dan

Moderator
I'd guess that the session files you're seeing are from people logging into cPanel's webmail but just closing the window when they're done and not hitting log out.

They may even be plain text, try looking at one and see what it says because you might just find your culprit ;)

I can help you to come up with a script to delete them daily if you'd like too.
 

LeMarque

Member
Heya LeMarque,



For me Joomla doesn't. Only my serverwide install of Squirrelmail which seems odd since my serverwide install of Roundcube does not do it. I have Joomla on one of my domains and have no problems with session files on it at all.

Well I'm going to delete them since they date back to 10/08 and keep an eye on the folder

I had to Google this one ;) Files in the /var/tmp directory are persistent through a reboot and files in the /tmp directory are not. The files in these two folders should not be the same. I only have a symlink to mysql.sock in the /var/tmp folder.

I'll check again, but they looked identical


I'm not sure what the question really is here. You're asking for a detailed list of directories for the /tmp directory and that's what you're getting lol. If you want a list of files in the /tmp directory try using "ls -l /tmp".

Dunno; thought /tmp shouldn't be writeable

I do not think that this works on VPSs. I just tried and it wouldn't and I have also seen forum posts to that effect.

mmmphh

There are numerous tutorials out there for securing a cPanel VPS just search on that phrase :) Also I highly recommend CSF if you're not using a firewall. It also has a "check server security" function in it's WHM interface that is very handy.

Been using CSF forever. I also use their http://www.configserver.com/cp/cse.html Which is how I discovered those files

Hope that helps!
I can help you to come up with a script to delete them daily if you'd like too.
At your convience.

Thanks - it helped
 

Dan

Moderator
Dunno; thought /tmp shouldn't be writeable
It needs to be world writeable for a web server

Code:
find /tmp -type f -maxdepth 1 -atime +0 | xargs rm -f
That will find files in the /tmp folder that have not been accessed for 24 hours and delete them. Just add it to your crontab and have it run once a day.
 
Top