Questions[tmpwatch](server)

I would like to use tmpwatch to regularly clear out old unused files that build up in our /tmp directory. I'd prefer to use the default tmpwatch settings where files in /tmp are deleted only if they have not been accessed for the last 10 days. I don't want to blow away any files that could be in use.

However, on this particular server we use ClamAV to scan various directories on the server on a nightly basis -- including the /tmp folder. This resets the last accessed time on the file and prevents tmpwatch from clearing it out.

One solution would be to set tmpwatch to run at an interval shorter than 24 hours. However, I'd prefer not to do that because 1. a <24 hour window is very short and the file could still be in use and 2. /tmp is a common staging ground for hackers. I wouldn't want to blow away a hackers script or any evidence that we'd been hacked, before ClamAV has the opportunity to catch it and notify us.

Another solution would be to clear out files based upon their last modified timestamp, but again we could run into issues where files still in use are deleted (e.g., /tmp/mysql.sock).

Any ideas for resolving or working around this issue?

I have an application that unpacks an archive into /tmp, restoring the extracted files' modification and access times. Sometimes these files and the enclosing archive are many years old. After the files are extracted (sometimes many minutes or hours later), the unpacking software will selectively use/modify some of the files. Once its done, the application will remove the extracted files/tree. This operation can happen any time of the day (e.g., at times when tmpwatch is run by cron).

Every so often, the application will freak out because it can't find a file that it knows it has recently unpacked. What I think is happening is that tmpwatch is descending into the unpacked tree after when atime/mtime is adjusted (by unzip or tar that is driven by the application) to the distant past but before the application can access the relevant file. Since tmpwatch is by default looking at atime, it thinks the file is decrepit and removes it.

Arguably, the unpacking could be done elsewhere or the application could use appropriate flags to not reset the timestamps to the past. However, neither of those approaches is viable for various reasons.

I think I might be able to modify the tmpwatch cron script to take all of this into consideration (and make the most conservative decision regarding removing the files) by specifying the --ctime argument as well as --mtime (and the previously implied --atime). I'm a bit confused by the term "maximum of these times" used in the tmpwatch man page, though -- my initial reading (until I looked at the C source and thought otherwise) was that it took the maximum of the differences (meaning that it was more liberal in removing things). Does it actually mean "latest of these times" (and thus tmpwatch will leave alone files that were just unpacked as their inode was only recently touched)?

I'm a little confused. I have a download directory that I want to remove all files older then 30 days with tmpreaper. Just one problem, the directory in question is a separate partition with a lost+found directory, of course I need to keep it so I added --protect 'lost+found', the problem is that tmpreaper outputs:

error: chdir() to directory 'lost+found' (inode 11) failed: Permission denied
(PID 30604) Back from recursing down `lost+found'.
Entry matching `--protect' pattern skipped. `lost+found'

I have tried with other pattern like lost* and so on... I'm running tmpreaper as a non-root user because there is no reason for superuser privileges because I own all files (except lost+found).

Are I'm forced to run tmpreaper as root? Or are my shell-skills not as good as I thought? I guess the problem is:

tmpreaper  will  chdir(2) into each of the directories you've 
specified for cleanup, and check for files matching the 
<shell_pattern> there.  It then builds a list of them,  and
uses that to protect them from removal.

Any thought and/or advice?

The command I'm trying to run is something like

$ /usr/sbin/tmpreaper -t --protect 'lost+found' 30d /mydir 1> /dev/null
error: chdir() to directory `lost+found' (inode 11) failed: Permission denied

Edit:

Redmumba noticed that the return code is still zero, and the files are removed. I must have had some other issues before because nothing was removed when I wrote this post. Anyway it's working now, Thanks.

I know it clears out /tmp on reboots, but I haven't been able to find any sort of cron job on my server that clears /tmp. I recently set up a script that writes lots of files to /tmp and my server usually goes several months between reboots so I'm concerned about it being cluttered.

I've seen several other distros that have a tmpwatch script installed by default. Ubuntu's repository seems to have replaced tmpwatch with tmpreaper.

Is there any mechanism in place on Ubuntu (8.04 currently, soon to be upgraded to 10.04 when I get around to it) to clean up temp files on a server that doesn't regularly reboot or do I need to install tmpreaper?

I use centOS5, but these files of /tmp is deleted automatically when time passes. What kind of structure will this kill him in? In addition, How to stop this?