The
mktemp utility takes each of the given file name templates and overwrites a portion of it to create a file name. This file name is unique and suitable for use by the application. The template may be any file name with some number of ‘Xs' appended to it, for example
/tmp/temp.XXXX. The trailing ‘Xs' are replaced with the current process number and/or a unique letter combination. The number of unique file names
mktemp can return depends on the number of ‘Xs' provided; six ‘Xs' will result in
mktemp testing roughly 26 ** 6 combinations.
If
mktemp can successfully generate a unique file name, the file is created with mode 0600 (unless the
-u flag is given) and the filename is printed to standard output.
If the
-t prefix option is given,
mktemp will generate a template string based on the
prefix and the
TMPDIR environment variable, if set. The default location if
TMPDIR is not set is
/tmp. The default location of the temporary directory can be overridden with the
-p tmpdir option. The template string created will consist of the
prefix followed by a ‘.' and an eight character unique letter combination. ‘Xs' in the
prefix string will be treated as literal. If an additional
template argument is passed, a second file will be created. Care should be taken to ensure that it is appropriate to use an environment variable potentially supplied by the user.
Any number of temporary files may be created in a single invocation using multiple
template arguments, also a single one based on the internal template with the
-t option value as filename prefix.
At least one
template argument or the
-t option must be present.
mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the pid as a suffix and use that as a temporary file name. This kind of naming scheme is predictable and the race condition it creates is easy for an attacker to win. A safer, though still inferior, approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that
mktemp be used instead.