The existence of both /tmp and /var/tmp dates back to early Unix systems where /var was introduced to separate variable data from the root filesystem. The original Filesystem Hierarchy Standard (FHS) specified this distinction:
# Traditional Unix layout
/
├── tmp # Temporary files cleared at reboot
└── var
└── tmp # Temporary files preserved across reboots
Modern Linux implementations maintain several critical distinctions:
- Persistence: /tmp is often mounted as tmpfs (in-memory) and cleared on reboot, while /var/tmp persists across reboots
- Cleanup Policies: Systemd's tmpfiles.d sets different expiration:
# /usr/lib/tmpfiles.d/tmp.conf D /tmp 1777 root root 10d D /var/tmp 1777 root root 30d - Performance: /tmp (when tmpfs) offers faster I/O but limited by RAM
Use /tmp when:
# Good for short-lived processing files
import tempfile
with tempfile.NamedTemporaryFile(dir='/tmp') as tmp:
tmp.write(b'Processing data...')
process_file(tmp.name)Use /var/tmp when:
# Better for large downloads or intermediate builds
wget -P /var/tmp https://example.com/large-file.iso
sha256sum /var/tmp/large-file.isoBoth directories should use sticky bit (1777 permissions):
chmod 1777 /tmp /var/tmp
ls -ld /tmp /var/tmp
# drwxrwxrwt 10 root root 4096 Mar 1 12:00 /tmp
# drwxrwxrwt 8 root root 4096 Mar 1 11:30 /var/tmpAvoid world-writable files in production systems. For sensitive applications:
# Create private temp dir
PRIVATE_TMP=$(mktemp -d /var/tmp/secure-XXXXXX)
chmod 700 "$PRIVATE_TMP"For custom cleanup policies in /etc/tmpfiles.d:
# /etc/tmpfiles.d/custom.conf
# Compress old files before deletion
d /tmp 1777 root root 7d
x /tmp/*.log
Z /tmp/*.logFor Docker/container environments:
# docker-compose.yml
services:
app:
volumes:
- type: tmpfs
target: /tmp
tmpfs:
size: 1000000000The presence of both /tmp and /var/tmp dates back to the Unix Filesystem Hierarchy Standard (FHS). Originally, /var was introduced to separate variable data (logs, spools, temp files) from the root filesystem. This separation became crucial when root filesystems were often small and mounted read-only.
Here's what every Linux developer should know about their distinct behaviors:
# Check default cleanup settings on RHEL/CentOS
cat /usr/lib/tmpfiles.d/tmp.conf
# Output typically shows:
# /tmp 1777 root root 10d
# /var/tmp 1777 root root 30d
| Directory | Storage Duration | Reboot Behavior | Typical Use Cases |
|---|---|---|---|
| /tmp | 10 days (varies by distro) | May be cleared on reboot | Short-lived IPC, lock files |
| /var/tmp | 30 days (varies by distro) | Persists across reboots | Installers, downloaded packages |
When writing applications that need temporary storage:
# Python example with proper cleanup
import tempfile
import os
# For truly temporary files (prefer /tmp)
with tempfile.NamedTemporaryFile(delete=True) as tmp:
tmp.write(b'Transient data')
# File auto-deletes when closed
# For persistent temporary files
persistent_path = '/var/tmp/appname_{}.tmp'.format(os.getpid())
try:
with open(persistent_path, 'w') as f:
f.write('Data surviving reboots')
finally:
# Explicit cleanup is developer's responsibility
if os.path.exists(persistent_path):
os.unlink(persistent_path)
In modern systems, you might encounter these configurations:
/tmpoften mounted as tmpfs (in-memory)/var/tmpusually on physical storage- Cloud instances may symlink
/tmpto/var/tmp
Verify your environment with:
df -h /tmp /var/tmp
findmnt -T /tmp
Both directories are world-writable (mode 1777), but:
ls -ld /tmp /var/tmp
# drwxrwxrwt 10 root root 4096 Jun 15 10:00 /tmp
# drwxrwxrwt 14 root root 4096 Jun 1 09:00 /var/tmp
The sticky bit (t) prevents users from deleting others' files. Consider these security practices:
- Always set restrictive permissions on created files (0600 for sensitive data)
- Use mkstemp() instead of predictable filenames
- Validate file paths don't contain symlinks when security-critical