I was doing something recently that involved writing to a file in /tmp as both a user and root with xx = fopen (filename "a") in C and it creates a file either owned by the user or root and the permissions end up as -rw-r--r-- and previously this worked. But now it doesn't as whoever owns the file is the only one that can write to it and fopen fails otherwise, even root can't write to the user owned file.
/tmp is now owned by root:root, I'm not certain but iirc, it used to be user:user and when I changed it to that it worked as it had before.
If this is the new ownership scheme that's OK, then I can change the file permissions so everyone can write to it, but there is some change with permissions there that may be worth noting.
umask setting?
On my machine, /tmp is owned by root:root but everyone is allowed read/write permissions.
I think this is probably something I changed myself at some point for some reason but forgot about - then the filesystem update put it back to standard. I think the strange behaviour is perhaps due to the nosuid mount option:
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
but I don't get this with other ways of writing to a file:
/tmp$ echo hi>>somefile
/tmp$ sudo echo hi>>somefile
/tmp$ ls -l somefile
-rw-r--r-- 1 me me 6 Sep 18 06:03 somefile
/tmp$ cat somefile
hi
hi
And copying the C test binary to be a root owned one in /usr/local/bin still fails to fopen the user owned file as root.
This is how it works nowadays https://github.com/torvalds/linux/commit/30aba6656f (https://github.com/torvalds/linux/commit/30aba6656f)
The corresponding settings are
/usr/lib/sysctl.d/50-default.conf
fs.protected_regular = 1
fs.protected_fifos = 1
Create a file in /etc/sysctl.d/ to override it.
Thank you for the explanation - Wikipedia and even the man pages that talk about the sticky bit omit this. Using "r+" with fopen if the file exists is sufficient to resolve my problem, as "a" implied O_CREAT. I see why this behaviour is desirable though. And I probably shouldn't be using /tmp as a general dumping ground for testing anyway, but it's very useful to understand this when I do need to do things there.