Agent Socket Directory

Tim McGarry tim at
Thu Mar 20 08:58:59 EST 2003

I like the idea of using /var/run it's definately where it _should_ be.

But, /tmp has already been used for some time and I see no actual advantage
in changing it at this stage, so leave it where it always was.

One email on this subject suggested using $TMPDIR, what a bad idea, if
people are given the choice, at least some of them will choose a place that
isn't safe.

The one thing I'd like to see is support for defining where an agent gets
forwarded to, or perhaps supporting some way of making sure it gets created
at the same place as the last session (eg convert the socket to a normal
file on exit, an then back to a socket the next time the user connects with
a forwarded agent) , this would be particularly useful when forwarding the
agent to a host, starting a bunch of stuff (eg screen/vnc sessions) and then
disconnecting/reconnecting repeatably. I do this with VNC and have been
forced to write a script to create hard links with the appropriate
permissions from where the agent was before, to where it is now.

Tim McGarry.

----- Original Message -----
From: "Mark Janssen" <maniac at>
To: "imacat" <imacat at>
Cc: <openssh-unix-dev at>
Sent: Wednesday, March 19, 2003 11:33 AM
Subject: Re: Agent Socket Directory

> On Wed, 2003-03-19 at 06:04, imacat wrote:
> >     Is it possible to move agent sockets to directories other than /tmp?
> > For ex., move to /var/run/ssh?
> ...
> > PID files and sockets should always go to /var/run.  I understand that
> > it is not possible for an ordinary user to write to /var/run, but it is
> > possible to create a subdirectory under /var/run that has the permission
> > of 1777.  Besides, I hate to see a lot of annoying things in /tmp.  It
> Isn't that just moving the problem (to /var/run) and making it bigger in
> the process, since there will then be _another_ world writable
> directory, and in /var this time. I'd rather have only 1 world writable
> directory, /tmp, which I can put in it's own filesystem.
> --
> Mark Janssen -- maniac(at) -- GnuPG Key Id: 357D2178
> Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
> Unix-God.Net|Org|nl|nl
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

More information about the openssh-unix-dev mailing list