mktemp

Create an empty temporary file and print its absolute path

$ mktemp

$ mktemp -p /[path/to/tempdir]

$ mktemp [/tmp/example.XXXXXXXX]

$ mktemp -t [example.XXXXXXXX]

$ mktemp -d

mktemp [OPTION]... [TEMPLATE]

If TEMPLATE is not specified, tmp.XXXXXXXXXX is used by default. TEMPLATE must contain at least three consecutive 'X's.

-d, --directory
    Create a directory instead of a file. This is useful for storing multiple temporary files together.

-u, --dry-run
    Do not create anything; merely print a temporary name that would be used. Useful for testing or generating names without immediate creation.

-q, --quiet
    Suppress diagnostics about file or directory creation failure. Useful in scripts where errors are handled programmatically.

-p, --tmpdir[=DIR]
    Interpret TEMPLATE relative to a specified DIR, or the directory indicated by the TMPDIR environment variable if DIR is not provided. If TMPDIR is not set, /tmp is used.

--suffix=SUFF
    Append SUFF to TEMPLATE. The TEMPLATE should still end with 'X's and the suffix will be added after the random characters.

--help
    Display a help message and exit.

--version
    Output version information and exit.

The mktemp command provides a secure and reliable way to create temporary files or directories in shell scripts and programs. It addresses a common security vulnerability: race conditions that can occur when multiple processes try to create temporary files simultaneously, or when a predictable temporary file name is used. Instead of generating a predictable name, mktemp takes a template (e.g., /tmp/myfile.XXXXXXXX) and replaces the 'X' characters with a random string, ensuring a unique and unpredictable name. It then atomically creates the file or directory with appropriate permissions, preventing other processes from creating a file with the same name between the time it's chosen and created. By default, mktemp creates a file; however, the -d option allows it to create a directory. The name of the successfully created file or directory is printed to standard output, making it easy to capture and use in scripts. This robust approach is crucial for writing secure and stable shell scripts.

• Shell Expansion: The TEMPLATE passed to mktemp is not expanded by the shell. Any shell variables in the template must be expanded before passing the argument to mktemp.
• Post-Creation Vulnerabilities: While mktemp itself is secure, it only guarantees that the file/directory is uniquely created. If the script then changes permissions or moves the file insecurely after mktemp returns, vulnerabilities can still arise.
• Template 'X's: The TEMPLATE must contain at least three consecutive 'X' characters. Fewer 'X's might result in an error or insufficient uniqueness.
• Cleanup: mktemp does not automatically remove the created temporary file or directory. It is the responsibility of the calling script or program to ensure proper cleanup, typically using rm or rmdir.

The created temporary file or directory name is printed to standard output. Scripts should capture this output (e.g., TEMP_FILE=$(mktemp)) for subsequent use.

• 0: Success.
• >0: An error occurred (e.g., invalid template, insufficient permissions, failed creation).

The TMPDIR environment variable specifies the directory where temporary files and directories should be created if the -p option is used without a specific directory, or if no TEMPLATE is provided and the default /tmp location is overridden.

The concept of secure temporary file creation evolved to address critical security flaws found in older methods, such as simply using /tmp/predictable_name.$$. Early versions of mktemp(1) (not to be confused with the modern GNU mktemp) were prone to race conditions. The modern mktemp command, often part of GNU Coreutils, was developed to leverage the atomic and secure mechanisms provided by C library functions like mkstemp(3) and mkdtemp(3). This ensures that the process of generating a unique name and creating the file/directory is indivisible, thus eliminating race conditions and preventing malicious exploitation. Its inclusion in standard Linux distributions made it a cornerstone for writing robust and secure shell scripts.

mkstemp(3), mkdtemp(3), tempfile(1), rm(1)