≡ Menu

How to: create a temporary file securely

Q. How do I create a temporary file securely under UNIX Bash shell?

A. There are many ways:
[a] mktemp command - make temporary unique filename

[b] $RANDOM - Use $RANDOM variable

mktemp command

From the man page:

The mktemp utility takes the given filename template and overwrites a portion of it to create a unique filename. The template may be any filename with some number of ‘Xs’ appended to it, for example /tmp/tfile.XXXXXXXXXX.

For example, create a temporary file:
$ mktemp /tmp/output.XXXXXXXXXX


Send ls command output to /tmp/output.qBYDtF7199:
$ ls > /tmp/output.qBYDtF7199
However, you may need to store temporary file name /tmp/output.qBYDtF7199 to a shell variable:
TMPFILE=$(mktemp /tmp/output.XXXXXXXXXX)

Create a temporary directory

The -d option makes a directory instead of a file.
TMPDIR=$(mktemp -d /tmp/output.XXXXXXXXXX)
# do something

Another example:

TMPFILE=‘mktemp -t /tmp/out.myapp.XXXXXXXXXX‘ && {
    # Safe to use $TMPFILE in this block
    echo data > $TMPFILE
   # do something
   # clean up
    rm -f $TMPFILE

Using $RANDOM variable

Bash also provide $RANDOM variable with random value, you can use the same to create a file or directory:

# create directory
mkdir $TEMDIR
# do something...
Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 2 comments… add one }

  • matej November 30, 2007, 1:27 pm

    do not ever use $RANDOM for creating files or directories…! mktemp can create also a directory if you use -d option. the “mkdir somethin” (where something can be $RANDOM or whatever else) suffers from race conditions. what would you do if directory was already there and not owned by you? with mktemp -d you have no problems.

  • nixCraft November 30, 2007, 2:41 pm


    Actually, I talked about -d option, but forgot to type -d.

    I appreciate your post.

Leave a Comment