/tmp filled with old files that I can't remove causing problems for Lynis

I’m having a bear of a problem with my system. One of the many issues is that /tmp is filled with files (hundreds of them) that I can’t seem to get rid of, and almost all of them are old files. I’m running Leap 15.3 (updated daily) on a Dell Desktop quad 3.4 core 16gb ram 2tb hard drive.

I’ve tried to change settings, but do not have a tmp.conf file (as mentioned in another old thread related to this issue). The reason why this is an issue: I’ve installed and ran Lynis (I’ve had some symptoms of possible hacking), and the /tmp directory files are raising red flags (maybe because of age).

How do I remove those old files without running the risk of causing more grief? I thought that they were to be removed on shut down or booting.

Thanks!

Bob

You say you can not remove them. But we have no idea what you tried. Thus how can we give advice on what goes wrong?

I would (as root) go to /tmp and remove them. That sounds as simple as it is, but apparently not for you?

cd /tmp
rm ...............

And cleaning /tmp on boot is something you must configure.
You can also make /tmp a tmp file system (in memery), then the contents will be removed on shutdown.

First thing I tried. I had to go through sudo to remove three files (which I recognized and which were readily removed), even though I was the creator/owner of the files. I was inaccurate in my original post - many of the ‘files’ are directories, which contain files or are in some way locked. I’m a little leery of using rm -R * (remove all recursively) in case there is some sort of link that will cause problems elsewhere (which I’d experienced a few years ago).

I use Gnome (“Classic” or whatever - the old style) and used to have a way to open a directory as administrator/root and remove files and folders that way. Now I can’t find it - but then, in the past few weeks a number of important programs and so on have become inoperable due to missing folders (and some programs have showed up that I DID NOT install).

I do appreciate the reply. I’ve been around computers since the early 80s (learned programming starting in 74) and have been using Linux since 2010, maybe earlier.

Bob

Removing a directory with it’s contents:

rm -rf ..........

I have no idea what you mean with “some way locked”. But when you want to let us understand what you do and what you see, you should show things. Thus do such an rm command and show us it and it’s output so that we see messages and all. Copy/paste between CODE tags in your post (the # button in the toolbar of the post editor).

We can not give any advice on vague stories. We can not look over your shoulder. SHOW!

ls of the /tmp folder:

20221116_020939-scantem.1e30744091
btrfs-defrag-plugin.1crFmm
btrfs-defrag-plugin.c2xhjF
btrfs-defrag-plugin.CfpHry
btrfs-defrag-plugin.D3pyKy
btrfs-defrag-plugin.h4fZJj
btrfs-defrag-plugin.jJychp
btrfs-defrag-plugin.Kd90Yb
btrfs-defrag-plugin.PbQ9iJ
btrfs-defrag-plugin.pNRG1r
btrfs-defrag-plugin.q4IMTS
btrfs-defrag-plugin.Qsaf7l
btrfs-defrag-plugin.Sr3eFH
btrfs-defrag-plugin.XT9UCD
btrfs-defrag-plugin.zWHEOj
evince-10234
evince-10772
evince-17680
evince-17765
evince-18433
evince-18436
evince-20436
evince-21168
evince-23891
evince-4627
evince-4675
evince-6799
evince-7186
evince-7285
evince-9707
ge10378
ge11119
ge11140
ge11498
ge11627
ge12929
ge13859
ge15692
ge15860
ge18227
ge20528
ge21176
ge21698
ge27851
ge29168
ge3109
ge4273
ge5207
ge6211
ge6523
ge6916
ge7486
ge7767
ge8441
ge8785
gimp
gnome-desktop-thumbnailer-NBK2U1
grilo-plugin-cache-1PH5U1
grilo-plugin-cache-2KKZ10
grilo-plugin-cache-3DQY10
grilo-plugin-cache-4TDZ10
grilo-plugin-cache-56ZY10
grilo-plugin-cache-5M57U1
grilo-plugin-cache-6BZY10
grilo-plugin-cache-6YN5U1
grilo-plugin-cache-76PY10
grilo-plugin-cache-8E47U1
grilo-plugin-cache-8ND5U1
grilo-plugin-cache-95DZ10
grilo-plugin-cache-9FOZ10
grilo-plugin-cache-9K0Y10
grilo-plugin-cache-BTYY10
grilo-plugin-cache-CPNZ10
grilo-plugin-cache-CTM5U1
grilo-plugin-cache-D5F5U1
grilo-plugin-cache-FBOY10
grilo-plugin-cache-FQV7U1
grilo-plugin-cache-G057U1
grilo-plugin-cache-GRZY10
grilo-plugin-cache-H8E5U1
grilo-plugin-cache-JQMZ10
grilo-plugin-cache-KC37U1
grilo-plugin-cache-LFH5U1
grilo-plugin-cache-LUPZ10
grilo-plugin-cache-N3U7U1
grilo-plugin-cache-N3V7U1
grilo-plugin-cache-N9KZ10
grilo-plugin-cache-NM27U1
grilo-plugin-cache-OI17U1
grilo-plugin-cache-POEZ10
grilo-plugin-cache-QSZY10
grilo-plugin-cache-RJM7U1
grilo-plugin-cache-SIW7U1
grilo-plugin-cache-VXT7U1
grilo-plugin-cache-WEV7U1
grilo-plugin-cache-XDMZ10
grilo-plugin-cache-Y6L5U1
grilo-plugin-cache-ZGYY10
hsperfdata_bob
lu10976h4dt5w.tmp
lu1123434a1lg.tmp
lu12579354z18.tmp
lu14616ac1t61.tmp
lu14785ippp1c.tmp
lu15469g2apr2.tmp
lu158325m5hj.tmp
lu16450iy1mdq.tmp
lu178718s7iz.tmp
lu18252uyz50n.tmp
lu2169075u1f.tmp
lu226861q54.tmp
lu23547f4sq3.tmp
lu25453ndiy75.tmp
lu3545iiuu46.tmp
lu44968mgmx.tmp
lu5398l418xw.tmp
lu5745kuvl7u.tmp
lu6003l56zt.tmp
lu7334anlo45.tmp
lu7619h6wo3o.tmp
lu76284pzohp.tmp
lu7673td6ay0.tmp
lu7706cg7uh4.tmp
lu7926xapdak.tmp
lu8001svy8x7.tmp
lu8056gvl2jz.tmp
lu8128ihw452.tmp
lu8246rguyue.tmp
lu8389qoaga1.tmp
lu84528mdnbd.tmp
lu8920ftil07.tmp
mesa_shader_cache
mozilla_bob0
MozillaMailnews
pid-10628
pid-10716
pid-11506
pid-11619
pid-11718
pid-12719
pid-12770
pid-14557
pid-14929
pid-16303
pid-17176
pid-19799
pid-19894
pid-21809
pid-25680
pid-26601
pid-27914
pid-30590
pid-31187
pid-3275
pid-3382
pid-3569
pid-4509
pid-4852
pid-5330
pid-5364
pid-6039
pid-6338
pid-6705
pid-7823
pid-8501
pid-8511
pid-8688
pid-8810
pid-8958
QGIS3-cPfjPg
QGIS3-dsKWbd
QGIS3-GeuzlD
QGIS3-GJgQpu
QGIS3-IbQqzD
QGIS3-jmyMZw
QGIS3-lIYJni
QGIS3-OdSDxx
QGIS3-qEFfOp
QGIS3-RItcMA
QGIS3-sNkNdJ
QGIS3-UIqjHy
QGIS3-UYrfiU
QGIS3-VlNTtM
QGIS3-xCTYjM
QGIS3-YcwWKX
QGIS3-yVsDYJ
QGIS3-ZIGLLg
run-crons.3DkOr1
run-crons.4pTOIw
run-crons.5zu3Nt
run-crons.6VlYtI
run-crons.cImqcQ
run-crons.CNEmp5
run-crons.D488LG
run-crons.gCavlz
run-crons.HL0SOk
run-crons.I0jW7h
run-crons.o4MZ4o
run-crons.okAPk0
run-crons.q4yKeN
run-crons.q9nZ4R
run-crons.S2r5kP
run-crons.V84aTw
run-crons.vGXLEb
run-crons.VOJaAX
run-crons.xgCNGX
run-crons.XnkCUQ
run-crons.y1pzJW
security_state
systemd-private-973d2a19f8b6405b92190ff178b15e4e-chronyd.service-tv2P3h
systemd-private-973d2a19f8b6405b92190ff178b15e4e-colord.service-rOySlg
systemd-private-973d2a19f8b6405b92190ff178b15e4e-ModemManager.service-R1DWDf
systemd-private-973d2a19f8b6405b92190ff178b15e4e-rtkit-daemon.service-a9Hycj
systemd-private-973d2a19f8b6405b92190ff178b15e4e-systemd-logind.service-PhqsBg
systemd-private-973d2a19f8b6405b92190ff178b15e4e-upower.service-UvCBgh
Temp-ad970cd1-5c9c-43d3-8cb1-cfed558ca4a8
tracker-extract-files.1000
tracker-extract-files.1002
YaST2-03498-G9BFmF
YaST2-03498-pGniLH
YaST2-03518-7ylwne
YaST2-03518-OoXQnb
YaST2-03595-X14if3
YaST2-03595-zhnkx3
YaST2-03677-cmqvKg
YaST2-03677-M7RBde
YaST2-03751-NMUlbO
YaST2-03751-yto1NN
YaST2-03798-1pVm0l
YaST2-03798-ieFn0n
YaST2-03807-eg6Pz2
YaST2-03807-NTxqu2
YaST2-03822-2TOADd
YaST2-03822-j1bPDa
YaST2-04293-ziSb3P
YaST2-06960-ilTFQr
YaST2-06960-NHfITt
YaST2-07411-o4fiZA
YaST2-07812-NFQG6U
YaST2-17530-fwvhqI
YaST2-17530-ZofpvK


I ran the command rm -rf *
Results:


rm: cannot remove 'btrfs-defrag-plugin.1crFmm': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.c2xhjF': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.CfpHry': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.D3pyKy': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.h4fZJj': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.jJychp': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.Kd90Yb': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.PbQ9iJ': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.pNRG1r': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.q4IMTS': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.Qsaf7l': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.Sr3eFH': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.XT9UCD': Operation not permitted
rm: cannot remove 'btrfs-defrag-plugin.zWHEOj': Operation not permitted
rm: cannot remove 'run-crons.3DkOr1': Operation not permitted
rm: cannot remove 'run-crons.4pTOIw': Operation not permitted
rm: cannot remove 'run-crons.5zu3Nt': Operation not permitted
rm: cannot remove 'run-crons.6VlYtI': Operation not permitted
rm: cannot remove 'run-crons.cImqcQ': Operation not permitted
rm: cannot remove 'run-crons.CNEmp5': Operation not permitted
rm: cannot remove 'run-crons.D488LG': Operation not permitted
rm: cannot remove 'run-crons.gCavlz': Operation not permitted
rm: cannot remove 'run-crons.HL0SOk': Operation not permitted
rm: cannot remove 'run-crons.I0jW7h': Operation not permitted
rm: cannot remove 'run-crons.o4MZ4o': Operation not permitted
rm: cannot remove 'run-crons.okAPk0': Operation not permitted
rm: cannot remove 'run-crons.q4yKeN': Operation not permitted
rm: cannot remove 'run-crons.q9nZ4R': Operation not permitted
rm: cannot remove 'run-crons.S2r5kP': Operation not permitted
rm: cannot remove 'run-crons.V84aTw': Operation not permitted
rm: cannot remove 'run-crons.vGXLEb': Operation not permitted
rm: cannot remove 'run-crons.VOJaAX': Operation not permitted
rm: cannot remove 'run-crons.xgCNGX': Operation not permitted
rm: cannot remove 'run-crons.XnkCUQ': Operation not permitted
rm: cannot remove 'run-crons.y1pzJW': Operation not permitted
rm: cannot remove 'systemd-private-973d2a19f8b6405b92190ff178b15e4e-chronyd.service-tv2P3h': Operation not permitted
rm: cannot remove 'systemd-private-973d2a19f8b6405b92190ff178b15e4e-colord.service-rOySlg': Operation not permitted
rm: cannot remove 'systemd-private-973d2a19f8b6405b92190ff178b15e4e-ModemManager.service-R1DWDf': Operation not permitted
rm: cannot remove 'systemd-private-973d2a19f8b6405b92190ff178b15e4e-rtkit-daemon.service-a9Hycj': Operation not permitted
rm: cannot remove 'systemd-private-973d2a19f8b6405b92190ff178b15e4e-systemd-logind.service-PhqsBg': Operation not permitted
rm: cannot remove 'systemd-private-973d2a19f8b6405b92190ff178b15e4e-upower.service-UvCBgh': Operation not permitted
rm: cannot remove 'tracker-extract-files.1002': Operation not permitted
rm: cannot remove 'YaST2-03498-G9BFmF': Operation not permitted
rm: cannot remove 'YaST2-03498-pGniLH': Operation not permitted
rm: cannot remove 'YaST2-03518-7ylwne': Operation not permitted
rm: cannot remove 'YaST2-03518-OoXQnb': Operation not permitted
rm: cannot remove 'YaST2-03595-X14if3': Operation not permitted
rm: cannot remove 'YaST2-03595-zhnkx3': Operation not permitted
rm: cannot remove 'YaST2-03677-cmqvKg': Operation not permitted
rm: cannot remove 'YaST2-03677-M7RBde': Operation not permitted
rm: cannot remove 'YaST2-03751-NMUlbO': Operation not permitted
rm: cannot remove 'YaST2-03751-yto1NN': Operation not permitted
rm: cannot remove 'YaST2-03798-1pVm0l': Operation not permitted
rm: cannot remove 'YaST2-03798-ieFn0n': Operation not permitted
rm: cannot remove 'YaST2-03807-eg6Pz2': Operation not permitted
rm: cannot remove 'YaST2-03807-NTxqu2': Operation not permitted
rm: cannot remove 'YaST2-03822-2TOADd': Operation not permitted
rm: cannot remove 'YaST2-03822-j1bPDa': Operation not permitted
rm: cannot remove 'YaST2-06960-ilTFQr': Operation not permitted
rm: cannot remove 'YaST2-06960-NHfITt': Operation not permitted
rm: cannot remove 'YaST2-07411-o4fiZA': Operation not permitted
rm: cannot remove 'YaST2-07812-NFQG6U': Operation not permitted
rm: cannot remove 'YaST2-17530-fwvhqI': Operation not permitted
rm: cannot remove 'YaST2-17530-ZofpvK': Operation not permitted

Now I’ll try using sudo

That time it got rid of everything in the folder. I’ll need to reboot to make sure that something crazy didn’t happen - which I’ve experienced before (several years ago). I just hope there weren’t any hidden symlinks or something like that which crash my system (previous experience).

If you hear back from me shortly, then you know that at least nothing crashed my system.

Above is not precisely what was meant by:

To make it clear, what was actually meant is for including all that you did, character for character, everything copied from the screen, without embellishment. e.g.:

**# ls -Ggh /tmp**
total 8.0K
drwxrwxrwt 2  80 Oct 22 17:06 .ICE-unix
drwxrwxrwt 2  40 Oct 22 17:06 .Test-unix
-r--r--r-- 1  11 Oct 22 17:06 .X0-lock
drwxrwxrwt 2  60 Oct 22 17:06 .X11-unix
drwxrwxrwt 2  40 Oct 22 17:06 .XIM-unix
drwxrwxrwt 2  40 Oct 22 17:06 .font-unix
-rw------- 1 195 Nov  6 01:50 HL5470DW_latest_print_info
srwxrwxrwx 1   0 Oct 22 17:06 dbus-675AxZMeQk
drwxrwxr-x 3  60 Nov  5 20:59 gimp
drwx------ 2 100 Nov  6 19:31 mc-root
drwx------ 2  40 Oct 23 14:39 runtime-root
drwx------ 2  60 Oct 22 17:06 ssh-546UM1P2pPwh
drwx------ 3  60 Oct 22 17:06 systemd-private-...-rtkit-daemon.service-bW0nlj
drwx------ 3  60 Oct 22 17:06 systemd-private-...-systemd-logind.service-frp4vi
drwx------ 3  60 Oct 22 17:06 systemd-private-...-systemd-timesyncd.service-RozXAh
#

If you redirect to a file, then before copying from the file, edit the file to include the command, so that everything that was on the screen got copied. If there is sensitive data among the output, remove it and indicate editing with “<filter>” in its place.

As @mrmazda said. We want to see things complete, including prompts and commands. Like

boven:~ # cd /tmp
boven:/tmp # ls -l
total 4
drwxrwxrwt 2 root root 60 Nov 17 08:23 .ICE-unix
drwxrwxrwt 2 root root 40 Nov 17 07:36 .Test-unix
-r--r--r-- 1 root root 11 Nov 17 07:36 .X0-lock
drwxrwxrwt 2 root root 60 Nov 17 07:36 .X11-unix
drwxrwxrwt 2 root root 40 Nov 17 07:36 .XIM-unix
drwxrwxrwt 2 root root 40 Nov 17 07:36 .font-unix
drwx------ 2 henk wij  40 Nov 17 08:26 Temp-04598237-2279-48ee-abf9-d180b79a3f68
drwx------ 2 henk wij  40 Nov 17 08:23 plasma-csd-generator.pOcPeg
drwx------ 2 henk wij  60 Nov 17 08:23 ssh-ruTXziQTNoZq
drwx------ 3 root root 60 Nov 17 07:36 systemd-private-5336c021b7d547fd865ddce2c900b1ab-apache2.service-47Q4yg
drwx------ 3 root root 60 Nov 17 07:36 systemd-private-5336c021b7d547fd865ddce2c900b1ab-chronyd.service-cQ27Ye
drwx------ 3 root root 60 Nov 17 08:23 systemd-private-5336c021b7d547fd865ddce2c900b1ab-power-profiles-daemon.service-7ZMOwf
drwx------ 3 root root 60 Nov 17 08:23 systemd-private-5336c021b7d547fd865ddce2c900b1ab-rtkit-daemon.service-JIK4uh
drwx------ 3 root root 60 Nov 17 07:36 systemd-private-5336c021b7d547fd865ddce2c900b1ab-systemd-logind.service-hmasTe
drwx------ 3 root root 60 Nov 17 08:23 systemd-private-5336c021b7d547fd865ddce2c900b1ab-upower.service-AUlzah
boven:/tmp #

And of course ls -l and not just ls. Only names do not say much about owners and permissions, directory or normal file. :frowning:

And indeed, I explained how to remove a directory with it’s contents where … was for the name of a directory. I have no idea why you did not try that on only one directory, but started to run havoc and used * to remove all and everything without first trying it on one directory.

Please check if, the systemd “Daily Cleanup of Temporary Directories” service is being triggered correctly:

  • Examples as follows:

 > systemctl list-unit-files | grep -i 'tmpfiles-clean'
systemd-tmpfiles-clean.service                                            static          -
systemd-tmpfiles-clean.timer                                              static          -
 > 


 # systemctl status systemd-tmpfiles-clean.timer
● systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories
     Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-clean.timer; static)
     Active: active (waiting) since Thu 2022-11-17 16:43:18 CET; 2h 23min ago
    Trigger: Fri 2022-11-18 16:58:34 CET; 21h left
   Triggers: ● systemd-tmpfiles-clean.service
       Docs: man:tmpfiles.d(5)
             man:systemd-tmpfiles(8)

Nov 17 16:43:18 xxx systemd[1]: Started Daily Cleanup of Temporary Directories.
 # 
 # systemctl status systemd-tmpfiles-clean.service
○ systemd-tmpfiles-clean.service - Cleanup of Temporary Directories
     Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-clean.service; static)
     Active: inactive (dead) since Thu 2022-11-17 16:58:35 CET; 2h 8min ago
TriggeredBy: ● systemd-tmpfiles-clean.timer
       Docs: man:tmpfiles.d(5)
             man:systemd-tmpfiles(8)
    Process: 2386 ExecStart=systemd-tmpfiles --clean (code=exited, status=0/SUCCESS)
   Main PID: 2386 (code=exited, status=0/SUCCESS)

Nov 17 16:58:34 xxx systemd[1]: Starting Cleanup of Temporary Directories...
Nov 17 16:58:34 xxx systemd-tmpfiles[2386]: /usr/lib/tmpfiles.d/nagios.conf:2: Line references path below legacy dir>
Nov 17 16:58:34 xxx systemd-tmpfiles[2386]: /usr/lib/tmpfiles.d/net-snmp.conf:1: Line references path below legacy d>
Nov 17 16:58:35 xxx systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
Nov 17 16:58:35 xxx systemd[1]: Finished Cleanup of Temporary Directories.
 # 

You may have to modify the default behaviour to have this systemd Service clean up the specific files you’re have an issue with.

  • The default configuration follows the scheme below:

 > cat /usr/lib/tmpfiles.d/systemd-tmp.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See tmpfiles.d(5) for details

# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*
X /tmp/systemd-private-%b-*/tmp
x /var/tmp/systemd-private-%b-*
X /var/tmp/systemd-private-%b-*/tmp

# Remove top-level private temporary directories on each boot
R! /tmp/systemd-private-*
R! /var/tmp/systemd-private-*

# Handle lost systemd-coredump temp files. They could be lost on old filesystems,
# for example, after hard reboot.
x  /var/lib/systemd/coredump/.#core*.%b*
r! /var/lib/systemd/coredump/.#*
 > 

[HR][/HR]I can’t recall that, Leap 15.3 wasn’t automatically cleaning up old temporary system files – are you certain that, all the Leap 15.3 patches and updates have been applied?

  • And, the YaST temporary files you’ve listed, were usually located in /var/tmp/ – have you changed the default YaST configuration?

It may well be that, the older temporary system files you had in /tmp/ were relics from previous Leap versions which never got removed by the application of the newer housekeeping services.

  • Simply, occasionally, login as the user “root” and, clean out the older files in /tmp/ and /var/tmp/ …