# Final Release Note - Sourcing `ydb_env_set`, which invokes %YDBENV, creates a directory for \$ydb_tmp (defaulting to \$gtm_tmp if that is defined, and `/tmp/yottadb/$ydb_rel` if neither is defined) if one does not exist. Previously, it created the directory based on \$ydb_log/\$gtm_log if they were defined. YottaDB does not use those environment variables. - %YDBENV attempts to set the group of \$ydb_tmp to the group of \$ydb_dist/libyottadb.so. Previously it did not, which was problematic: especially if the process creating \$ydb_tmp was root, then subsequent ordinary processes would be unable to use it. It does this unconditionally (which makes the code marginally simpler) because it is important if YottaDB is installed with the `--group-restriction --group <group>` options of `ydbinstall`, and doesn't matter otherwise. - If the lowest level subdirectory of \$ydb_tmp is \$ydb_rel, %YDBENV assumes that the parent directory is intended for subdirectories of multiple YottaDB releases, and attempts to set the permissions of the parent directory to `drwxrwxrwt` to reduce the likelihood of processes of different YottaDB releases from stepping on one anothers' toes. Previously, it did not attempt such a distinction, and did not set the sticky bit. - If \$ydb_log/\$gtm_log are not defined, it sets them to \$ydb_tmp. Although YottaDB does not use these environment variables, older scripting around GT.M/YottaDB might use them. [#1125] # Description [The Description was the initial observation of the issue. See https://gitlab.com/YottaDB/DB/YDB/-/issues/1125#note_2418408798 for more current details.] The permissions on `/tmp/yottadb` should have world write access so that different YottaDB releases can create their specific subdirectories under it. The permissions on `/tmp/yottadb/<rel>` should have write access for any user/group that can run YottaDB. If a root user sources `ydb_env_set` it creates a directory that is not usable by users of other YottaDB releases. ``` $ ls -ld /tmp/yottadb/ drwxr-xr-x 3 root root 60 Jan 24 17:54 /tmp/yottadb/ $ ``` This is an edge case from our development and test environments, as typical users will not have multiple YottaDB releases with YottaDB processes running as root. # Draft Release Note `/tmp/yottadb` must be world readable, writable and executable since it will have subdirectories for different YottaDB releases, some of which may not be world executable. For better protection against inadvertent damage, sourcing `ydb_env_set` sets the sticky bit of `/tmp/yottadb`, where previously it did not.. Furthermore, when a YottaDB release is installed with execution restricted to a group (with the `--group-restriction --group <group>` options of `ydbinstall`), sourcing `ydb_env_set` sets the group of `/tmp/yottadb/<rel>` to the group to which execution is so restricted. Previously, the group was the group of the process sourcing `ydb_env_set` which meant that if the process was a root process, then the directory could not be used by normal user processes belonging to the group to which YottaDB execution was restricted. [#1125]