.TMP Temporary File
.tmp

Temporary File

TMP is not a file format — it is a naming convention. The Windows GetTempFileName API generates .tmp names as prefix + hex digits (e.g., ~abc1A2F.TMP). The content inside varies by application: Word autosaves, browser downloads, database swap pages. Run `file -bi` to identify what's actually in one.

Learn more ↓
File structure
Header schema
Records structured data
Text1983
By FileDex
Not convertible

TMP file conversion is not applicable — TMP is a naming convention for temporary files, not a fixed format. Identify the creating application to determine the actual content type.

Common questions

What is a TMP file?

TMP is a naming convention, not a file format. Applications create .tmp files as scratch storage during processing — Word autosaves, browser downloads, database swap pages. The .tmp extension indicates the file is temporary but says nothing about its internal content. To determine what is actually inside, open the file in a hex editor and check the first few bytes against known file signatures.

How do I open a TMP file?

Open the file in a hex editor (HxD on Windows, or any equivalent) and check the first few bytes against known file signatures to determine the actual content type. If it is a Word autosave, rename the extension to .docx and try opening it. If it is a partial download, rename it to the original extension. On Linux or macOS, built-in system utilities can detect the content type from magic bytes automatically.

Can I safely delete TMP files?

Yes, if no application is actively using them. Close all programs first. Files older than 7 days with no process holding a handle are safe to remove. Windows Disk Cleanup and Linux systemd-tmpfiles automate this by checking file age and skipping recently modified files. Never delete files currently locked by a running process.

Why do TMP files keep appearing?

Applications create and destroy temp files continuously during normal operation. Accumulation happens when apps crash without cleanup, developers omit deletion code, or the API used (GetTempFileName, mkstemp) does not auto-delete — only tmpfile() handles automatic cleanup. Periodic cleanup via Disk Cleanup or systemd-tmpfiles prevents buildup.

How do I recover data from a TMP file?

Microsoft Office .tmp files are often renamed copies of the active document — change the extension to .docx, .xlsx, or .pptx and try opening. Browser download .tmp files are partial copies of the target file. Check your temp directory immediately after a crash, sorted by modification time. Cleanup services may delete the file within hours.

TMP files are filling up my disk — what do I do?

Open %TEMP% in Windows Explorer (type %temp% in the address bar) and delete files older than a week. Enable Storage Sense in Windows Settings to automate cleanup. On Linux, run `find /tmp -name '*.tmp' -mtime +7 -delete` to remove .tmp files older than 7 days. Check for crashed applications leaving large orphaned files.

Where are TMP files stored on Windows?

Windows resolves the temp path by checking environment variables in order: TMP, then TEMP, then USERPROFILE, then the Windows directory. The typical per-user location is C:\Users\<name>\AppData\Local\Temp. Type %temp% in File Explorer's address bar to open it directly. System-level temp files go to C:\Windows\Temp.

What makes .TMP special

Not a format
TMP is a naming convention, not a specification
No RFC, no IANA registration, no LOC entry, no PRONOM ID. The .tmp extension signals 'temporary' but says nothing about what's inside. Three .tmp files may contain text, ZIP data, and database pages respectively.
65,535 name limit
Windows GetTempFileName caps at 65K unique names
The Win32 API uses only the lower 16 bits of a hex counter per prefix+directory combination. At scale, name generation degrades — Microsoft recommends GUID-based naming for bulk operations.
tmpfs: RAM-backed /tmp
Linux /tmp often lives in RAM, not disk
Modern Linux mounts /tmp as tmpfs — a filesystem backed by physical memory (default 50% of RAM). Lightning fast, but contents vanish on reboot. /var/tmp survives reboots on disk.
TOCTOU vulnerability
tmpnam() is obsolete since 2008
The gap between generating a name and creating the file allows symlink attacks. mkstemp() fixes this with atomic O_EXCL creation. The tmpnam man page: 'Never use these functions.'

TMP is a naming convention, not a format

The .tmp extension marks a file as temporary scratch storage. It carries no information about what is inside. A .tmp file created by Microsoft Word contains a partial DOCX. One created by a web browser holds a half-finished download. A database engine writes swap pages. A compiler stores intermediate object code. The file command on Linux and macOS ignores the extension entirely and identifies the actual content by reading magic bytes — the only reliable way to determine what a .tmp file contains.

Continue reading — full technical deep dive

No specification governs the .tmp extension. It is not registered in the IANA media type registry, the Library of Congress Format Description Database, or the UK National Archives PRONOM. The default MIME type application/octet-stream applies by convention because the content is unknown without inspection.

How Windows creates temporary files

The Win32 API function GetTempFileName generates filenames in the pattern <prefix><uuuu>.TMP, where <prefix> is the first three characters of a caller-provided string and <uuuu> is a hexadecimal value. When the caller passes zero for the unique parameter, the function uses the current system time, checks for collisions, and increments until it finds an unused name. It then creates an empty file and returns. Only the lower 16 bits of the hex value are used, limiting any single prefix+directory combination to 65,535 unique filenames.

The companion function GetTempPath resolves the temp directory by checking environment variables in priority order: TMP first, then TEMP, then USERPROFILE, then the Windows directory as a final fallback. The returned path always ends with a backslash. The function does not verify the directory exists or test write permissions — if the first variable points to a nonexistent path, file creation fails downstream.

The typical per-user temp directory on Windows is C:\Users\<name>\AppData\Local\Temp. System-level temp files go to C:\Windows\Temp. Both accumulate orphaned .tmp files over time because GetTempFileName does not auto-delete.

How Unix creates temporary files

POSIX defines two safe approaches. tmpfile() opens a unique temp file in read/write binary mode and deletes it automatically when the file is closed or the process exits. The caller never sees a filename — just a file descriptor. This is the cleanest method when the file does not need to be visible to other processes.

mkstemp() takes a template string ending in six X characters (e.g., /tmp/myapp.XXXXXX), replaces the Xs with a unique string, and creates the file atomically using the O_EXCL flag with permissions 0600 (owner read/write only). The atomic creation eliminates the time-of-check-to-time-of-use (TOCTOU) race condition that plagues the deprecated tmpnam() function. The man page for tmpnam states explicitly: "Never use these functions. Use mkstemp(3) or tmpfile(3) instead."

Linux provides two standard temp directories. /tmp is typically mounted as tmpfs — a RAM-backed filesystem that defaults to 50% of physical memory and loses all contents on reboot. /var/tmp is disk-backed and survives reboots, intended for files that should persist longer but are still temporary. macOS uses $TMPDIR, which points to per-session randomized paths under /var/folders/.

Why .tmp files persist

Four conditions cause accumulation. First, application crashes — the cleanup code never runs, leaving orphaned files. Second, developers who forget to add deletion logic. Third, the API design: GetTempFileName and mkstemp do not auto-delete. Only tmpfile() handles automatic cleanup. Fourth, cleanup services are conservative — Windows Disk Cleanup and Linux systemd-tmpfiles check file age before deleting, and recently-modified files are skipped even if they are orphaned.

On Windows, Storage Sense can be configured to delete temp files older than a threshold (1, 14, 30, or 60 days). On Linux, systemd-tmpfiles-clean.timer runs daily by default, removing files in /tmp that exceed the configured maximum age (typically 10 days). macOS runs periodic maintenance scripts but does not aggressively clean /var/folders/ temp paths.

How to identify what created a .tmp file

Run file -bi mystery.tmp to detect the MIME type from magic bytes. Word autosave files show as application/vnd.openxmlformats-officedocument.wordprocessingml.document. ZIP-based files show application/zip. Plain text scratch files show text/plain. Binary database swap pages show application/octet-stream.

The file's creation timestamp correlated with application activity often reveals the creator. Some applications embed identifiable strings — a hex editor or xxd mystery.tmp | head can reveal embedded application signatures, document titles, or user data.

Safe deletion rules

Close all applications before cleaning the temp directory. A locked file (cannot be deleted) means an application is actively using it — skip it. Files older than 7 days with no process holding a handle are almost certainly safe to remove. Windows Disk Cleanup and systemd-tmpfiles enforce these rules automatically.

Never delete files from /var/tmp or application-specific temp directories without understanding what uses them. Database engines, video editors, and long-running builds may hold files open for hours or days.

Security: race conditions and symlink attacks

The deprecated tmpnam() function generates a filename, then the caller creates the file in a separate step. In the gap between those two operations, an attacker on a shared system can create a symlink at that path, redirecting the application's write to an arbitrary file — including /etc/passwd or other sensitive targets. This is a classic TOCTOU vulnerability.

mkstemp() eliminates this by creating the file atomically with O_EXCL, which fails if the path already exists. Combined with 0600 permissions, the resulting file is readable and writable only by the creating user. Sensitive data written to temp files (session tokens, decrypted content, credentials) still poses a risk if the file survives the process — disk forensics can recover deleted files from non-tmpfs storage.

.TMP compared to alternatives

.MKSTEMP() vs .TMPNAM()
Security
mkstemp() creates temp files atomically with O_EXCL flag and 0600 permissions, eliminating TOCTOU race conditions. tmpnam() only generates a name — the gap before creation allows symlink attacks. tmpnam is obsolete in POSIX.1-2008; its man page says 'Never use these functions.'
 MKSTEMP() wins
.TMPFILE() vs .GETTEMPFILENAME
Auto-cleanup
POSIX tmpfile() automatically deletes the file when closed or process exits — zero orphan risk. Windows GetTempFileName creates the file but never deletes it. Applications must handle cleanup manually, and crashes leave orphans that accumulate in %TEMP%.
 TMPFILE() wins
.TMPFS (/TMP) vs ./VAR/TMP
Reboot survival
tmpfs is RAM-backed (default 50% of physical memory) — fast but contents vanish on reboot. /var/tmp is disk-backed and survives reboots. Use tmpfs for ephemeral scratch data; use /var/tmp for temp files that must persist across restarts (e.g., long-running build artifacts).
 /VAR/TMP wins
.MKSTEMP() vs .GETTEMPFILENAME
Name collision handling
mkstemp() replaces template characters with a random string and opens atomically — collisions are impossible. GetTempFileName uses a 16-bit hex counter limited to 65,535 unique names per prefix+directory; performance degrades as the counter approaches saturation.
 MKSTEMP() wins

Technical reference

MIME Type
application/octet-stream
Developer
Various
Year Introduced
1970
Open Standard
No

Binary Structure

No defined structure. TMP file contents mirror whatever data the creating application needed to store temporarily — serialized documents, raw pixel buffers, database pages, partial downloads, or arbitrary scratch data. The internal format is determined entirely by the application that created the file and cannot be inferred from the .tmp extension alone.

1970sUnix systems establish /tmp as a shared temporary directory — the convention predates formal standardization1988POSIX.1 standardizes tmpnam() for generating temporary filenames — later found to be insecure1995Windows 95 introduces %TEMP% environment variable and the GetTempFileName API in Kernel32.dll2001POSIX.1-2001 standardizes mkstemp() as the safe replacement for tmpnam(), with atomic O_EXCL creation2008POSIX.1-2008 marks tmpnam() as obsolete, with explicit recommendation to use mkstemp() or tmpfile()2015Windows 10 introduces Storage Sense for automatic temp file cleanup based on configurable age thresholds
Identify actual content type of a TMP file other 
file -bi mystery.tmp

Reads magic bytes to detect MIME type regardless of .tmp extension. Word autosaves show application/vnd.openxmlformats, ZIPs show application/zip, text shows text/plain.

Inspect first bytes in hex other 
xxd mystery.tmp | head -5

Displays the first 80 bytes as hex + ASCII. Magic bytes at offset 0 reveal the creator: PK (ZIP/Office), %PDF (PDF), MZ (executable), or plain text.

Find and delete old TMP files on Linux other 
find /tmp -name '*.tmp' -mtime +7 -delete

Removes .tmp files in /tmp older than 7 days. The -mtime +7 flag matches files not modified in the last week. Safe for routine cleanup — active files are recently modified.

List largest TMP files by size other 
find /tmp -name '*.tmp' -printf '%s %p\n' | sort -rn | head -20

Finds all .tmp files, prints size in bytes alongside path, sorts descending. Identifies large orphaned files consuming disk space — common after video editor or database crashes.

Count TMP files in Windows temp directory other 
dir %TEMP%\*.tmp /s | find "File(s)"

Lists all .tmp files recursively in the Windows user temp directory and reports the total count. Useful for assessing cleanup urgency before running Disk Cleanup.

LOW

Attack Vectors

  • Symlink attacks in world-writable temp directories can redirect temp file creation to overwrite sensitive files if the application does not use secure creation flags
  • Sensitive data (passwords, session tokens, decrypted content) written to temp files may persist on disk after the application closes if cleanup fails

Mitigation: FileDex does not execute, install, mount, or parse these files. Reference page only.

Built-in Windows utility that removes temporary files, thumbnails, and other expendable data from system drives
Linux service that creates, deletes, and cleans up temporary files and directories based on age thresholds configured in tmpfiles.d
Python tempfile library
Python standard library module for creating temporary files and directories safely, with NamedTemporaryFile, mkstemp, and TemporaryDirectory
BleachBit tool
Open-source disk cleanup tool for Windows and Linux that removes temporary files, cache, cookies, and other expendable data across 90+ applications