[arch-general] SystemD: Is there a way to disable PrivateTmp globally?
jan.steffens at gmail.com
Thu Nov 1 14:11:40 EDT 2012
On Thu, Nov 1, 2012 at 5:40 PM, "Jérôme M. Berger" <jeberger at free.fr> wrote:
> Is there a way to disable Private Tmp globally? I know I can
> disable it by copying all the affected unit files to /etc/systemd
> and removing it there but is there a way to disable it once and for all?
> The reasons I want to disable it are:
> - I don't need it: this is a single user machine that sits behind a
> firewall and doesn't run any publicly available servers, so the
> security issues that private tmp solves are not important for this
> - I want to know where the files are, and I especially do not want
> them in a tmpfs. According to the docs I was able to find, private
> tmp is implemented using "kernel namespace" but that tells me
> nothing about where the data is stored;
> - I want to be able to access those files for debugging purposes.
> For example, I have some custom Apache modules that dump debug
> information to files in /tmp and I need to be able to access them.
> However, I haven't found any way to access the private tmp of a
> service, even as root.
> mailto:jeberger at free.fr
> Jabber: jeberger at jabber.fr
The files are in subdirectories. /tmp/systemd-private-XXXXXX is bound to /tmp,
/var/tmp/systemd-private-XXXXXX is bound to /var/tmp.
More information about the arch-general