Apache doesn’t write to /var/tmp

I had a really strange problem, I was writing a tiny Python script to learn about Python and it was writing to /var/tmp. Only problem was the file never turned up. This script was run from within Apache 2 on Fedora 18.

The file I was trying to create was “webhook_current_json_request.json“. Turns out the problem is Apache when run using systemd. This is what I found.

Looking at “man system.unit” we see:

PrivateTmp=
Takes a boolean argument. If true sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it, that are not
shared by processes outside of the namespace. This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp or /var/tmp
impossible. All temporary data created by service will be removed after service is stopped. Defaults to false.

I found my systemctl .service file for Apache, “httpd” at:

/usr/lib/systemd/system/httpd.service

It looked like:

As the man page states “sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it” it transpires the “new file system namespace” is a somewhat random folder under /var/tmp. These look like:

[root@vmvaliant tmp]# cd /var/tmp
[root@vmvaliant tmp]# ll
total 304
drwxr-xr-x 2 abrt abrt 4096 Jul 6 08:48 abrt
drwx------ 3 root root 4096 Jul 8 2015 systemd-private-0zBSJE
drwx------ 3 root root 4096 Apr 27 10:38 systemd-private-1aUPmp
drwx------ 3 root root 4096 Aug 20 2017 systemd-private-1T74Sw
drwx------ 3 root root 4096 Aug 29 2017 systemd-private-1VhcnW
drwx------ 3 root root 4096 Aug 20 2017 systemd-private-7BmxdZ
drwx------ 3 root root 4096 Dec 9 2017 systemd-private-8cXaI2

I did some digging and found the one which Apache was currently using “systemd-private-JgJxbB” and inside it I found my file

/var/tmp/systemd-private-JgJxbB/tmp/webhook_current_json_request.json

Moral of the story seems to be not to write to /tmp or /var/tmp when running in Apache.