I had a really strange problem, I was writing a tiny Python script to learn about Python and it was writing to /var/tmp. Only problem was the file never turned up. This script was run from within Apache 2 on Fedora 18.
The file I was trying to create was “webhook_current_json_request.json“. Turns out the problem is Apache when run using systemd. This is what I found.
Looking at “man system.unit” we see:
PrivateTmp=
Takes a boolean argument. If true sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it, that are not
shared by processes outside of the namespace. This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp or /var/tmp
impossible. All temporary data created by service will be removed after service is stopped. Defaults to false.
I found my systemctl .service file for Apache, “httpd” at:
/usr/lib/systemd/system/httpd.service
It looked like:
[Unit] Description=The Apache HTTP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=notify EnvironmentFile=/etc/sysconfig/httpd ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND ExecReload=/usr/sbin/httpd $OPTIONS -k graceful ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop # We want systemd to give httpd some time to finish gracefully, but still want # it to kill httpd after TimeoutStopSec if something went wrong during the # graceful stop. Normally, Systemd sends SIGTERM signal right after the # ExecStop, which would kill httpd. We are sending useless SIGCONT here to give # httpd time to finish. KillSignal=SIGCONT PrivateTmp=true [Install] WantedBy=multi-user.target
As the man page states “sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it” it transpires the “new file system namespace” is a somewhat random folder under /var/tmp. These look like:
[root@vmvaliant tmp]# cd /var/tmp [root@vmvaliant tmp]# ll total 304 drwxr-xr-x 2 abrt abrt 4096 Jul 6 08:48 abrt drwx------ 3 root root 4096 Jul 8 2015 systemd-private-0zBSJE drwx------ 3 root root 4096 Apr 27 10:38 systemd-private-1aUPmp drwx------ 3 root root 4096 Aug 20 2017 systemd-private-1T74Sw drwx------ 3 root root 4096 Aug 29 2017 systemd-private-1VhcnW drwx------ 3 root root 4096 Aug 20 2017 systemd-private-7BmxdZ drwx------ 3 root root 4096 Dec 9 2017 systemd-private-8cXaI2
I did some digging and found the one which Apache was currently using “systemd-private-JgJxbB” and inside it I found my file
/var/tmp/systemd-private-JgJxbB/tmp/webhook_current_json_request.json
Moral of the story seems to be not to write to /tmp or /var/tmp when running in Apache.
![[L] – WordPress UAM Locked Post](http://www.zoyinc.com/wp-content/uploads/2024/04/WordpressUAMLockedPost_Featured.jpg)
