[CentOS] systemd private tmp dirs

Thu Apr 16 14:25:51 UTC 2015
Matthew Miller <mattdm at mattdm.org>

On Thu, Apr 16, 2015 at 07:44:21AM -0500, Les Mikesell wrote:
> > The issue here really isn't systemd or the PrivateTmp feature but the
> > fact that some applications don't properly distinguish between temporary
> > files and data files.
> Maybe, but if an application wants a private directory for temporary
> files, shouldn't it create and manage that directory itself instead of
> being second-guessed by the default configuration of the OS?

This one I have a clear answer for: no. It's the distribution's job to
help regularize application practices, especially when they don't
follow good practices for security. Ideally, we work with upstreams on
this, but sometimes where it's just a matter of configuration, we
choose to exercise options to make everything fit together.

> filesystem.    And as far as what the default location should be -
> what would be correct for portable code?   Isn't /var/lib/something
> kind of linux-centric?  Where can an application expect to be able to
> write?

Linux-centric? Linux/Unix-centric, maybe. I mean, that's not gonna work
on VMS or MS Windows — but then, neither is /tmp.

Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader