how to disable apache2 PrivateTmp?

SUSE Linux Enterprise Server SLES Configure-Administer
1

I just want to use the old SLES11 behavior and write to /tmp from httpd processes.
I tried this but it did not work:

SR0005IB02:/usr/lib/systemd/system # ls -l /usr/local/lib/systemd/system ls: cannot access /usr/local/lib/systemd/system: No such file or directory SR0005IB02:/usr/lib/systemd/system # mkdir -p /usr/local/lib/systemd/system SR0005IB02:/usr/lib/systemd/system # cp -p apache2* /usr/local/lib/systemd/system SR0005IB02:/usr/lib/systemd/system # cd /usr/local/lib/systemd/system SR0005IB02:/usr/local/lib/systemd/system # ls -l total 8 -rw-r--r-- 1 root root 493 Nov 5 2015 apache2.service -rw-r--r-- 1 root root 531 Nov 5 2015 apache2@.service SR0005IB02:/usr/local/lib/systemd/system # vi * 2 files to edit SR0005IB02:/usr/local/lib/systemd/system # grep Tmp * apache2.service:PrivateTmp=false apache2@.service:PrivateTmp=false SR0005IB02:/usr/local/lib/systemd/system # reboot

I can of course just edit the apache2* files in /usr/lib/systemd/system but those are overwritten when SUSE updates are applied.
What if the correct way to permanently disable apache2 PrivateTmp?
TIA!

2

On 21/07/16 22:14, jimsmithson wrote:
[color=blue]

I just want to use the old SLES11 behavior and write to /tmp from httpd
processes.
I tried this but it did not work:

Code:

SR0005IB02:/usr/lib/systemd/system # ls -l /usr/local/lib/systemd/system

ls: cannot access /usr/local/lib/systemd/system: No such file or directory
SR0005IB02:/usr/lib/systemd/system # mkdir -p /usr/local/lib/systemd/system
SR0005IB02:/usr/lib/systemd/system # cp -p apache2* /usr/local/lib/systemd/system
SR0005IB02:/usr/lib/systemd/system # cd /usr/local/lib/systemd/system
SR0005IB02:/usr/local/lib/systemd/system # ls -l
total 8
-rw-r–r-- 1 root root 493 Nov 5 2015 apache2.service
-rw-r–r-- 1 root root 531 Nov 5 2015 apache2@.service
SR0005IB02:/usr/local/lib/systemd/system # vi *
2 files to edit
SR0005IB02:/usr/local/lib/systemd/system # grep Tmp *
apache2.service:PrivateTmp=false
apache2@.service:PrivateTmp=false
SR0005IB02:/usr/local/lib/systemd/system # reboot

I can of course just edit the apache2* files in /usr/lib/systemd/system
but those are overwritten when SUSE updates are applied.
What if the correct way to permanently disable apache2 PrivateTmp?[/color]

I don’t know if it’s the correct way but what seems to work for me is:

# systemctl show apache2 | grep PrivateTmp
PrivateTmp=yes
# cp /usr/lib/systemd/system/apache2.service /etc/systemd/system/
# sed -i 's/PrivateTmp=true/PrivateTmp=false/'
/etc/systemd/system/apache2.service
# systemctl daemon-reload
# systemctl restart apache2
# systemctl show apache2 | grep PrivateTmp
PrivateTmp=no

I’ve seen another approach to create a small .conf file containing just
“PrivateTmp=false” in a newly created directory
/etc/systemd/system/apache2.service.d/ instead of duplicating then
editing apache2.service in /etc/systemd/system/ but that doesn’t work
for me.

HTH.

Simon
SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.

3

Thanks. I made on adjustment. There was already a file which is a symlink named apache.service that I changed just to make sure.
I had already changed /usr/lib/systemd/system/apache2.service before I did this:

SR0005IB02:/etc/systemd/system # ls -l apache* lrwxrwxrwx 1 root root 39 May 31 15:29 apache.service -> /usr/lib/systemd/system/apache2.service SR0005IB02:/etc/systemd/system # systemctl show apache2 | grep PrivateTmp PrivateTmp=no SR0005IB02:/etc/systemd/system # cp /usr/lib/systemd/system/apache2.service . SR0005IB02:/etc/systemd/system # rm apache.service SR0005IB02:/etc/systemd/system # ln apache2.service apache.service SR0005IB02:/etc/systemd/system # ls -li apache* 595483 -rw-r--r-- 2 root root 494 Jul 22 08:08 apache.service 595483 -rw-r--r-- 2 root root 494 Jul 22 08:08 apache2.service SR0005IB02:/etc/systemd/system # systemctl daemon-reload SR0005IB02:/etc/systemd/system # systemctl restart apache2 SR0005IB02:/etc/systemd/system # systemctl show apache2 | grep PrivateTmp PrivateTmp=no

4

On 22/07/16 14:24, jimsmithson wrote:
[color=blue]

Thanks. I made on adjustment. There was already a file which is a
symlink named apache.service that I changed just to make sure.
I had already changed /usr/lib/systemd/system/apache2.service before I
did this:

Code:

SR0005IB02:/etc/systemd/system # ls -l apache*

lrwxrwxrwx 1 root root 39 May 31 15:29 apache.service → /usr/lib/systemd/system/apache2.service
SR0005IB02:/etc/systemd/system # systemctl show apache2 | grep PrivateTmp
PrivateTmp=no
SR0005IB02:/etc/systemd/system # cp /usr/lib/systemd/system/apache2.service .
SR0005IB02:/etc/systemd/system # rm apache.service
SR0005IB02:/etc/systemd/system # ln apache2.service apache.service
SR0005IB02:/etc/systemd/system # ls -li apache*
595483 -rw-r–r-- 2 root root 494 Jul 22 08:08 apache.service
595483 -rw-r–r-- 2 root root 494 Jul 22 08:08 apache2.service
SR0005IB02:/etc/systemd/system # systemctl daemon-reload
SR0005IB02:/etc/systemd/system # systemctl restart apache2
SR0005IB02:/etc/systemd/system # systemctl show apache2 | grep PrivateTmp
PrivateTmp=no
--------------------[/color]

I’ve literally just run through my steps on a test SLES12 SP1 server
which did not previously have Apache installed and they work as I posted.

Some observations from your reply:

  • I don’t have an apache.service file/symlink in /etc/systemd/system so
    where has that come from? Did you perhaps create it as part of your
    trials here?

  • The above output shows you copying
    /usr/lib/systemd/system/apache2.service to /etc/systemd/system/ but not
    editing it to set PrivateTmp=false (that’s what my sed line does)

  • Why are you creating the symlink apache.service in
    /etc/systemd/system/ (first pointing at
    /usr/lib/systemd/system/apache2.service then
    /etc/systemd/system/apache2.service)

HTH.

Simon
SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.

5

[QUOTE=smflood;33629]On 22/07/16 14:24, jimsmithson wrote:
[color=blue]

Thanks. I made on adjustment. There was already a file which is a
symlink named apache.service that I changed just to make sure.
I had already changed /usr/lib/systemd/system/apache2.service before I
did this:

Code:

SR0005IB02:/etc/systemd/system # ls -l apache*

lrwxrwxrwx 1 root root 39 May 31 15:29 apache.service → /usr/lib/systemd/system/apache2.service
SR0005IB02:/etc/systemd/system # systemctl show apache2 | grep PrivateTmp
PrivateTmp=no
SR0005IB02:/etc/systemd/system # cp /usr/lib/systemd/system/apache2.service .
SR0005IB02:/etc/systemd/system # rm apache.service
SR0005IB02:/etc/systemd/system # ln apache2.service apache.service
SR0005IB02:/etc/systemd/system # ls -li apache*
595483 -rw-r–r-- 2 root root 494 Jul 22 08:08 apache.service
595483 -rw-r–r-- 2 root root 494 Jul 22 08:08 apache2.service
SR0005IB02:/etc/systemd/system # systemctl daemon-reload
SR0005IB02:/etc/systemd/system # systemctl restart apache2
SR0005IB02:/etc/systemd/system # systemctl show apache2 | grep PrivateTmp
PrivateTmp=no
--------------------[/color]

I’ve literally just run through my steps on a test SLES12 SP1 server
which did not previously have Apache installed and they work as I posted.

Some observations from your reply:

HTH.

Simon
SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------[/QUOTE]

  • I don’t have an apache.service file/symlink in /etc/systemd/system so
    where has that come from? Did you perhaps create it as part of your
    trials here?
    No, I did not create symlink /etc/systemd/system/apache.service

  • The above output shows you copying
    /usr/lib/systemd/system/apache2.service to /etc/systemd/system/ but not
    editing it to set PrivateTmp=false (that’s what my sed line does)
    I had already modified /usr/lib/systemd/system/apache2.service and set PrivateTmp=false

  • Why are you creating the symlink apache.service in
    /etc/systemd/system/ (first pointing at
    /usr/lib/systemd/system/apache2.service then
    /etc/systemd/system/apache2.service)
    Since I do not know what /etc/systemd/system/apache.service is used for, I want to make sure it matches the settings in /etc/systemd/system/apache2.service with PrivateTmp=false

Thanks again.