« Back to Settings for systemd units

PrivateTmp setting

The property PrivateTmp is a systemd unit setting used for sandboxing.

Purpose: define new namespace for /tmp and /var/tmp directory

Why and when to use PrivateTmp

By default, a process can see the content of /tmp and /var/tmp, if the owner or group has the right file permissions. By using the setting PrivateTmp, access may be reduced to these temporary directories. Systemd does this by defining a new namespace for the process.

Generic advice

For most services PrivateTmp=yes can be used. It is an easy way to reduce risks related to temporary files.

When multiple processes need to access the same files, then typically this should be avoided in the temporary directories, but create a specific application directory those processes to exchange data.

Testing

To see if a program works with this property, consider using the systemd-run command.

Make sure that there is a file in /tmp, then run the command with PrivateTmp set.

systemd-run --pty --property=PrivateTmp=yes ls -l /tmp
total 0

No files are available now, as the ls program only sees content from the new namespace.

Values

This setting expects a boolean (yes or no).

  • no: normal access to temporary directories - default
  • yes: new private namespace for temporary directories, preventing process from seeing files in the original /tmp and /var/tmp

Example to show the current value of PrivateTmp for the dmesg service:

systemctl show --property=PrivateTmp dmesg.service

Related hardening profiles

The systemd unit setting PrivateTmp is used in the following hardening profiles.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon