mod_perl can't see files in /tmp

2019-05-03 23:10发布

问题:

I have some mod_perl code trying to access a file under /tmp ... but it throws a 'no such file or directory' error. I added an 'ls -al /tmp' to my code to see what Perl was seeing inside the directory, and it only gave me . and .. :

drwxrwxrwt.  2 root root        6 Jan 21 13:36 .
drwxrwxrwx. 18 root sysadmin 4096 Nov 22 22:14 ..

In reality there are a mixture of files under /tmp, including some owned by the Apache user. Changing my code to 'ls -al /' gives a correct directory listing (nothing missing).

I tried sudo'ing to the Apache user, and can see under /tmp file, so it must be something mod_perl related.

Ideas? I'm running mod_perl 2.0.8 and Apache 2.4 under CentOS 7. SELinux is set to permissive.

回答1:

So based on comments the answer here is - it's an RHEL 7 feature. https://securityblog.redhat.com/2014/04/09/new-red-hat-enterprise-linux-7-security-feature-privatetmp/

PrivateTmp=

Takes a boolean argument. If true sets up a new file system namespace for the executed processes and mounts a private /tmp directory inside it, that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp impossible. Defaults to false.