/tmp content is not visible

Hello Community!,
Please suggest, we are facing the issue in listing /tmp content of other users/process on AlmaLinux9.x, even with root.
The files created are available post reboot but not able to list even with root.

Regards,
Veera

If you can’t list files, then how do you know that they exist?

The permissions of a directory (can) include ‘r’ and ‘x’.
r can list content of directory
x can access content of directory

The default permissions of /tmp are 1777, i.e. rwxrwxrwt

How the files are created?

Notice that a lot of services use a PrivateTmp option, making /tmp directory private.

Who so ever the ssh-logged-in user created the files, only that user can be able to list the files, not by others even we set read permission for all.
Seems files/directories are created Users private space.
Regards,
Veera

Either files/directories created by a program or a User facing the issue, seems visibility being managed on private space based on the logged-in ssh-user.
Where is the PrivateTmp option available
Regards,
Veera

This parameter is described in man systemd.exec

If there are “special” mounts, they do probably show with findmnt

Does /etc/systemd/system/ have anything sshd.service* ?

Please look ate ref. SS for clarity,
Won’t be able to list Other users files of /tmp with SSH login and even by switching to respective Owner-account from the logged-in ssh-user.

User1:
[TestUser1@HCSDC-RDNLNS-CSRV01 ~]$ cd /
[TestUser1@HCSDC-RDNLNS-CSRV01 /]$ ll
total 24
dr-xr-xr-x. 2 root root 6 Mar 25 2022 afs
drwxr-xr-x. 2 root root 42 Oct 27 2023 app
lrwxrwxrwx. 1 root root 7 Mar 25 2022 bin → usr/bin
dr-xr-xr-x. 5 root root 4096 Jul 29 18:02 boot
drwxr-xr-x 20 root root 3460 Jul 29 19:16 dev
drwxr-xr-x. 86 root root 8192 Jul 29 19:16 etc
drwxr-xr-x. 9 root root 129 Jul 29 19:08 home
-rw-------. 1 root root 120 Aug 28 2023 imjournal.state
lrwxrwxrwx. 1 root root 7 Mar 25 2022 lib → usr/lib
lrwxrwxrwx. 1 root root 9 Mar 25 2022 lib64 → usr/lib64
drwxr-xr-x. 2 root root 6 Mar 25 2022 media
drwxr-xr-x. 2 root root 6 Mar 25 2022 mnt
drwxr-xr-x. 2 root root 6 Mar 25 2022 opt
dr-xr-xr-x 300 root root 0 Jul 29 19:16 proc
dr-xr-x—. 4 root root 4096 Apr 17 15:43 root
drwxr-xr-x 31 root root 880 Jul 29 19:17 run
lrwxrwxrwx. 1 root root 8 Mar 25 2022 sbin → usr/sbin
drwxr-xr-x 3 root root 18 Mar 26 11:48 sftp
drwxr-xr-x. 2 root root 6 Mar 25 2022 srv
dr-xr-xr-x 13 root root 0 Jul 29 19:16 sys
drwxrwxrwt 2 root root 6 Jul 29 19:16 tmp
drwxr-xr-x. 12 root root 144 Jul 10 2023 usr
drwxr-xr-x. 20 root root 277 Sep 25 2023 var
[TestUser1@HCSDC-RDNLNS-CSRV01 /]$ cd /tmp
[TestUser1@HCSDC-RDNLNS-CSRV01 tmp]$ ll
total 0
[TestUser1@HCSDC-RDNLNS-CSRV01 tmp]$ ^C
[TestUser1@HCSDC-RDNLNS-CSRV01 tmp]$ echo “TestUser1” > TestUser1.txt
[TestUser1@HCSDC-RDNLNS-CSRV01 tmp]$ ll
total 4
-rw-r----- 1 TestUser1 Test1 10 Jul 29 19:19 TestUser1.txt
[TestUser1@HCSDC-RDNLNS-CSRV01 tmp]$ pwd
/tmp
[TestUser1@HCSDC-RDNLNS-CSRV01 tmp]$ date
Mon Jul 29 07:20:59 PM IST 2024
[TestUser1@HCSDC-RDNLNS-CSRV01 tmp]$ su TestUser2
Password:
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ ll
total 4
-rw-r----- 1 TestUser1 Test1 10 Jul 29 19:19 TestUser1.txt
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ ^C
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$

User2:
[TestUser2@HCSDC-RDNLNS-CSRV01 ~]$ cd /
[TestUser2@HCSDC-RDNLNS-CSRV01 /]$ ll
total 24
dr-xr-xr-x. 2 root root 6 Mar 25 2022 afs
drwxr-xr-x. 2 root root 42 Oct 27 2023 app
lrwxrwxrwx. 1 root root 7 Mar 25 2022 bin → usr/bin
dr-xr-xr-x. 5 root root 4096 Jul 29 18:02 boot
drwxr-xr-x 20 root root 3460 Jul 29 19:16 dev
drwxr-xr-x. 86 root root 8192 Jul 29 19:16 etc
drwxr-xr-x. 9 root root 129 Jul 29 19:08 home
-rw-------. 1 root root 120 Aug 28 2023 imjournal.state
lrwxrwxrwx. 1 root root 7 Mar 25 2022 lib → usr/lib
lrwxrwxrwx. 1 root root 9 Mar 25 2022 lib64 → usr/lib64
drwxr-xr-x. 2 root root 6 Mar 25 2022 media
drwxr-xr-x. 2 root root 6 Mar 25 2022 mnt
drwxr-xr-x. 2 root root 6 Mar 25 2022 opt
dr-xr-xr-x 302 root root 0 Jul 29 19:16 proc
dr-xr-x—. 4 root root 4096 Apr 17 15:43 root
drwxr-xr-x 31 root root 880 Jul 29 19:17 run
lrwxrwxrwx. 1 root root 8 Mar 25 2022 sbin → usr/sbin
drwxr-xr-x 3 root root 18 Mar 26 11:48 sftp
drwxr-xr-x. 2 root root 6 Mar 25 2022 srv
dr-xr-xr-x 13 root root 0 Jul 29 19:16 sys
drwxrwxrwt 2 root root 6 Jul 29 19:16 tmp
drwxr-xr-x. 12 root root 144 Jul 10 2023 usr
drwxr-xr-x. 20 root root 277 Sep 25 2023 var
[TestUser2@HCSDC-RDNLNS-CSRV01 /]$ cd /tmp
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ ll
total 0
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ ^C
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ echo “TestUser2” > TestUser2.txt
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ ll
total 4
-rw-r----- 1 TestUser2 Test2 10 Jul 29 19:19 TestUser2.txt
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ pwd
/tmp
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$ date
Mon Jul 29 07:21:01 PM IST 2024
[TestUser2@HCSDC-RDNLNS-CSRV01 tmp]$

User3:

Regards,
Veera

Please find the below
no sshd.service under /etc/systemd/system

For your information, with no specific mount also observing the same behavior.

Regards,
Veera

What do you get with:

df -h /tmp
findmnt | grep tmp

On assumption that systemd has created (sshd) session for TestUser1 and mounted private volume to /tmp, the session for TestUser2 via ‘su’ apparently does reuse that existing namespace (rather than create its own).

Please find the below
[TestUser1@HCSDC-RDNLNS-CSRV01 ~]$ df -h /tmp
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/almalinux-tmp 10G 104M 9.9G 2% /tmp
[TestUser1@HCSDC-RDNLNS-CSRV01 ~]$ findmnt | grep tmp
├─/dev devtmpfs devtmpfs rw,nosuid,size=4096k,nr_inodes=463311,mode=755,inode64
│ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev,noexec,inode64
├─/run tmpfs tmpfs rw,nosuid,nodev,size=749428k,nr_inodes=819200,mode=755,inode64
│ ├─/run/credentials/systemd-tmpfiles-setup-dev.service none ramfs ro,nosuid,nodev,noexec,relatime,mode=700
│ ├─/run/credentials/systemd-tmpfiles-setup.service none ramfs ro,nosuid,nodev,noexec,relatime,mode=700
│ ├─/run/user/10008 tmpfs tmpfs rw,nosuid,nodev,relatime,size=374712k,nr_inodes=93678,mode=700,uid=10008,gid=50000,inode64
│ ├─/run/user/1013 tmpfs tmpfs rw,nosuid,nodev,relatime,size=374712k,nr_inodes=93678,mode=700,uid=1013,gid=1005,inode64
│ ├─/run/user/1015 tmpfs tmpfs rw,nosuid,nodev,relatime,size=374712k,nr_inodes=93678,mode=700,uid=1015,gid=1007,inode64
│ └─/run/user/1014 tmpfs tmpfs rw,nosuid,nodev,relatime,size=374712k,nr_inodes=93678,mode=700,uid=1014,gid=1006,inode64
│ └─/var/tmp /dev/mapper/almalinux-var_tmp xfs rw,nosuid,nodev,noexec,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
│ ├─/var/tmp/tmp-inst /dev/mapper/almalinux-var_tmp[/tmp-inst] xfs rw,nosuid,nodev,noexec,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
│ └─/var/tmp /dev/mapper/almalinux-var_tmp[/tmp-inst/TestUser1] xfs rw,nosuid,nodev,noexec,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
└─/tmp /dev/mapper/almalinux-tmp xfs rw,nosuid,nodev,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
├─/tmp/tmp-inst /dev/mapper/almalinux-tmp[/tmp-inst] xfs rw,nosuid,nodev,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
└─/tmp /dev/mapper/almalinux-tmp[/tmp-inst/TestUser1] xfs rw,nosuid,nodev,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
[TestUser1@HCSDC-RDNLNS-CSRV01 ~]$

What your current session (as TestUser1) does see as directory /tmp is apparently
directory tmp-inst/TestUser1 within filesystem on device /dev/mapper/almalinux-tmp

That mount hides the earlier:

/tmp          /dev/mapper/almalinux-tmp            xfs 
/tmp/tmp-inst /dev/mapper/almalinux-tmp[/tmp-inst] xfs

There is similar “private mount” for /var/tmp


On assumption that these are result of PrivateTmp being set, the question is where?
If there is no custom config for openssh, then perhaps the PrivateTmp occurs elsewehere? To check:

grep -r PrivateTmp /run/systemd /etc/systemd

The user tmp directory available with user-id 1013(TestUser1).

Nothing found for “grep -r PrivateTmp /run/systemd /etc/systemd”

Then something else / somewhere else activates the private tmp system.


Default install does not create separate volumes:

/dev/mapper/almalinux-tmp
/dev/mapper/almalinux-var_tmp

Therefore, some customization has been selected on your system. Security policies? FIPS?
(I don’t know any of those.)