Bug 2950

Summary:

Store user runtime files in /run/user/ rather than in /tmp/

Product:

Portable OpenSSH

Reporter:

Jakub Jelen <jjelen>

Component:

Miscellaneous

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

enhancement

CC:

riehecky

Priority:

Keywords:

patch

Version:

7.9p1

Hardware:

Other

OS:

Linux

URL:

https://bugzilla.redhat.com/show_bug.cgi?id=1658642

Attachments:

Description	Flags
proposed patch	none

Description Jakub Jelen 2019-01-05 03:22:37 AEDT

Created attachment 3220 [details]
proposed patch

In utilized servers and desktops, it is not uncommon that /tmp directory gets full and ssh services can not write any needed files in there. This affects the authentication information, local and forwarded ssh-agent sockets and forwarded kerberos tickets.

This is solved for many applications [1], services and daemons already by using XDG_RUNTIME_DIR environment variable, which points to the location under /run/user, that is already private for a specific user. The advantage is that this variable is available both from PAM after authentication and in the user session.

The attached patch implements using this environment variable if available and makes the above use cases more reliable (especially the authentication information files). On systems not providing this variable, there should be no overhead and fallback to the current method.

[1] https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html

Comment 1 Pat Riehecky 2022-09-22 01:47:09 AEST

I'd really love to see this patch applied.

Comment 2 Pat Riehecky 2023-02-09 02:48:21 AEDT

I've managed to get an initial review of this patch at https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-February/040555.html

Jakub Jelen are you able to address the questions there (and post an updated PR so I can retire mine and you get full credit for your work)?