Bug 2950

Summary: Store user runtime files in /run/user/ rather than in /tmp/
Product: Portable OpenSSH Reporter: Jakub Jelen <jjelen>
Component: MiscellaneousAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement CC: riehecky
Priority: P5 Keywords: patch
Version: 7.9p1   
Hardware: Other   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1658642
Attachments:
Description Flags
proposed patch none

Description Jakub Jelen 2019-01-05 03:22:37 AEDT
Created attachment 3220 [details]
proposed patch

In utilized servers and desktops, it is not uncommon that /tmp directory gets full and ssh services can not write any needed files in there. This affects the authentication information, local and forwarded ssh-agent sockets and forwarded kerberos tickets.

This is solved for many applications [1], services and daemons already by using XDG_RUNTIME_DIR environment variable, which points to the location under /run/user, that is already private for a specific user. The advantage is that this variable is available both from PAM after authentication and in the user session.

The attached patch implements using this environment variable if available and makes the above use cases more reliable (especially the authentication information files). On systems not providing this variable, there should be no overhead and fallback to the current method.

[1] https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
Comment 1 Pat Riehecky 2022-09-22 01:47:09 AEST
I'd really love to see this patch applied.
Comment 2 Pat Riehecky 2023-02-09 02:48:21 AEDT
I've managed to get an initial review of this patch at https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-February/040555.html

Jakub Jelen are you able to address the questions there (and post an updated PR so I can retire mine and you get full credit for your work)?