Foreman-maintain creates directories in /tmp that are world-writable

Solution Verified - Updated -

Issue

  • Unfortunately it seems that /tmp/systemd-private-91dc2d256d974b1d84cca9b2f539ab49-httpd.service-xxxxxx directory is created with a different name each time foreman-maintain service is restarted.

    # pwd
/tmp
# ll bundler
total 8
drwxr-xr-x   3 foreman-proxy foreman-proxy   17 Jul 19 11:01 .
drwxrwxrwt. 17 root          root          4096 Jul 19 13:01 ..
drwxrwxrwx   4 foreman-proxy foreman-proxy   40 Jul 19 11:01 home

# ll systemd-private-91dc2d256d974b1d84cca9b2f539ab49-httpd.service-h892gC
total 8
drwx------   3 root root   16 Jul 19 11:04 .
drwxrwxrwt. 17 root root 4096 Jul 19 13:01 ..
drwxrwxrwt   3 root root   41 Jul 19 13:04 tmp <---
# ll systemd-private-91dc2d256d974b1d84cca9b2f539ab49-httpd.service-h892gC/tmp
total 4
drwxrwxrwt 3 root    root    41 Jul 19 13:04 .
drwx------ 3 root    root    16 Jul 19 11:04 ..
drwxr-xr-x 3 foreman foreman 17 Jul 19 11:04 bundler
-rw------- 1 foreman foreman 75 Jul 19 11:04 tmp.03odhkcBcP
# ll systemd-private-91dc2d256d974b1d84cca9b2f539ab49-httpd.service-h892gC/tmp/bundler
total 0
drwxr-xr-x 3 foreman foreman 17 Jul 19 11:04 .
drwxrwxrwt 3 root    root    41 Jul 19 13:04 ..
drwxrwxrwx 3 foreman foreman 20 Jul 19 11:04 home <---

Environment

  • Red Hat Satellite 6
  • Foreman-maintain

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content