Sep 9 2010
Directories under /tmp/.private can’t be deleted?
There’s an irksome problem which I’ve encountered on a few Linux boxen recently, whereby directories under /tmp/.private, such as /tmp/.private/root, simply cannot be deleted – even as root, nothing seems to be able to shift them!
This may only be an issue on installations which make use of the PAM ‘mktemp‘ module…
However, it turns out the for some reason the ‘append-only’ extended attribute is being set on the ‘/tmp/.private‘ directory itself. This has the effect of allowing new files and directories to be created, but not subsequently removed – and it almost entirely non-obvious if you don’t know what you’re looking for 🙁
This diagnosis can be confirmed and fixed as follows:
# rm -r /tmp/.private/root rm: cannot remove `/tmp/.private/root': Operation not permitted # lsattr -d /tmp/.private -----a--------- /tmp/.private # chattr -a /tmp/.private # lsattr -d /tmp/.private --------------- /tmp/.private # rm -r /tmp/.private/root ; echo $? 0
… following which any directories within can finally be removed!
Ryan
1st September 2012 @ 4:34 am
It’s probably your init daemon (systemd?) trying to stop potential snooping on sensitive tmp files.
Stuart
10th September 2012 @ 6:48 pm
systemd is an aberration – I use SysV init with mdev! 😉
This is definitely due to pam_mktemp, which is further documented here: http://blog.flameeyes.eu/2008/03/private-temporary-directories