I recently noticed that /tmp/portage has been added to /usr/lib/tmpfiles.d/portage-tmpdir.conf which in my opinion doesn't make sense. It is not used by portage by default, and anyone who wishes to defer from defaults should take their own responsibility to make sure it works well and securely. I recently updated to portage 3.0.41 which shows this behavior, i have not noticed it before but i'm not sure which version started this behavior. Related forum discussion: https://forums.gentoo.org/viewtopic-t-1160919.html Reproducible: Always Steps to Reproduce: 1. ls -l /tmp 2. See /tmp/protage exists with owner and group "portage" 3. cat /usr/lib/tmpfiles.d/portage-tmpdir.conf 4. See /tmp/portage listed Actual Results: Directory is created at boot. Expected Results: Directories not used by the default configuration should not be created by supplied configuration files. Seems like a misconfiguration in /usr/lib/tmpfiles.d/portage-tmpdir.conf
It is very common for users to set PORTAGE_TMPDIR="/tmp". The extra directory in /tmp wont hurt you.
Thanks for the link to bug 853283. I understand the directory won't hurt me :-). I do think it's existence is a sign tmpfiles is not the right tool for the job. Quote from my forum post: I think the main problem is that tmpfiles is not the right tool for the job: Job at hand: Create a directory with given name and permissions where the location is stored in a variable. What tmpfiles can do: Create a directory with a given name and permissions at a fixed location.
I don't care that it is not a perfect solution. It's good enough for 99.9% of users, with no significant downside.
If you would like to submit a patch to make Portage handle PORTAGE_TMPDIR in a secure manner, we can reconsider dropping the tmpfiles snippet after said patch is merged. Until then, this stays as WONTFIX.
Created attachment 849181 [details, diff] Patch to split portage-tmpdir.conf Sure, will take some while as i have to familiarize myself with the portage code (and potentially systemd's tmpfiles implementation since that seems to be considered secure). As a quick fix proposal I made a small patch the for the ebuild (since portage-tmpdir.conf is supplied with the ebuild) to split the tmpfiles entries into two files so users can INSTALL_MASK the one they don't need without affecting the other.
(In reply to pa4wdh from comment #5) INSTALL_MASK is the wrong approach. I would suggest copying the file to /etc/tmpfiles.d/portage-tmpdir.conf and removing the line you do not want.
Thanks for the suggestion for using /etc/tmpfiles.d/portage-tmpdir.conf, that works. I keep forgetting that silly systemd way of working :-)