[GH-ISSUE #1017] Allow custom tmp path for Linux agent #2567

New issue

Closed

opened 2026-03-14 04:37:31 +03:00 by kerem · 3 comments

kerem commented 2026-03-14 04:37:31 +03:00

Owner

Copy link

Originally created by @georgebarnick on GitHub (Mar 22, 2022).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1017

This may be an edge case but in situations where /tmp/ has locked down permissions or special handling on the system, Tactical RMM has trouble installing and executing scripts.

I've been able to verify this in one particular case, which is on CentOS 7 servers running a clean install of cPanel/WHM. From my understanding, cPanel locks the /tmp/ filesystem down using a script they call securetmp. Beyond that I haven't looked very much into this case and not entirely sure on to what extent it's locked down, but from what I can tell, execution is prevented entirely in that filesystem, even as root.

What I was able to confirm however is that during the install using the Linux installation script, it can't execute ./meshagent inside of its tmp directory it downloads to. Moving ./meshagent somewhere else (such as /home/) works and installs fine however. Once the agent is installed, if you try to execute a script, it gets Permission Denied inside of /tmp/trmmXXXXXXXXXX/. Example below:

Script Output
Last Run: Mar-22-2022 - 15:50
Run Time: 0.0005 seconds
Return Code: -1

Standard Error

fork/exec /tmp/trmm2651145699: permission denied

Since this may be an edge case and could vary depending on what types of Linux installs might handle /tmp/ differently, I was thinking it could be a good feature request to specify a custom temporary file path for Tactical RMM to use during the install process, rather than it being forced to use /tmp/.

Originally created by @georgebarnick on GitHub (Mar 22, 2022). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1017 This may be an edge case but in situations where /tmp/ has locked down permissions or special handling on the system, Tactical RMM has trouble installing and executing scripts. I've been able to verify this in one particular case, which is on CentOS 7 servers running a clean install of cPanel/WHM. From my understanding, cPanel locks the /tmp/ filesystem down using a script they call [securetmp](https://docs.cpanel.net/whm/scripts/the-securetmp-script/). Beyond that I haven't looked very much into this case and not entirely sure on to what extent it's locked down, but from what I can tell, execution is prevented entirely in that filesystem, even as root. What I was able to confirm however is that during the install using the Linux installation script, it can't execute ./meshagent inside of its tmp directory it downloads to. Moving ./meshagent somewhere else (such as /home/) works and installs fine however. Once the agent is installed, if you try to execute a script, it gets Permission Denied inside of /tmp/trmmXXXXXXXXXX/. Example below: ``` Script Output Last Run: Mar-22-2022 - 15:50 Run Time: 0.0005 seconds Return Code: -1 Standard Error fork/exec /tmp/trmm2651145699: permission denied ``` Since this may be an edge case and could vary depending on what types of Linux installs might handle /tmp/ differently, I was thinking it could be a good feature request to specify a custom temporary file path for Tactical RMM to use during the install process, rather than it being forced to use /tmp/.

kerem closed this issue 2026-03-14 04:37:36 +03:00

kerem commented 2026-03-14 04:37:42 +03:00

Author

Owner

Copy link

@bbrendon commented on GitHub (Mar 22, 2022):

From a cpanel machine I have access to, I think this might be what the issue is. noexec.

/dev/mapper/centos-tmp on /tmp type ext4 (rw,nosuid,noexec,relatime,seclabel,data=ordered)

It might be possible to remove noexec, install, then re-add it. I'm not sure what the best practice is here.

<!-- gh-comment-id:1075623390 --> @bbrendon commented on GitHub (Mar 22, 2022): From a cpanel machine I have access to, I think this might be what the issue is. `noexec`. ``` /dev/mapper/centos-tmp on /tmp type ext4 (rw,nosuid,noexec,relatime,seclabel,data=ordered) ``` It might be possible to remove noexec, install, then re-add it. I'm not sure what the best practice is here.

kerem commented 2026-03-14 04:37:47 +03:00

Author

Owner

Copy link

@wh1te909 commented on GitHub (Mar 24, 2022):

I've pushed a fix to fallback to the current directory if creating it in the tmp dir fails

<!-- gh-comment-id:1076987790 --> @wh1te909 commented on GitHub (Mar 24, 2022): I've pushed a fix to fallback to the current directory if creating it in the tmp dir fails

kerem commented 2026-03-14 04:37:52 +03:00

Author

Owner

Copy link

@wh1te909 commented on GitHub (Mar 25, 2022):

fixed in release 0.12.1 please check release notes. you'll need to manually update the agent if already installed since /tmp was used for agent update as well

<!-- gh-comment-id:1078572246 --> @wh1te909 commented on GitHub (Mar 25, 2022): fixed in release 0.12.1 please check release notes. you'll need to manually update the agent if already installed since /tmp was used for agent update as well

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#2567

No description provided.