Why can't apache access files in /tmp?

[Colin Watson]

On Tue, Oct 30, 2018 at 03:00:25PM +0000, Colin Law wrote:
> It should be easy enough to change the systemd startup script, it will
> likely be in /etc/systemd/system.  Make a copy of it with a different name
> and edit that, then disable the usual one and enable yours.

Don't do that; it makes it hard to stay in sync with other changes to
the packaged service file.  Instead, if you're going to take this
approach, make a directory called /etc/systemd/system/apache.service.d,
and create a file in that directory ending in ".conf" (e.g.
no-private-tmp.conf), with contents:

  [Service]
  PrivateTmp=false

(Search for "drop-in" in systemd.unit(5) for an explanation of this
approach.)

However:

> Otherwise put the files somewhere else and have a cron script that cleans
> it occasionally.

... this would be my recommendation, rather than changing PrivateTmp.
In fact, you could just create /etc/tmpfiles.d/apache2-tmp.conf with
contents something like this:

  D /some/path/to/apache2/tmp 1777 root root 30d

... and then the systemd-tmpfiles(8) machinery will take care of it.
See tmpfiles.d(5) for the format of such files.

-- 
Colin Watson                                       [cjwatson at ubuntu.com]