Last active October 21, 2020 17:11
Fix ignored mode of tmpfs mount on /tmp

A readonly raspberry pi with /tmp mounted in fstab as mode=1777 had mode 0755 after boot. This caused several programs such as dhcpcd not to work correctly.

The same issue is also desribed in and

contents of /etc/fstab:

proc            /proc           proc    defaults              0 0
/dev/mmcblk0p1  /boot           vfat    ro,defaults           0 2
#noatime important, so time is not from future at boot with old clock time...
/dev/mmcblk0p2  /               ext4    ro,defaults,noatime   0 1
tmpfs           /var/log        tmpfs   nodev,nosuid          0 0
tmpfs           /tmp            tmpfs   nodev,nosuid,mode=1755          0 0

debian/raspbian version (raspbian jessie lite 2016-09-23):

uname -a
Linux raspberrypi 4.4.26-v7+ #915 SMP Thu Oct 20 17:08:44 BST 2016 armv7l GNU/Linux

lsb_release  -a
No LSB modules are available.
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 8.0 (jessie)
Release:	8.0
Codename:	jessie


Create the file /etc/systemd/system/tmpmode.service

Description=Set tmp mode and report it
DefaultDependencies=no dhcpcd5.service

# will be marked as active, even when command finished
ExecStart=/bin/bash -c 'echo "old tmp mode"; ls -alh / | grep tmp; chmod 1777 /tmp; echo "new tmp mode"; ls -alh / | grep tmp'


and run

sudo systemctl daemon-reload
sudo systemctl enable tmpmode.service
sudo reboot

check output and see if it was working after reboot

sudo sytemctl status tmpmode.service

Find the issue

As systemd provides many capabilities, the suspicion was that a systemd service changes the permissions after boot. (Similar to

So to find all sytemd services in contact with tmp, a grep was used:

grep "tmp"  -R /usr/lib/systemd/*
# no output
grep "tmp"  -R /lib/systemd/*
# many lines of interesting output

The interesting files now were:

$ cat /lib/systemd/systemd-logind-launch

if ! mountpoint -q /sys/fs/cgroup; then
    mount -t tmpfs -o uid=0,gid=0,mode=0755,size=1024 none /sys/fs/cgroup
if ! mountpoint -q /sys/fs/cgroup/systemd; then
    mkdir -p /sys/fs/cgroup/systemd
    mount -t cgroup -o nosuid,noexec,nodev,none,name=systemd systemd /sys/fs/cgroup/systemd
mkdir -p /run/systemd

# necessary for unprivileged LXC containers
ulimit -S -n 16384 || true
ulimit -H -n 16384 || true

exec /lib/systemd/systemd-logind

but it only mounted another thing.

Going on to

cat ..

Checking output logs of sytemd:

$ sudo journalctl
# then type "/tmp" and hit enter
# use n and p to find next and previous hit
Nov 09 14:30:03 raspberrypi systemd[1]: Mounting /tmp...
Nov 09 14:30:03 raspberrypi systemd[1]: tmp.mount: Directory /tmp to mount over is not empty, mou
Nov 09 14:30:03 raspberrypi systemd[1]: Mounting /var/log...
Nov 09 14:30:03 raspberrypi systemd[1]: var-log.mount: Directory /var/log to mount over is not em
Nov 09 14:30:03 raspberrypi systemd[1]: Mounting /boot...
Nov 09 14:30:03 raspberrypi echo[211]: >/tmp/random-seed
Nov 09 14:30:03 raspberrypi systemd[1]: Mounted /var/log.
Nov 09 14:30:03 raspberrypi systemd[1]: Mounted /tmp.
Nov 09 14:30:03 raspberrypi systemd[1]: Mounted /boot.

so /tmp is mounted

$ sudo systemctl status tmp.mount -l
● tmp.mount - /tmp
   Loaded: loaded (/etc/fstab; disabled)
   Active: active (mounted) since Wed 2016-11-09 14:30:03 UTC; 1h 3min ago
    Where: /tmp
     What: tmpfs
     Docs: man:fstab(5)
    Process: 212 ExecMount=/bin/mount -n tmpfs /tmp -t tmpfs -o nodev,nosuid,mode=1777 (code=exited, status=0/SUCCESS)

Nov 09 15:35:01 raspberrypi systemd[1]: Mounting /tmp...
Nov 09 15:35:01 raspberrypi systemd[1]: tmp.mount: Directory /tmp to mount over is not empty, mounting anyway.
Nov 09 15:35:01 raspberrypi systemd[1]: Mounted /tmp.

Seems good...

So now the idea was to use the audit package to record permission changes (, but the kernel of raspberry had the audit disabled (raspberrypi/linux#1352). I did not want to recompile it.

So what is changing the ownership of the folder?

I did not find a root reason, just created a script to change the ownership back

start it before the failing dhcpcd /etc/systemd/system/dhcpcd5:

Stilmant commented Jun 2, 2017

Thanks for your comments that helped me for same issue.
Just maybe a question about /run/ Why moving it to /var/run/ since

ls -la /var/run
lrwxrwxrwx 1 root root 4 Apr 10 09:10 /var/run -> /run

/var/run is a symbolic link to /run by default on Jessie?

Thanks @rondie for that hint! Solved my problem with lost crontabs on my ro RPi!

