How to create files inside a systemd unit's private tmp dir?

Question

For one service I need a couple directories available inside /tmp. But I also want to use systemd's PrivateTmp=yes. Is there something like AssertPathExists=/tmp/x that also creates the path?

edit: some more clarity

systemd's privateTmp creates a blank /tmp every time the process starts.

Some processes need directories that can be in /tmp but the configuration should point to existing ones, and the process will not create them to avoid assuming (wrongly) ownership/permissions/etc.

for example, you might have a httpd server which the config file requires you to point to a 'session storage dir', which you may want to place in /tmp. But if your configuration says /tmp/httpd-session then startup will fail, because /tmp was just created empty before the process starts.

Answer 1

my current solution

[service]
...
ExecStartPre=/usr/bin/install -g daemonuser -m 0770 -d /tmp/a /tmp/b

edit: explaining the above:

this is a part of my systemd unit file.

since we want it managed by systemd, so we can use privateTmp and other features, it is setup as a Service, which have it's options defined afther the [service] sub header. you should assume there is also a PrivateTmp=yes somewhere under [Service] as that was a requirement on the question.

Now, the main part of a service is what process should be managed (i.e. started and monitored by systemd). That is the ExecStartPre line, not shown.

My solution is to use the ExecStartPre which is executed (but not monitored, only for failure i think) before the actual ExecStart.

Here i use ExecStartPre to call install to place all the directories i want, with the correct ownership and permissions, inside the newly created /tmp

The syntax for installs used above will create directories (as forced by the -d option) named: /tmp/a and /tmp/b. Owned by daemonuser, with permissions 0770.

if you want to get fancier, you can make sure tmpDir is being setup correctly and not being litered by other unit files via namespace sharing by using something like ConditionPathExists=!/tmp/a which will cause systemd to fail even before the ExecStartPre if the directory already exist for some reason.