Automatically clean /tmp or /var/tmp files that are in protected PrivateTmp directories in CentOS / RHEL 7

With CentOS/RHEL 6 there was a function called tmpwatch that was launched /etc/cron.daily/tmpwach This process has changed in CentOS/RHEL 7. There is a system target that runs daily: system-tempfiles-clean.timer. Although tmpwatch does a pretty good job in cleaning out the /tmp or /var/tmp files, it does not by default clean out the /tmp/systemd-private directories as these are secure.  There are a couple of ways to handle these “private” directories.  Here, will focus on one.


Check which services have PrivateTmp set to true.

grep -R PrivateTmp /etc/systemd/

Select the appropriate service and change the value from “true” to “false”, reload the daemon, and restart the service.