Access files in system tmp directory, when using PrivateTmp

Solution 1:

Read the manual please:

PrivateTmp=
Takes a boolean argument. If true, sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp or /var/tmp impossible.

So no you can't read from the systemwide /tmp/ directory.

But there is a work-around in that same section of the manual:

... It is possible to run two or more units within the same private /tmp and /var/tmp namespace by using the JoinsNamespaceOf= directive, see systemd.unit(5) for details.

So if your remote deployment agent is also running from a systemd unit you can join them together in a single PrivateTmp shared between them that is still separate from the rest of the system.

If you can't do that: don't store the file in the system /tmp/ and simply have it placed/moved another location...

Solution 2:

You can use nsenter to run a command inside the network namespace.

So for example, if you wanted to see the files inside /tmp for the apache2 service you could do something like this:

pid=$(systemctl show --property=MainPID --value apache2.service)
nsenter -t $pid -m ls /tmp

This will run ls /tmp inside the mount namespace that the apache2 process is running in.

Also, the private tmp directory currently is located at a path like /tmp/systemd-private-*-apache2.service-* where the * are some kind of id. Although you probably shouldn't rely on a specific format or location for that.