PAM_tmpdir[1381]: /tmp/user/1000 owned by uid 0 instead of uid 1000. Failed to create safe $TMPDIR - should I be concerned?

Confused1 · August 13, 2025, 11:22pm

In 4,2.4 Qubes sys-whonix terminal based on whonix-gateway-17 0:4.2.0-202505140948 template (with torproject repo enabled thus Tor 0.4.8.17)

[gateway user ~]% systemcheck -v --cli

[includes]

[WARNING] [systemcheck] systemd journal check Result:
… host PAM_tmpdir[1381]: /tmp/user/1000 owned by uid 0 instead of uid 1000. Failed to create safe $TMPDIR

Apologies for my ignorance but is this something to be concerned about? Should I simply go back to whonix-gateway-17 0:4.2.0-202505140948 template without torproject repo?

Thanks for any insights, links, suggestions…

Patrick · August 14, 2025, 6:03am

Certainly not ideal but also it’s not an indicator of compromise.

(Valid Compromise Indicators versus Invalid Compromise Indicators)

Background of this feature:
libpam-tmpdir

Did you manually use folder /tmp or so?

How to reproduce this issue? Does it happen with a new template? Otherwise what are the steps required to end up having the same issue?

This could be some program or script using a bad way to create temporarily files.

marmarek · August 22, 2025, 1:41am

Similar issue reported also at Some recent change breaks starting Whonix Workstation on Qubes - privleap suspected - #13 by marmarek , but not much more details there.