Securing the TMP Directory

Enterprise security policies often require mounting the /tmp directory with the no execution (noexec) flag. By default, Cassandra Java Native Access (JNA) is mapped to /tmp; JNA requires an executable directory to start. Remap JNA to a different (executable) directory and change permissions to allow full access to the user that runs the DSE service.

There are three files that control Java Virtual Machine options:

  • jvm-server.options: options independent of any particular JVM

  • jvm8-server.options: options particular to JVM 8

  • jvm11-server.options: options particular to JVM 11

JVM Options Files


Location dependent on the type of installation

jvm[8 | 11] -server.options

Package installations: /etc/dse/cassandra/jvm [8 | 11] -server.options

Tarball installations: <installation_location>/resources/cassandra/conf/jvm [8 | 11] -server.options


  1. Create a directory and grant full access to the Cassandra user.

  2. Map the JNA temporary directory; in jvm-server.options file, add the following flag with the path to the new directory:

  3. Restart DataStax Enterprise.

    If DataStax Enterprise fails to start because the JNA startup directory is not available, the following error may appear in the system log:

    tail -3 /var/log/cassandra/system.log

    The error is similar to:

    ERROR main 2015-12-18 09:57:00,879 - JNA failing to initialize properly. Use -Dcassandra.boot_without_jna=true to bootstrap even so.
    INFO Thread-2 2015-12-18 09:57:00,880 - DSE shutting down...
    INFO Thread-2 2015-12-18 09:57:00,881 - All plugins are stopped.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000,