Secure the TMP directory

Enterprise security policies often require mounting the /tmp directory with the no execution (noexec) flag.

By default, Cassandra Java Native Access (JNA) is mapped to /tmp, and JNA requires an executable directory to start.

Policies that mount /tmp with noexec can prevent JNA from starting, which also prevents HCD from starting.

If HCD cannot start for this reason, you must remap JNA to an executable directory. Additionally, the user that runs the HCD service must have full read, write, and execute permissions on this directory.

Identify JVM initialization failure

If HCD fails to start, the JNA startup directory might be unavailable.

  1. To verify this, get the last few lines of the system log:

    tail -5 /var/log/cassandra/system.log

  2. Look for messages about JNA failure. For example:

    ERROR main 2024-07-28 09:57:00,879 CassandraDaemon.java:213 - JNA failing to initialize properly. Use -Dcassandra.boot_without_jna=true to bootstrap even so.
INFO Thread-2 2024-07-28 09:57:00,880 DseDaemon.java:418 - HCD shutting down...
INFO Thread-2 2024-07-28 09:57:00,881 PluginManager.java:103 - All plugins are stopped.

Map the JNA tmpdir

  1. Create a directory to use as the new JNA startup directory.

  2. Grant the Cassandra (database) user full read, write, and execute permissions on this directory.

  3. Find your HCD installation’s JVM options files:

    • Package installations: /etc/hcd/cassandra/

    • Tarball installations: INSTALLATION_LOCATION/resources/cassandra/conf/

      Replace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.

    There are three files that control Java Virtual Machine options:

    • jvm-server.options: Options independent of any particular JVM

    • jvm8-server.options: Options particular to JVM 8

    • jvm11-server.options: Options particular to JVM 11

  4. Map the JNA temporary directory:

    In the jvm-server.options file, add the -Djna.tmpdir flag with the absolute path to the new directory:

    jvm-server.options
    -Djna.tmpdir=JNA_STARTUP_DIRECTORY_PATH

    Alternatively, you can set this option in cassandra-env.sh:

    cassandra-env.sh
    JVM_OPTS="$JVM_OPTS -Djna.tmpdir=JNA_STARTUP_DIRECTORY_PATH"

  5. Restart HCD.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2026 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM