FortiClient for Linux requires the execution of binary codes within a temporary directory to display the graphical user interface. It is a common security measure across various industries, and a critical compliance requirement, to mount the /tmp directory with the noexec option.

Should the /tmp directory be mounted as noexec, and the user's environment variables are not configured properly, the FortiClient graphical user interface may fail to launch or the process may be interrupted.

Under these circumstances, users may encounter error messages similar to the following, or in some instances, merely a blank screen upon executing the 'forticlient gui' command in the terminal.

ERROR MESSAGE THAT APPEARS ON THE TERMINAL WITH 'FORTICLIENT GUI' COMMAND:

A JavaScript error occurred in the main process
Uncaught Exception:
Error: Cannot open
/opt/forticlient/gui/FortiClient-linux-x64/resources/app.asar/assets/js/keytar.node:
Error: /tmp/.org.chromium.Chromium.ojnWEa: failed to map segment from
shared object
at Object.<anonymous>
(/opt/forticlient/gui/FortiClient-linux-x64/resources/app.asar/assets/js/main.js:29:159022)
at Object.<anonymous>
(/opt/forticlient/gui/FortiClient-linux-x64/resources/app.asar/assets/js/main.js:29:159060)
at n
(/opt/forticlient/gui/FortiClient-linux-x64/resources/app.asar/assets/js/main.js:1:124)
at Object.<anonymous>
(/opt/forticlient/gui/FortiClient-linux-x64/resources/app.asar/assets/js/main.js:15:113896)
at n
(/opt/forticlient/gui/FortiClient-linux-x64/resources/app.asar/assets/js/main.js:1:124)
at Module.<anonymous>

To address this issue, append the following script to the /etc/profile file ("sudo vi /etc/profile"). This script will record its operations in the system logger, which can be examined using the command 'journalctl | grep FTNT'.

To verify that this solution pertains to the specific problem, users should execute 'TMPDIR=$XDG_RUNTIME_DIR forticlient gui' in a terminal. The script's relevance could be confirmed if the GUI launches without any issues.

set proper environment for FortiClient GUI
if [ -d "/tmp" ] && ! mount | grep '/tmp' | grep -q 'noexec'; then
logger "#FTNT 1 /tmp is available and not mounted as noexec. No need to set TMPDIR."
else
# If /tmp is not available or is mounted as noexec
if [ -n "$XDG_RUNTIME_DIR" ] && [ -d "$XDG_RUNTIME_DIR" ]; then
# If XDG_RUNTIME_DIR is defined, set TMPDIR to it
export TMPDIR=$XDG_RUNTIME_DIR
logger "FTNT 2 TMPDIR is set to XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"
else
# If XDG_RUNTIME_DIR is not defined, set TMPDIR to a new directory in HOME
mkdir -p "$HOME/mytmp"
export TMPDIR="$HOME/mytmp"
logger "FTNT 3 TMPDIR is set to $HOME/mytmp"
fi
fi

The script will be available to all current and new local system users. The changes can be applied by either rebooting the system (accessing a login shell) or executing the 'source /etc/profile' command in a bash terminal (in case of an interactive shell).

To verify the environment variables and their values, use the 'printenv' command, or 'echo $TMPDIR', or 'echo $XDG_RUNTIME_DIR'.

The following Linux commands can help users with a better understanding of their mount points and options:

lsblk

findmnt

mount

df -Th

In case there is a /tmp mounted but it is not set inside the /etc/fstab, then it is most probably managed by systemd. More information available on systemd official wiki can be found here:

systemd.mount (www.freedesktop.org)

file-hierarchy (www.freedesktop.org)