Use private directory for temporary files

This change ensures that the temporary directory used for java.io.tmpdir
is a private temporary directory. To achieve this we use mktemp on macOS
and Linux to give us a private temporary directory and the value of the
environment variable TMP on Windows. For this to work with our
packaging, we add java.io.tmpdir=${ES_TMPDIR} to our packaged
jvm.options, we set ES_TMPDIR respectively in our startup scripts, and
resolve the value of the template ${ES_TMPDIR} at startup.

Relates #27609

distribution/src/main/resources/bin/elasticsearch

@@ -24,7 +24,8 @@ parse_jvm_options() {
 
 ES_JVM_OPTIONS="$ES_PATH_CONF"/jvm.options
 
-ES_JAVA_OPTS="`parse_jvm_options "$ES_JVM_OPTIONS"` $ES_JAVA_OPTS"
+JVM_OPTIONS=`parse_jvm_options "$ES_JVM_OPTIONS"`
+ES_JAVA_OPTS="${JVM_OPTIONS//\$\{ES_TMPDIR\}/$ES_TMPDIR} $ES_JAVA_OPTS"
 
 # manual parsing to find out, if process should be detached
 if ! echo $* | grep -E '(^-d |-d$| -d |--daemonize$|--daemonize )' > /dev/null; then

distribution/src/main/resources/bin/elasticsearch-env

@@ -73,3 +73,11 @@ if [ -z "$ES_PATH_CONF" ]; then
   echo "ES_PATH_CONF must be set to the configuration path"
   exit 1
 fi
+
+if [ -z "$ES_TMPDIR" ]; then
+  if [ "`uname`" == "Darwin" ]; then
+    ES_TMPDIR=`mktemp -d -t elasticsearch`
+  else
+    ES_TMPDIR=`mktemp -d -t elasticsearch.XXXXXXXX`
+  fi
+fi

distribution/src/main/resources/config/jvm.options

@@ -72,6 +72,8 @@
 -Dlog4j.shutdownHookEnabled=false
 -Dlog4j2.disable.jmx=true
 
+-Djava.io.tmpdir=${ES_TMPDIR}
+
 ## heap dumps
 
 # generate a heap dump when an allocation from the Java heap fails