diff --git a/core/includes/file.inc b/core/includes/file.inc
index 545fca3..8b4c368 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -9,6 +9,7 @@
 use Drupal\Component\PhpStorage\MTimeProtectedFastFileStorage;
 use Drupal\Component\Utility\String;
 use Drupal\Core\StreamWrapper\PublicStream;
+use Drupal\Core\StreamWrapper\PrivateStream;
 
 /**
  * Stream wrapper bit flags that are the basis for composite types.
@@ -555,7 +556,7 @@ function file_prepare_directory(&$directory, $options = FILE_MODIFY_PERMISSIONS,
  */
 function file_ensure_htaccess() {
   file_save_htaccess('public://', FALSE);
-  $private_path = \Drupal::config('system.file')->get('path.private');
+  $private_path = PrivateStream::basePath();
   if (!empty($private_path)) {
     file_save_htaccess('private://', TRUE);
   }
diff --git a/core/lib/Drupal/Core/StreamWrapper/PrivateStream.php b/core/lib/Drupal/Core/StreamWrapper/PrivateStream.php
index 39b3f28..c53a35b 100644
--- a/core/lib/Drupal/Core/StreamWrapper/PrivateStream.php
+++ b/core/lib/Drupal/Core/StreamWrapper/PrivateStream.php
@@ -16,20 +16,37 @@
 class PrivateStream extends LocalStream {
 
   /**
-   * Implements Drupal\Core\StreamWrapper\LocalStream::getDirectoryPath()
+   * {@inheritdoc}
    */
   public function getDirectoryPath() {
-    return \Drupal::config('system.file')->get('path.private');
+    return static::basePath();
   }
 
   /**
-   * Implements Drupal\Core\StreamWrapper\StreamWrapperInterface::getExternalUrl().
-   *
-   * @return string
-   *   Returns the HTML URI of a private file.
+   * {@inheritdoc}
    */
-  function getExternalUrl() {
+  public function getExternalUrl() {
     $path = str_replace('\\', '/', $this->getTarget());
     return url('system/files/' . $path, array('absolute' => TRUE));
   }
+
+  /**
+   * Returns the base path for private://.
+   *
+   * @return string
+   *   The base path for private://, defaults to ''.
+   */
+  public static function basePath() {
+    $base_path = settings()->get('file_private_path', '');
+    if ($test_prefix = drupal_valid_test_ua()) {
+      // Append the testing suffix unless already given.
+      // @see Drupal\simpletest\WebTestBase::setUp()
+      if (strpos($base_path, '/simpletest/' . substr($test_prefix, 10)) .'/private' === FALSE) {
+        return $base_path . '/simpletest/' . substr($test_prefix, 10) .'/private';
+      }
+    }
+
+    return $base_path;
+  }
+
 }
diff --git a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
index 560afb1..241c7ed 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
@@ -158,6 +158,15 @@
   protected $public_files_directory;
 
   /**
+   * The private file directory for the test environment.
+   *
+   * This is set in TestBase::prepareEnvironment().
+   *
+   * @var string
+   */
+  protected $private_files_directory;
+
+  /**
    * Whether to die in case any test assertion fails.
    *
    * @var boolean
diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
index 265012e..e4c7645 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
@@ -766,7 +766,6 @@ protected function setUp() {
     $batch = array();
     $variable_groups = array(
       'system.file' => array(
-        'path.private' =>  $this->private_files_directory,
         'path.temporary' =>  $this->temp_files_directory,
       ),
       'locale.settings' =>  array(
@@ -779,6 +778,7 @@ protected function setUp() {
       }
     }
     $this->settingsSet('file_public_path', $this->public_files_directory);
+    $this->settingsSet('file_private_path', $this->private_files_directory);
     // Execute the non-interactive installer.
     require_once DRUPAL_ROOT . '/core/includes/install.core.inc';
     $this->settingsSet('cache', array('default' => 'cache.backend.memory'));
diff --git a/core/modules/system/config/system.file.yml b/core/modules/system/config/system.file.yml
index b5be48c..396e78b 100644
--- a/core/modules/system/config/system.file.yml
+++ b/core/modules/system/config/system.file.yml
@@ -5,5 +5,4 @@ chmod:
   file: '0664'
 default_scheme: 'public'
 path:
-  private: ''
   temporary: ''
diff --git a/core/modules/system/lib/Drupal/system/Form/FileSystemForm.php b/core/modules/system/lib/Drupal/system/Form/FileSystemForm.php
index 2d51684..3c5e216 100644
--- a/core/modules/system/lib/Drupal/system/Form/FileSystemForm.php
+++ b/core/modules/system/lib/Drupal/system/Form/FileSystemForm.php
@@ -8,6 +8,7 @@
 namespace Drupal\system\Form;
 
 use Drupal\Core\StreamWrapper\PublicStream;
+use Drupal\Core\StreamWrapper\PrivateStream;
 use Drupal\Core\Form\ConfigFormBase;
 
 /**
@@ -36,12 +37,11 @@ public function buildForm(array $form, array &$form_state) {
     );
 
     $form['file_private_path'] = array(
-      '#type' => 'textfield',
+      '#type' => 'item',
       '#title' => t('Private file system path'),
-      '#default_value' => $config->get('path.private'),
-      '#maxlength' => 255,
+      '#default_value' => PrivateStream::basePath(),
+      '#markup' => (PrivateStream::basePath() ? PrivateStream::basePath() : t('Not set')),
       '#description' => t('An existing local file system path for storing private files. It should be writable by Drupal and not accessible over the web. See the online handbook for <a href="@handbook">more information about securing private files</a>.', array('@handbook' => 'http://drupal.org/documentation/modules/file')),
-      '#after_build' => array('system_check_directory'),
     );
 
     $form['file_temporary_path'] = array(
@@ -76,7 +76,6 @@ public function buildForm(array $form, array &$form_state) {
    */
   public function submitForm(array &$form, array &$form_state) {
     $config = $this->configFactory->get('system.file')
-      ->set('path.private', $form_state['values']['file_private_path'])
       ->set('path.temporary', $form_state['values']['file_temporary_path']);
 
     if (isset($form_state['values']['file_default_scheme'])) {
diff --git a/core/modules/system/lib/Drupal/system/Tests/File/ConfigTest.php b/core/modules/system/lib/Drupal/system/Tests/File/ConfigTest.php
index ce48dfd..51634ec 100644
--- a/core/modules/system/lib/Drupal/system/Tests/File/ConfigTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/File/ConfigTest.php
@@ -37,7 +37,6 @@ function testFileConfigurationPage() {
     // upon form submission.
     $file_path = $this->public_files_directory;
     $fields = array(
-      'file_private_path' => $file_path . '/file_config_page_test/private',
       'file_temporary_path' => $file_path . '/file_config_page_test/temporary',
       'file_default_scheme' => 'private',
     );
diff --git a/core/modules/system/system.install b/core/modules/system/system.install
index 4fd03af..110c414 100644
--- a/core/modules/system/system.install
+++ b/core/modules/system/system.install
@@ -8,6 +8,7 @@
 use Drupal\Component\Utility\Crypt;
 use Drupal\Core\Database\Database;
 use Drupal\Core\Language\Language;
+use Drupal\Core\StreamWrapper\PrivateStream;
 use Drupal\Core\StreamWrapper\PublicStream;
 
 /**
@@ -312,7 +313,7 @@ function system_requirements($phase) {
       PublicStream::basePath(),
       // By default no private files directory is configured. For private files
       // to be secure the admin needs to provide a path outside the webroot.
-      $filesystem_config->get('path.private'),
+      PrivateStream::basePath(),
       file_directory_temp(),
     );
   }
@@ -331,8 +332,8 @@ function system_requirements($phase) {
       // conf_path() cache must also be reset in this case.
       $directories[] = conf_path(FALSE, TRUE) . '/files';
     }
-    if (!empty($conf['system.file']['path.private'])) {
-      $directories[] = $conf['system.file']['path.private'];
+    if ($file_private_path = settings()->get('file_private_path')) {
+      $directories[] = $file_private_path;
     }
     if (!empty($conf['system.file']['path.temporary'])) {
       $directories[] = $conf['system.file']['path.temporary'];
@@ -2284,6 +2285,15 @@ function system_update_8060() {
 }
 
 /**
+ * Move the file_public_path variable to settings.
+ */
+function system_upgrade_8061() {
+  if ($path = update_variable_get('file_private_path')) {
+    drupal_rewrite_settings(array('settings' => array('file_private_path' => $path)));
+  }
+}
+
+/**
  * @} End of "defgroup updates-7.x-to-8.x".
  * The next series of updates should start at 9000.
  */
diff --git a/core/modules/system/system.module b/core/modules/system/system.module
index 1afa5e2..99b593f 100644
--- a/core/modules/system/system.module
+++ b/core/modules/system/system.module
@@ -1885,7 +1885,7 @@ function system_stream_wrappers() {
   );
 
   // Only register the private file stream wrapper if a file path has been set.
-  if (\Drupal::config('system.file')->get('path.private')) {
+  if (settings()->get('file_private_path')) {
     $wrappers['private'] = array(
       'name' => t('Private files'),
       'class' => 'Drupal\Core\StreamWrapper\PrivateStream',
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 5a46b12..b837bd5 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -459,6 +459,19 @@
 # $settings['file_public_path'] = 'sites/default/files';
 
 /**
+ * Private file path:
+ *
+ * A local file system path where private files will be stored. This directory
+ * must exist and be writable by Drupal. This directory must be absolute and
+ * outside of the the Drupal installation directory and not accessible over the
+ * web.
+ *
+ * See http://drupal.org/documentation/modules/file for more information about
+ * securing private files.
+ */
+# $settings['file_private_path'] = '';
+
+/**
  * Session write interval:
  *
  * Set the minimum interval between each session write to database.