[thirdparty/systemd.git] / man / systemd-tmpfiles.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="systemd-tmpfiles"
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-tmpfiles</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-tmpfiles</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-tmpfiles</refname>
    <refname>systemd-tmpfiles-setup.service</refname>
    <refname>systemd-tmpfiles-setup-dev-early.service</refname>
    <refname>systemd-tmpfiles-setup-dev.service</refname>
    <refname>systemd-tmpfiles-clean.service</refname>
    <refname>systemd-tmpfiles-clean.timer</refname>
    <refpurpose>Creates, deletes and cleans up volatile
    and temporary files and directories</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-tmpfiles</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="repeat"><replaceable>CONFIGFILE</replaceable></arg>
    </cmdsynopsis>

    <para>System units:
<literallayout><filename>systemd-tmpfiles-setup.service</filename>
<filename>systemd-tmpfiles-setup-dev-early.service</filename>
<filename>systemd-tmpfiles-setup-dev.service</filename>
<filename>systemd-tmpfiles-clean.service</filename>
<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>

    <para>User units:
<literallayout><filename>systemd-tmpfiles-setup.service</filename>
<filename>systemd-tmpfiles-clean.service</filename>
<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
    and directories, using the configuration file format and location specified in
    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
    be invoked with one or more options <option>--create</option>, <option>--remove</option>, and
    <option>--clean</option>, to select the respective subset of operations.</para>

    <para>By default, directives from all configuration files are applied. When invoked with
    <option>--replace=<replaceable>PATH</replaceable></option>, arguments specified on the command line are
    used instead of the configuration file <replaceable>PATH</replaceable>. Otherwise, if one or more
    absolute filenames are passed on the command line, only the directives in these files are applied. If
    <literal>-</literal> is specified instead of a filename, directives are read from standard input. If only
    the basename of a configuration file is specified, all configuration directories as specified in
    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> are
    searched for a matching file and the file found that has the highest priority is executed.</para>

    <para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
    <filename>systemd-tmpfiles-setup-dev-early.service</filename>,
    <filename>systemd-tmpfiles-setup-dev.service</filename>,
    <filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
    system files and to perform system wide cleanup. Those services read administrator-controlled
    configuration files in <filename>tmpfiles.d/</filename> directories. User services
    (<filename>systemd-tmpfiles-setup.service</filename>,
    <filename>systemd-tmpfiles-clean.service</filename>) also invoke <command>systemd-tmpfiles</command>, but
    it reads a separate set of files, which includes user-controlled files under
    <filename>~/.config/user-tmpfiles.d/</filename> and <filename>~/.local/share/user-tmpfiles.d/</filename>,
    and administrator-controlled files under <filename>/usr/share/user-tmpfiles.d/</filename>. Users may use
    this to create and clean up files under their control, but the system instance performs global cleanup
    and is not influenced by user configuration. Note that this means a time-based cleanup configured in the
    system instance, such as the one typically configured for <filename>/tmp/</filename>, will thus also
    affect files created by the user instance if they are placed in <filename>/tmp/</filename>, even if the
    user instance's time-based cleanup is turned off.</para>

    <para>To re-apply settings after configuration has been modified, simply restart
    <filename>systemd-tmpfiles-clean.service</filename>, which will apply any settings which can be safely
    executed at runtime. To debug <command>systemd-tmpfiles</command>, it may be useful to invoke it
    directly from the command line with increased log level (see <varname>$SYSTEMD_LOG_LEVEL</varname>
    below).</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <para>The following options are understood:</para>

    <variablelist>
      <varlistentry>
        <term><option>--create</option></term>
        <listitem><para>If this option is passed, all files and
        directories marked with
        <varname>f</varname>,
        <varname>F</varname>,
        <varname>w</varname>,
        <varname>d</varname>,
        <varname>D</varname>,
        <varname>v</varname>,
        <varname>p</varname>,
        <varname>L</varname>,
        <varname>c</varname>,
        <varname>b</varname>,
        <varname>m</varname>
        in the configuration files are created or written to. Files
        and directories marked with
        <varname>z</varname>,
        <varname>Z</varname>,
        <varname>t</varname>,
        <varname>T</varname>,
        <varname>a</varname>, and
        <varname>A</varname> have their ownership, access mode and
        security labels set.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--clean</option></term>
        <listitem><para>If this option is passed, all files and
        directories with an age parameter configured will be cleaned
        up.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--remove</option></term>
        <listitem><para>If this option is passed, the contents of
        directories marked with <varname>D</varname> or
        <varname>R</varname>, and files or directories themselves
        marked with <varname>r</varname> or <varname>R</varname> are
        removed unless an exclusive or shared BSD lock is taken on them (see <citerefentry
        project='man-pages'><refentrytitle>flock</refentrytitle><manvolnum>2</manvolnum></citerefentry>).
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--user</option></term>
        <listitem><para>Execute "user" configuration, i.e. <filename>tmpfiles.d</filename>
        files in user configuration directories.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--boot</option></term>
        <listitem><para>Also execute lines with an exclamation mark. Lines that are not safe to be executed
        on a running system may be marked in this way. <command>systemd-tmpfiles</command> is executed in
        early boot with <option>--boot</option> specified and will execute those lines. When invoked again
        later, it should be called without <option>--boot</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--graceful</option></term>
        <listitem><para>Ignore configuration lines pertaining to unknown users or groups. This option is
        intended to be used in early boot before all users or groups have been created.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--prefix=<replaceable>path</replaceable></option></term>
        <listitem><para>Only apply rules with paths that start with
        the specified prefix. This option can be specified multiple
        times.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
        <listitem><para>Ignore rules with paths that start with the
        specified prefix. This option can be specified multiple
        times.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-E</option></term>
        <listitem><para>A shortcut for <literal>--exclude-prefix=/dev --exclude-prefix=/proc
        --exclude-prefix=/run --exclude-prefix=/sys</literal>, i.e. exclude the hierarchies typically backed
        by virtual or memory file systems. This is useful in combination with <option>--root=</option>, if
        the specified directory tree contains an OS tree without these virtual/memory file systems mounted
        in, as it is typically not desirable to create any files and directories below these subdirectories
        if they are supposed to be overmounted during runtime.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--root=<replaceable>root</replaceable></option></term>
        <listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate
        <replaceable>root</replaceable> path, including config search paths.</para>

        <para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users
        and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
        inside the alternate root are read directly. This means that users/groups not listed in these files
        will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para>

        <para>Consider combining this with <option>-E</option> to ensure the invocation does not create files
        or directories below mount points in the OS image operated on that are typically overmounted during
        runtime.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--image=<replaceable>image</replaceable></option></term>

        <listitem><para>Takes a path to a disk image file or block device node. If specified all operations
        are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
        but operates on file systems stored in disk images or block devices. The disk image should either
        contain just a file system or a set of file systems within a GPT partition table, following the
        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
        Specification</ulink>. For further information on supported disk images, see
        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        switch of the same name.</para>

        <para>Implies <option>-E</option>.</para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="image-policy-open" />

      <varlistentry>
        <term><option>--replace=<replaceable>PATH</replaceable></option></term>
        <listitem><para>When this option is given, one or more positional arguments
        must be specified. All configuration files found in the directories listed in
        <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        will be read, and the configuration given on the command line will be
        handled instead of and with the same priority as the configuration file
        <replaceable>PATH</replaceable>.</para>

        <para>This option is intended to be used when package installation scripts
        are running and files belonging to that package are not yet available on
        disk, so their contents must be given on the command line, but the admin
        configuration might already exist and should be given higher priority.
        </para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="cat-config" />
      <xi:include href="standard-options.xml" xpointer="no-pager" />
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>

    <para>It is possible to combine <option>--create</option>, <option>--clean</option>, and <option>--remove</option>
    in one invocation (in which case removal and cleanup are executed before creation of new files). For example,
    during boot the following command line is executed to ensure that all temporary and volatile directories are
    removed and created according to the configuration file:</para>

    <programlisting>systemd-tmpfiles --remove --create</programlisting>
  </refsect1>

  <refsect1>
    <title>Credentials</title>

    <para><command>systemd-tmpfiles</command> supports the service credentials logic as implemented by
    <varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
    (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
    details). The following credentials are used when passed in:</para>

    <variablelist class='system-credentials'>
      <varlistentry>
        <term><varname>tmpfiles.extra</varname></term>

        <listitem><para> The contents of this credential may contain additional lines to operate on. The
        credential contents should follow the same format as any other <filename>tmpfiles.d/</filename>
        drop-in configuration file. If this credential is passed it is processed after all of the drop-in
        files read from the file system. The lines in the credential can hence augment existing lines of the
        OS, but not override them.</para></listitem>
      </varlistentry>
    </variablelist>

    <para>Note that by default the <filename>systemd-tmpfiles-setup.service</filename> unit file (and related
    unit files) is set up to inherit the <literal>tmpfiles.extra</literal> credential from the service
    manager.</para>
  </refsect1>

  <refsect1>
    <title>Environment</title>

    <variablelist class='environment-variables'>
      <xi:include href="common-variables.xml" xpointer="log-level" />
      <xi:include href="common-variables.xml" xpointer="log-color" />
      <xi:include href="common-variables.xml" xpointer="log-time" />
      <xi:include href="common-variables.xml" xpointer="log-location" />
      <xi:include href="common-variables.xml" xpointer="log-target" />
      <xi:include href="common-variables.xml" xpointer="pager" />
      <xi:include href="common-variables.xml" xpointer="less" />
      <xi:include href="common-variables.xml" xpointer="lesscharset" />
      <xi:include href="common-variables.xml" xpointer="lesssecure" />
      <xi:include href="common-variables.xml" xpointer="colors" />
      <xi:include href="common-variables.xml" xpointer="urlify" />
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Unprivileged --cleanup operation</title>

    <para><command>systemd-tmpfiles</command> tries to avoid changing
    the access and modification times on the directories it accesses,
    which requires <constant>CAP_FOWNER</constant> privileges. When
    running as non-root, directories which are checked for files to
    clean up will have their access time bumped, which might prevent
    their cleanup.
    </para>
  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned. If the configuration was syntactically invalid (syntax errors, missing
    arguments, …), so some lines had to be ignored, but no other errors occurred, <constant>65</constant> is
    returned (<constant>EX_DATAERR</constant> from <filename>/usr/include/sysexits.h</filename>). If the
    configuration was syntactically valid, but could not be executed (lack of permissions, creation of files
    in missing directories, invalid contents when writing to <filename>/sys/</filename> values, …),
    <constant>73</constant> is returned (<constant>EX_CANTCREAT</constant> from
    <filename>/usr/include/sysexits.h</filename>). Otherwise, <constant>1</constant> is returned
    (<constant>EXIT_FAILURE</constant> from <filename>/usr/include/stdlib.h</filename>).</para>

    <para>Note: when creating items, if the target already exists, but is of the wrong type or otherwise does
    not match the requested state, and forced operation has not been requested with <literal>+</literal>,
    a message is emitted, but the failure is otherwise ignored.</para>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
522d4a49	1	<?xml version='1.0'?> <!---nxml--->
3a54a157	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
12b42c76	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
db9ecf05	4	<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
522d4a49	5
dfdebb1b	6	<refentry id="systemd-tmpfiles"
798d3a52 ZJS	7	xmlns:xi="http://www.w3.org/2001/XInclude">
	8
	9	<refentryinfo>
	10	<title>systemd-tmpfiles</title>
	11	<productname>systemd</productname>
798d3a52 ZJS	12	</refentryinfo>
	13
	14	<refmeta>
	15	<refentrytitle>systemd-tmpfiles</refentrytitle>
	16	<manvolnum>8</manvolnum>
	17	</refmeta>
	18
	19	<refnamediv>
	20	<refname>systemd-tmpfiles</refname>
	21	<refname>systemd-tmpfiles-setup.service</refname>
bb7f485f	22	<refname>systemd-tmpfiles-setup-dev-early.service</refname>
798d3a52 ZJS	23	<refname>systemd-tmpfiles-setup-dev.service</refname>
	24	<refname>systemd-tmpfiles-clean.service</refname>
	25	<refname>systemd-tmpfiles-clean.timer</refname>
	26	<refpurpose>Creates, deletes and cleans up volatile
	27	and temporary files and directories</refpurpose>
	28	</refnamediv>
	29
	30	<refsynopsisdiv>
	31	<cmdsynopsis>
	32	<command>systemd-tmpfiles</command>
	33	<arg choice="opt" rep="repeat">OPTIONS</arg>
	34	<arg choice="opt" rep="repeat"><replaceable>CONFIGFILE</replaceable></arg>
	35	</cmdsynopsis>
	36
cfdda37c ZJS	37	<para>System units:
cfdda37c ZJS	38	<literallayout><filename>systemd-tmpfiles-setup.service</filename>
bb7f485f	39	<filename>systemd-tmpfiles-setup-dev-early.service</filename>
cfdda37c ZJS	40	<filename>systemd-tmpfiles-setup-dev.service</filename>
	41	<filename>systemd-tmpfiles-clean.service</filename>
	42	<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
	43
	44	<para>User units:
	45	<literallayout><filename>systemd-tmpfiles-setup.service</filename>
	46	<filename>systemd-tmpfiles-clean.service</filename>
	47	<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
798d3a52 ZJS	48	</refsynopsisdiv>
	49
	50	<refsect1>
	51	<title>Description</title>
	52
aa2e348d ZJS	53	<para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
	54	and directories, using the configuration file format and location specified in
	55	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
	56	be invoked with one or more options <option>--create</option>, <option>--remove</option>, and
	57	<option>--clean</option>, to select the respective subset of operations.</para>
798d3a52	58
aa2e348d ZJS	59	<para>By default, directives from all configuration files are applied. When invoked with
	60	<option>--replace=<replaceable>PATH</replaceable></option>, arguments specified on the command line are
	61	used instead of the configuration file <replaceable>PATH</replaceable>. Otherwise, if one or more
	62	absolute filenames are passed on the command line, only the directives in these files are applied. If
	63	<literal>-</literal> is specified instead of a filename, directives are read from standard input. If only
	64	the basename of a configuration file is specified, all configuration directories as specified in
	65	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> are
	66	searched for a matching file and the file found that has the highest priority is executed.</para>
72703632 ZJS	67
72703632 ZJS	68	<para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
bb7f485f	69	<filename>systemd-tmpfiles-setup-dev-early.service</filename>,
72703632 ZJS	70	<filename>systemd-tmpfiles-setup-dev.service</filename>,
	71	<filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
	72	system files and to perform system wide cleanup. Those services read administrator-controlled
	73	configuration files in <filename>tmpfiles.d/</filename> directories. User services
	74	(<filename>systemd-tmpfiles-setup.service</filename>,
	75	<filename>systemd-tmpfiles-clean.service</filename>) also invoke <command>systemd-tmpfiles</command>, but
	76	it reads a separate set of files, which includes user-controlled files under
	77	<filename>~/.config/user-tmpfiles.d/</filename> and <filename>~/.local/share/user-tmpfiles.d/</filename>,
c2892a24	78	and administrator-controlled files under <filename>/usr/share/user-tmpfiles.d/</filename>. Users may use
72703632 ZJS	79	this to create and clean up files under their control, but the system instance performs global cleanup
72703632 ZJS	80	and is not influenced by user configuration. Note that this means a time-based cleanup configured in the
3b121157 ZJS	81	system instance, such as the one typically configured for <filename>/tmp/</filename>, will thus also
3b121157 ZJS	82	affect files created by the user instance if they are placed in <filename>/tmp/</filename>, even if the
72703632	83	user instance's time-based cleanup is turned off.</para>
36f57e02	84
aa2e348d ZJS	85	<para>To re-apply settings after configuration has been modified, simply restart
	86	<filename>systemd-tmpfiles-clean.service</filename>, which will apply any settings which can be safely
	87	executed at runtime. To debug <command>systemd-tmpfiles</command>, it may be useful to invoke it
	88	directly from the command line with increased log level (see <varname>$SYSTEMD_LOG_LEVEL</varname>
	89	below).</para>
798d3a52 ZJS	90	</refsect1>
	91
	92	<refsect1>
	93	<title>Options</title>
	94
	95	<para>The following options are understood:</para>
	96
	97	<variablelist>
	98	<varlistentry>
	99	<term><option>--create</option></term>
	100	<listitem><para>If this option is passed, all files and
	101	directories marked with
	102	<varname>f</varname>,
	103	<varname>F</varname>,
	104	<varname>w</varname>,
	105	<varname>d</varname>,
	106	<varname>D</varname>,
	107	<varname>v</varname>,
	108	<varname>p</varname>,
	109	<varname>L</varname>,
	110	<varname>c</varname>,
	111	<varname>b</varname>,
	112	<varname>m</varname>
	113	in the configuration files are created or written to. Files
	114	and directories marked with
	115	<varname>z</varname>,
	116	<varname>Z</varname>,
	117	<varname>t</varname>,
	118	<varname>T</varname>,
	119	<varname>a</varname>, and
	120	<varname>A</varname> have their ownership, access mode and
f2b5ca0e	121	security labels set.</para></listitem>
798d3a52 ZJS	122	</varlistentry>
	123
	124	<varlistentry>
	125	<term><option>--clean</option></term>
	126	<listitem><para>If this option is passed, all files and
	127	directories with an age parameter configured will be cleaned
	128	up.</para></listitem>
	129	</varlistentry>
	130
	131	<varlistentry>
	132	<term><option>--remove</option></term>
	133	<listitem><para>If this option is passed, the contents of
	134	directories marked with <varname>D</varname> or
	135	<varname>R</varname>, and files or directories themselves
	136	marked with <varname>r</varname> or <varname>R</varname> are
65e179a1 DDM	137	removed unless an exclusive or shared BSD lock is taken on them (see <citerefentry
	138	project='man-pages'><refentrytitle>flock</refentrytitle><manvolnum>2</manvolnum></citerefentry>).
	139	</para></listitem>
798d3a52	140	</varlistentry>
d9daae55	141
f2b5ca0e ZJS	142	<varlistentry>
	143	<term><option>--user</option></term>
	144	<listitem><para>Execute "user" configuration, i.e. <filename>tmpfiles.d</filename>
	145	files in user configuration directories.</para></listitem>
	146	</varlistentry>
	147
798d3a52 ZJS	148	<varlistentry>
798d3a52 ZJS	149	<term><option>--boot</option></term>
a3256ea8 ZJS	150	<listitem><para>Also execute lines with an exclamation mark. Lines that are not safe to be executed
	151	on a running system may be marked in this way. <command>systemd-tmpfiles</command> is executed in
	152	early boot with <option>--boot</option> specified and will execute those lines. When invoked again
	153	later, it should be called without <option>--boot</option>.</para></listitem>
798d3a52	154	</varlistentry>
d9daae55	155
e0ea6af3 ZJS	156	<varlistentry>
	157	<term><option>--graceful</option></term>
	158	<listitem><para>Ignore configuration lines pertaining to unknown users or groups. This option is
	159	intended to be used in early boot before all users or groups have been created.</para></listitem>
	160	</varlistentry>
	161
798d3a52 ZJS	162	<varlistentry>
	163	<term><option>--prefix=<replaceable>path</replaceable></option></term>
	164	<listitem><para>Only apply rules with paths that start with
	165	the specified prefix. This option can be specified multiple
	166	times.</para></listitem>
	167	</varlistentry>
dd04fb32	168
798d3a52 ZJS	169	<varlistentry>
	170	<term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
	171	<listitem><para>Ignore rules with paths that start with the
	172	specified prefix. This option can be specified multiple
	173	times.</para></listitem>
	174	</varlistentry>
3e54b900	175
dd04fb32 LP	176	<varlistentry>
	177	<term><option>-E</option></term>
	178	<listitem><para>A shortcut for <literal>--exclude-prefix=/dev --exclude-prefix=/proc
	179	--exclude-prefix=/run --exclude-prefix=/sys</literal>, i.e. exclude the hierarchies typically backed
	180	by virtual or memory file systems. This is useful in combination with <option>--root=</option>, if
	181	the specified directory tree contains an OS tree without these virtual/memory file systems mounted
	182	in, as it is typically not desirable to create any files and directories below these subdirectories
	183	if they are supposed to be overmounted during runtime.</para></listitem>
	184	</varlistentry>
	185
798d3a52 ZJS	186	<varlistentry>
798d3a52 ZJS	187	<term><option>--root=<replaceable>root</replaceable></option></term>
3e54b900 LP	188	<listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate
	189	<replaceable>root</replaceable> path, including config search paths.</para>
	190
77a3cec0 LP	191	<para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users
	192	and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
	193	inside the alternate root are read directly. This means that users/groups not listed in these files
dd04fb32 LP	194	will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para>
	195
	196	<para>Consider combining this with <option>-E</option> to ensure the invocation does not create files
	197	or directories below mount points in the OS image operated on that are typically overmounted during
	198	runtime.</para></listitem>
798d3a52 ZJS	199	</varlistentry>
798d3a52 ZJS	200
71b1d2de LP	201	<varlistentry>
	202	<term><option>--image=<replaceable>image</replaceable></option></term>
	203
	204	<listitem><para>Takes a path to a disk image file or block device node. If specified all operations
	205	are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
	206	but operates on file systems stored in disk images or block devices. The disk image should either
	207	contain just a file system or a set of file systems within a GPT partition table, following the
db811444	208	<ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
71b1d2de LP	209	Specification</ulink>. For further information on supported disk images, see
	210	<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
	211	switch of the same name.</para>
	212
	213	<para>Implies <option>-E</option>.</para></listitem>
	214	</varlistentry>
	215
9ea81191 LP	216	<xi:include href="standard-options.xml" xpointer="image-policy-open" />
9ea81191 LP	217
a6d8474f ZJS	218	<varlistentry>
a6d8474f ZJS	219	<term><option>--replace=<replaceable>PATH</replaceable></option></term>
ba669952	220	<listitem><para>When this option is given, one or more positional arguments
a6d8474f ZJS	221	must be specified. All configuration files found in the directories listed in
	222	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	223	will be read, and the configuration given on the command line will be
	224	handled instead of and with the same priority as the configuration file
	225	<replaceable>PATH</replaceable>.</para>
	226
	227	<para>This option is intended to be used when package installation scripts
	228	are running and files belonging to that package are not yet available on
	229	disk, so their contents must be given on the command line, but the admin
	230	configuration might already exist and should be given higher priority.
	231	</para></listitem>
	232	</varlistentry>
	233
ceaaeb9b	234	<xi:include href="standard-options.xml" xpointer="cat-config" />
dcd5c891	235	<xi:include href="standard-options.xml" xpointer="no-pager" />
798d3a52 ZJS	236	<xi:include href="standard-options.xml" xpointer="help" />
	237	<xi:include href="standard-options.xml" xpointer="version" />
	238	</variablelist>
	239
bdee3f55	240	<para>It is possible to combine <option>--create</option>, <option>--clean</option>, and <option>--remove</option>
72703632	241	in one invocation (in which case removal and cleanup are executed before creation of new files). For example,
bdee3f55	242	during boot the following command line is executed to ensure that all temporary and volatile directories are
798d3a52 ZJS	243	removed and created according to the configuration file:</para>
	244
	245	<programlisting>systemd-tmpfiles --remove --create</programlisting>
798d3a52 ZJS	246	</refsect1>
798d3a52 ZJS	247
1d77721f LP	248	<refsect1>
	249	<title>Credentials</title>
	250
	251	<para><command>systemd-tmpfiles</command> supports the service credentials logic as implemented by
bbfb25f4 DDM	252	<varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
bbfb25f4 DDM	253	(see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
1d77721f LP	254	details). The following credentials are used when passed in:</para>
1d77721f LP	255
8914f7e8	256	<variablelist class='system-credentials'>
1d77721f	257	<varlistentry>
8914f7e8	258	<term><varname>tmpfiles.extra</varname></term>
1d77721f LP	259
	260	<listitem><para> The contents of this credential may contain additional lines to operate on. The
	261	credential contents should follow the same format as any other <filename>tmpfiles.d/</filename>
	262	drop-in configuration file. If this credential is passed it is processed after all of the drop-in
	263	files read from the file system. The lines in the credential can hence augment existing lines of the
	264	OS, but not override them.</para></listitem>
	265	</varlistentry>
	266	</variablelist>
	267
	268	<para>Note that by default the <filename>systemd-tmpfiles-setup.service</filename> unit file (and related
	269	unit files) is set up to inherit the <literal>tmpfiles.extra</literal> credential from the service
	270	manager.</para>
	271	</refsect1>
	272
36f57e02 ZJS	273	<refsect1>
	274	<title>Environment</title>
	275
	276	<variablelist class='environment-variables'>
	277	<xi:include href="common-variables.xml" xpointer="log-level" />
	278	<xi:include href="common-variables.xml" xpointer="log-color" />
	279	<xi:include href="common-variables.xml" xpointer="log-time" />
	280	<xi:include href="common-variables.xml" xpointer="log-location" />
	281	<xi:include href="common-variables.xml" xpointer="log-target" />
	282	<xi:include href="common-variables.xml" xpointer="pager" />
	283	<xi:include href="common-variables.xml" xpointer="less" />
	284	<xi:include href="common-variables.xml" xpointer="lesscharset" />
	285	<xi:include href="common-variables.xml" xpointer="lesssecure" />
	286	<xi:include href="common-variables.xml" xpointer="colors" />
	287	<xi:include href="common-variables.xml" xpointer="urlify" />
	288	</variablelist>
	289	</refsect1>
	290
798d3a52 ZJS	291	<refsect1>
	292	<title>Unprivileged --cleanup operation</title>
	293
	294	<para><command>systemd-tmpfiles</command> tries to avoid changing
	295	the access and modification times on the directories it accesses,
3c84514d	296	which requires <constant>CAP_FOWNER</constant> privileges. When
798d3a52 ZJS	297	running as non-root, directories which are checked for files to
	298	clean up will have their access time bumped, which might prevent
	299	their cleanup.
	300	</para>
	301	</refsect1>
	302
	303	<refsect1>
	304	<title>Exit status</title>
	305
b88ba6c7 ZJS	306	<para>On success, 0 is returned. If the configuration was syntactically invalid (syntax errors, missing
	307	arguments, …), so some lines had to be ignored, but no other errors occurred, <constant>65</constant> is
	308	returned (<constant>EX_DATAERR</constant> from <filename>/usr/include/sysexits.h</filename>). If the
	309	configuration was syntactically valid, but could not be executed (lack of permissions, creation of files
	310	in missing directories, invalid contents when writing to <filename>/sys/</filename> values, …),
	311	<constant>73</constant> is returned (<constant>EX_CANTCREAT</constant> from
	312	<filename>/usr/include/sysexits.h</filename>). Otherwise, <constant>1</constant> is returned
	313	(<constant>EXIT_FAILURE</constant> from <filename>/usr/include/stdlib.h</filename>).</para>
	314
	315	<para>Note: when creating items, if the target already exists, but is of the wrong type or otherwise does
	316	not match the requested state, and forced operation has not been requested with <literal>+</literal>,
	317	a message is emitted, but the failure is otherwise ignored.</para>
798d3a52 ZJS	318	</refsect1>
	319
	320	<refsect1>
	321	<title>See Also</title>
	322	<para>
	323	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	324	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	325	</para>
	326	</refsect1>
522d4a49 LP	327
522d4a49 LP	328	</refentry>