[thirdparty/systemd.git] / man / systemd-tmpfiles.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="systemd-tmpfiles"
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-tmpfiles</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-tmpfiles</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-tmpfiles</refname>
    <refname>systemd-tmpfiles-setup.service</refname>
    <refname>systemd-tmpfiles-setup-dev.service</refname>
    <refname>systemd-tmpfiles-clean.service</refname>
    <refname>systemd-tmpfiles-clean.timer</refname>
    <refpurpose>Creates, deletes and cleans up volatile
    and temporary files and directories</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-tmpfiles</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="repeat"><replaceable>CONFIGFILE</replaceable></arg>
    </cmdsynopsis>

    <para>System units:
<literallayout><filename>systemd-tmpfiles-setup.service</filename>
<filename>systemd-tmpfiles-setup-dev.service</filename>
<filename>systemd-tmpfiles-clean.service</filename>
<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>

    <para>User units:
<literallayout><filename>systemd-tmpfiles-setup.service</filename>
<filename>systemd-tmpfiles-clean.service</filename>
<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
    and directories, using the configuration file format and location specified in
    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
    be invoked with one or more options <option>--create</option>, <option>--remove</option>, and
    <option>--clean</option>, to select the respective subset of operations.</para>

    <para>By default, directives from all configuration files are applied. When invoked with
    <option>--replace=<replaceable>PATH</replaceable></option>, arguments specified on the command line are
    used instead of the configuration file <replaceable>PATH</replaceable>. Otherwise, if one or more
    absolute filenames are passed on the command line, only the directives in these files are applied. If
    <literal>-</literal> is specified instead of a filename, directives are read from standard input. If only
    the basename of a configuration file is specified, all configuration directories as specified in
    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> are
    searched for a matching file and the file found that has the highest priority is executed.</para>

    <para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
    <filename>systemd-tmpfiles-setup-dev.service</filename>,
    <filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
    system files and to perform system wide cleanup. Those services read administrator-controlled
    configuration files in <filename>tmpfiles.d/</filename> directories. User services
    (<filename>systemd-tmpfiles-setup.service</filename>,
    <filename>systemd-tmpfiles-clean.service</filename>) also invoke <command>systemd-tmpfiles</command>, but
    it reads a separate set of files, which includes user-controlled files under
    <filename>~/.config/user-tmpfiles.d/</filename> and <filename>~/.local/share/user-tmpfiles.d/</filename>,
    and administrator-controlled files under <filename>/usr/share/user-tmpfiles.d/</filename>. Users may use
    this to create and clean up files under their control, but the system instance performs global cleanup
    and is not influenced by user configuration. Note that this means a time-based cleanup configured in the
    system instance, such as the one typically configured for <filename>/tmp/</filename>, will thus also
    affect files created by the user instance if they are placed in <filename>/tmp/</filename>, even if the
    user instance's time-based cleanup is turned off.</para>

    <para>To re-apply settings after configuration has been modified, simply restart
    <filename>systemd-tmpfiles-clean.service</filename>, which will apply any settings which can be safely
    executed at runtime. To debug <command>systemd-tmpfiles</command>, it may be useful to invoke it
    directly from the command line with increased log level (see <varname>$SYSTEMD_LOG_LEVEL</varname>
    below).</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <para>The following options are understood:</para>

    <variablelist>
      <varlistentry>
        <term><option>--create</option></term>
        <listitem><para>If this option is passed, all files and
        directories marked with
        <varname>f</varname>,
        <varname>F</varname>,
        <varname>w</varname>,
        <varname>d</varname>,
        <varname>D</varname>,
        <varname>v</varname>,
        <varname>p</varname>,
        <varname>L</varname>,
        <varname>c</varname>,
        <varname>b</varname>,
        <varname>m</varname>
        in the configuration files are created or written to. Files
        and directories marked with
        <varname>z</varname>,
        <varname>Z</varname>,
        <varname>t</varname>,
        <varname>T</varname>,
        <varname>a</varname>, and
        <varname>A</varname> have their ownership, access mode and
        security labels set.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--clean</option></term>
        <listitem><para>If this option is passed, all files and
        directories with an age parameter configured will be cleaned
        up.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--remove</option></term>
        <listitem><para>If this option is passed, the contents of
        directories marked with <varname>D</varname> or
        <varname>R</varname>, and files or directories themselves
        marked with <varname>r</varname> or <varname>R</varname> are
        removed unless an exclusive or shared BSD lock is taken on them (see <citerefentry
        project='man-pages'><refentrytitle>flock</refentrytitle><manvolnum>2</manvolnum></citerefentry>).
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--user</option></term>
        <listitem><para>Execute "user" configuration, i.e. <filename>tmpfiles.d</filename>
        files in user configuration directories.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--boot</option></term>
        <listitem><para>Also execute lines with an exclamation mark. Lines that are not safe to be executed
        on a running system may be marked in this way. <command>systemd-tmpfiles</command> is executed in
        early boot with <option>--boot</option> specified and will execute those lines. When invoked again
        later, it should be called without <option>--boot</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--graceful</option></term>
        <listitem><para>Ignore configuration lines pertaining to unknown users or groups. This option is
        intended to be used in early boot before all users or groups have been created.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--prefix=<replaceable>path</replaceable></option></term>
        <listitem><para>Only apply rules with paths that start with
        the specified prefix. This option can be specified multiple
        times.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
        <listitem><para>Ignore rules with paths that start with the
        specified prefix. This option can be specified multiple
        times.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-E</option></term>
        <listitem><para>A shortcut for <literal>--exclude-prefix=/dev --exclude-prefix=/proc
        --exclude-prefix=/run --exclude-prefix=/sys</literal>, i.e. exclude the hierarchies typically backed
        by virtual or memory file systems. This is useful in combination with <option>--root=</option>, if
        the specified directory tree contains an OS tree without these virtual/memory file systems mounted
        in, as it is typically not desirable to create any files and directories below these subdirectories
        if they are supposed to be overmounted during runtime.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--root=<replaceable>root</replaceable></option></term>
        <listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate
        <replaceable>root</replaceable> path, including config search paths.</para>

        <para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users
        and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
        inside the alternate root are read directly. This means that users/groups not listed in these files
        will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para>

        <para>Consider combining this with <option>-E</option> to ensure the invocation does not create files
        or directories below mount points in the OS image operated on that are typically overmounted during
        runtime.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--image=<replaceable>image</replaceable></option></term>

        <listitem><para>Takes a path to a disk image file or block device node. If specified all operations
        are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
        but operates on file systems stored in disk images or block devices. The disk image should either
        contain just a file system or a set of file systems within a GPT partition table, following the
        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
        Specification</ulink>. For further information on supported disk images, see
        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        switch of the same name.</para>

        <para>Implies <option>-E</option>.</para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="image-policy-open" />

      <varlistentry>
        <term><option>--replace=<replaceable>PATH</replaceable></option></term>
        <listitem><para>When this option is given, one or more positional arguments
        must be specified. All configuration files found in the directories listed in
        <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        will be read, and the configuration given on the command line will be
        handled instead of and with the same priority as the configuration file
        <replaceable>PATH</replaceable>.</para>

        <para>This option is intended to be used when package installation scripts
        are running and files belonging to that package are not yet available on
        disk, so their contents must be given on the command line, but the admin
        configuration might already exist and should be given higher priority.
        </para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="cat-config" />
      <xi:include href="standard-options.xml" xpointer="no-pager" />
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>

    <para>It is possible to combine <option>--create</option>, <option>--clean</option>, and <option>--remove</option>
    in one invocation (in which case removal and cleanup are executed before creation of new files). For example,
    during boot the following command line is executed to ensure that all temporary and volatile directories are
    removed and created according to the configuration file:</para>

    <programlisting>systemd-tmpfiles --remove --create</programlisting>
  </refsect1>

  <refsect1>
    <title>Credentials</title>

    <para><command>systemd-tmpfiles</command> supports the service credentials logic as implemented by
    <varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
    (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
    details). The following credentials are used when passed in:</para>

    <variablelist>
      <varlistentry>
        <term><literal>tmpfiles.extra</literal></term>

        <listitem><para> The contents of this credential may contain additional lines to operate on. The
        credential contents should follow the same format as any other <filename>tmpfiles.d/</filename>
        drop-in configuration file. If this credential is passed it is processed after all of the drop-in
        files read from the file system. The lines in the credential can hence augment existing lines of the
        OS, but not override them.</para></listitem>
      </varlistentry>
    </variablelist>

    <para>Note that by default the <filename>systemd-tmpfiles-setup.service</filename> unit file (and related
    unit files) is set up to inherit the <literal>tmpfiles.extra</literal> credential from the service
    manager.</para>
  </refsect1>

  <refsect1>
    <title>Environment</title>

    <variablelist class='environment-variables'>
      <xi:include href="common-variables.xml" xpointer="log-level" />
      <xi:include href="common-variables.xml" xpointer="log-color" />
      <xi:include href="common-variables.xml" xpointer="log-time" />
      <xi:include href="common-variables.xml" xpointer="log-location" />
      <xi:include href="common-variables.xml" xpointer="log-target" />
      <xi:include href="common-variables.xml" xpointer="pager" />
      <xi:include href="common-variables.xml" xpointer="less" />
      <xi:include href="common-variables.xml" xpointer="lesscharset" />
      <xi:include href="common-variables.xml" xpointer="lesssecure" />
      <xi:include href="common-variables.xml" xpointer="colors" />
      <xi:include href="common-variables.xml" xpointer="urlify" />
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Unprivileged --cleanup operation</title>

    <para><command>systemd-tmpfiles</command> tries to avoid changing
    the access and modification times on the directories it accesses,
    which requires <constant>CAP_FOWNER</constant> privileges. When
    running as non-root, directories which are checked for files to
    clean up will have their access time bumped, which might prevent
    their cleanup.
    </para>
  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned. If the configuration was syntactically invalid (syntax errors, missing
    arguments, …), so some lines had to be ignored, but no other errors occurred, <constant>65</constant> is
    returned (<constant>EX_DATAERR</constant> from <filename>/usr/include/sysexits.h</filename>). If the
    configuration was syntactically valid, but could not be executed (lack of permissions, creation of files
    in missing directories, invalid contents when writing to <filename>/sys/</filename> values, …),
    <constant>73</constant> is returned (<constant>EX_CANTCREAT</constant> from
    <filename>/usr/include/sysexits.h</filename>). Otherwise, <constant>1</constant> is returned
    (<constant>EXIT_FAILURE</constant> from <filename>/usr/include/stdlib.h</filename>).</para>

    <para>Note: when creating items, if the target already exists, but is of the wrong type or otherwise does
    not match the requested state, and forced operation has not been requested with <literal>+</literal>,
    a message is emitted, but the failure is otherwise ignored.</para>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
522d4a49	1	<?xml version='1.0'?> <!---nxml--->
3a54a157	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
12b42c76	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
db9ecf05	4	<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
522d4a49	5
dfdebb1b	6	<refentry id="systemd-tmpfiles"
798d3a52 ZJS	7	xmlns:xi="http://www.w3.org/2001/XInclude">
	8
	9	<refentryinfo>
	10	<title>systemd-tmpfiles</title>
	11	<productname>systemd</productname>
798d3a52 ZJS	12	</refentryinfo>
	13
	14	<refmeta>
	15	<refentrytitle>systemd-tmpfiles</refentrytitle>
	16	<manvolnum>8</manvolnum>
	17	</refmeta>
	18
	19	<refnamediv>
	20	<refname>systemd-tmpfiles</refname>
	21	<refname>systemd-tmpfiles-setup.service</refname>
	22	<refname>systemd-tmpfiles-setup-dev.service</refname>
	23	<refname>systemd-tmpfiles-clean.service</refname>
	24	<refname>systemd-tmpfiles-clean.timer</refname>
	25	<refpurpose>Creates, deletes and cleans up volatile
	26	and temporary files and directories</refpurpose>
	27	</refnamediv>
	28
	29	<refsynopsisdiv>
	30	<cmdsynopsis>
	31	<command>systemd-tmpfiles</command>
	32	<arg choice="opt" rep="repeat">OPTIONS</arg>
	33	<arg choice="opt" rep="repeat"><replaceable>CONFIGFILE</replaceable></arg>
	34	</cmdsynopsis>
	35
cfdda37c ZJS	36	<para>System units:
	37	<literallayout><filename>systemd-tmpfiles-setup.service</filename>
	38	<filename>systemd-tmpfiles-setup-dev.service</filename>
	39	<filename>systemd-tmpfiles-clean.service</filename>
	40	<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
	41
	42	<para>User units:
	43	<literallayout><filename>systemd-tmpfiles-setup.service</filename>
	44	<filename>systemd-tmpfiles-clean.service</filename>
	45	<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
798d3a52 ZJS	46	</refsynopsisdiv>
	47
	48	<refsect1>
	49	<title>Description</title>
	50
aa2e348d ZJS	51	<para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
	52	and directories, using the configuration file format and location specified in
	53	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
	54	be invoked with one or more options <option>--create</option>, <option>--remove</option>, and
	55	<option>--clean</option>, to select the respective subset of operations.</para>
798d3a52	56
aa2e348d ZJS	57	<para>By default, directives from all configuration files are applied. When invoked with
	58	<option>--replace=<replaceable>PATH</replaceable></option>, arguments specified on the command line are
	59	used instead of the configuration file <replaceable>PATH</replaceable>. Otherwise, if one or more
	60	absolute filenames are passed on the command line, only the directives in these files are applied. If
	61	<literal>-</literal> is specified instead of a filename, directives are read from standard input. If only
	62	the basename of a configuration file is specified, all configuration directories as specified in
	63	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> are
	64	searched for a matching file and the file found that has the highest priority is executed.</para>
72703632 ZJS	65
	66	<para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
	67	<filename>systemd-tmpfiles-setup-dev.service</filename>,
	68	<filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
	69	system files and to perform system wide cleanup. Those services read administrator-controlled
	70	configuration files in <filename>tmpfiles.d/</filename> directories. User services
	71	(<filename>systemd-tmpfiles-setup.service</filename>,
	72	<filename>systemd-tmpfiles-clean.service</filename>) also invoke <command>systemd-tmpfiles</command>, but
	73	it reads a separate set of files, which includes user-controlled files under
	74	<filename>~/.config/user-tmpfiles.d/</filename> and <filename>~/.local/share/user-tmpfiles.d/</filename>,
c2892a24	75	and administrator-controlled files under <filename>/usr/share/user-tmpfiles.d/</filename>. Users may use
72703632 ZJS	76	this to create and clean up files under their control, but the system instance performs global cleanup
72703632 ZJS	77	and is not influenced by user configuration. Note that this means a time-based cleanup configured in the
3b121157 ZJS	78	system instance, such as the one typically configured for <filename>/tmp/</filename>, will thus also
3b121157 ZJS	79	affect files created by the user instance if they are placed in <filename>/tmp/</filename>, even if the
72703632	80	user instance's time-based cleanup is turned off.</para>
36f57e02	81
aa2e348d ZJS	82	<para>To re-apply settings after configuration has been modified, simply restart
	83	<filename>systemd-tmpfiles-clean.service</filename>, which will apply any settings which can be safely
	84	executed at runtime. To debug <command>systemd-tmpfiles</command>, it may be useful to invoke it
	85	directly from the command line with increased log level (see <varname>$SYSTEMD_LOG_LEVEL</varname>
	86	below).</para>
798d3a52 ZJS	87	</refsect1>
	88
	89	<refsect1>
	90	<title>Options</title>
	91
	92	<para>The following options are understood:</para>
	93
	94	<variablelist>
	95	<varlistentry>
	96	<term><option>--create</option></term>
	97	<listitem><para>If this option is passed, all files and
	98	directories marked with
	99	<varname>f</varname>,
	100	<varname>F</varname>,
	101	<varname>w</varname>,
	102	<varname>d</varname>,
	103	<varname>D</varname>,
	104	<varname>v</varname>,
	105	<varname>p</varname>,
	106	<varname>L</varname>,
	107	<varname>c</varname>,
	108	<varname>b</varname>,
	109	<varname>m</varname>
	110	in the configuration files are created or written to. Files
	111	and directories marked with
	112	<varname>z</varname>,
	113	<varname>Z</varname>,
	114	<varname>t</varname>,
	115	<varname>T</varname>,
	116	<varname>a</varname>, and
	117	<varname>A</varname> have their ownership, access mode and
f2b5ca0e	118	security labels set.</para></listitem>
798d3a52 ZJS	119	</varlistentry>
	120
	121	<varlistentry>
	122	<term><option>--clean</option></term>
	123	<listitem><para>If this option is passed, all files and
	124	directories with an age parameter configured will be cleaned
	125	up.</para></listitem>
	126	</varlistentry>
	127
	128	<varlistentry>
	129	<term><option>--remove</option></term>
	130	<listitem><para>If this option is passed, the contents of
	131	directories marked with <varname>D</varname> or
	132	<varname>R</varname>, and files or directories themselves
	133	marked with <varname>r</varname> or <varname>R</varname> are
65e179a1 DDM	134	removed unless an exclusive or shared BSD lock is taken on them (see <citerefentry
	135	project='man-pages'><refentrytitle>flock</refentrytitle><manvolnum>2</manvolnum></citerefentry>).
	136	</para></listitem>
798d3a52	137	</varlistentry>
d9daae55	138
f2b5ca0e ZJS	139	<varlistentry>
	140	<term><option>--user</option></term>
	141	<listitem><para>Execute "user" configuration, i.e. <filename>tmpfiles.d</filename>
	142	files in user configuration directories.</para></listitem>
	143	</varlistentry>
	144
798d3a52 ZJS	145	<varlistentry>
798d3a52 ZJS	146	<term><option>--boot</option></term>
a3256ea8 ZJS	147	<listitem><para>Also execute lines with an exclamation mark. Lines that are not safe to be executed
	148	on a running system may be marked in this way. <command>systemd-tmpfiles</command> is executed in
	149	early boot with <option>--boot</option> specified and will execute those lines. When invoked again
	150	later, it should be called without <option>--boot</option>.</para></listitem>
798d3a52	151	</varlistentry>
d9daae55	152
e0ea6af3 ZJS	153	<varlistentry>
	154	<term><option>--graceful</option></term>
	155	<listitem><para>Ignore configuration lines pertaining to unknown users or groups. This option is
	156	intended to be used in early boot before all users or groups have been created.</para></listitem>
	157	</varlistentry>
	158
798d3a52 ZJS	159	<varlistentry>
	160	<term><option>--prefix=<replaceable>path</replaceable></option></term>
	161	<listitem><para>Only apply rules with paths that start with
	162	the specified prefix. This option can be specified multiple
	163	times.</para></listitem>
	164	</varlistentry>
dd04fb32	165
798d3a52 ZJS	166	<varlistentry>
	167	<term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
	168	<listitem><para>Ignore rules with paths that start with the
	169	specified prefix. This option can be specified multiple
	170	times.</para></listitem>
	171	</varlistentry>
3e54b900	172
dd04fb32 LP	173	<varlistentry>
	174	<term><option>-E</option></term>
	175	<listitem><para>A shortcut for <literal>--exclude-prefix=/dev --exclude-prefix=/proc
	176	--exclude-prefix=/run --exclude-prefix=/sys</literal>, i.e. exclude the hierarchies typically backed
	177	by virtual or memory file systems. This is useful in combination with <option>--root=</option>, if
	178	the specified directory tree contains an OS tree without these virtual/memory file systems mounted
	179	in, as it is typically not desirable to create any files and directories below these subdirectories
	180	if they are supposed to be overmounted during runtime.</para></listitem>
	181	</varlistentry>
	182
798d3a52 ZJS	183	<varlistentry>
798d3a52 ZJS	184	<term><option>--root=<replaceable>root</replaceable></option></term>
3e54b900 LP	185	<listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate
	186	<replaceable>root</replaceable> path, including config search paths.</para>
	187
77a3cec0 LP	188	<para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users
	189	and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
	190	inside the alternate root are read directly. This means that users/groups not listed in these files
dd04fb32 LP	191	will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para>
	192
	193	<para>Consider combining this with <option>-E</option> to ensure the invocation does not create files
	194	or directories below mount points in the OS image operated on that are typically overmounted during
	195	runtime.</para></listitem>
798d3a52 ZJS	196	</varlistentry>
798d3a52 ZJS	197
71b1d2de LP	198	<varlistentry>
	199	<term><option>--image=<replaceable>image</replaceable></option></term>
	200
	201	<listitem><para>Takes a path to a disk image file or block device node. If specified all operations
	202	are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
	203	but operates on file systems stored in disk images or block devices. The disk image should either
	204	contain just a file system or a set of file systems within a GPT partition table, following the
db811444	205	<ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
71b1d2de LP	206	Specification</ulink>. For further information on supported disk images, see
	207	<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
	208	switch of the same name.</para>
	209
	210	<para>Implies <option>-E</option>.</para></listitem>
	211	</varlistentry>
	212
9ea81191 LP	213	<xi:include href="standard-options.xml" xpointer="image-policy-open" />
9ea81191 LP	214
a6d8474f ZJS	215	<varlistentry>
a6d8474f ZJS	216	<term><option>--replace=<replaceable>PATH</replaceable></option></term>
ba669952	217	<listitem><para>When this option is given, one or more positional arguments
a6d8474f ZJS	218	must be specified. All configuration files found in the directories listed in
	219	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	220	will be read, and the configuration given on the command line will be
	221	handled instead of and with the same priority as the configuration file
	222	<replaceable>PATH</replaceable>.</para>
	223
	224	<para>This option is intended to be used when package installation scripts
	225	are running and files belonging to that package are not yet available on
	226	disk, so their contents must be given on the command line, but the admin
	227	configuration might already exist and should be given higher priority.
	228	</para></listitem>
	229	</varlistentry>
	230
ceaaeb9b	231	<xi:include href="standard-options.xml" xpointer="cat-config" />
dcd5c891	232	<xi:include href="standard-options.xml" xpointer="no-pager" />
798d3a52 ZJS	233	<xi:include href="standard-options.xml" xpointer="help" />
	234	<xi:include href="standard-options.xml" xpointer="version" />
	235	</variablelist>
	236
bdee3f55	237	<para>It is possible to combine <option>--create</option>, <option>--clean</option>, and <option>--remove</option>
72703632	238	in one invocation (in which case removal and cleanup are executed before creation of new files). For example,
bdee3f55	239	during boot the following command line is executed to ensure that all temporary and volatile directories are
798d3a52 ZJS	240	removed and created according to the configuration file:</para>
	241
	242	<programlisting>systemd-tmpfiles --remove --create</programlisting>
798d3a52 ZJS	243	</refsect1>
798d3a52 ZJS	244
1d77721f LP	245	<refsect1>
	246	<title>Credentials</title>
	247
	248	<para><command>systemd-tmpfiles</command> supports the service credentials logic as implemented by
bbfb25f4 DDM	249	<varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
bbfb25f4 DDM	250	(see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
1d77721f LP	251	details). The following credentials are used when passed in:</para>
	252
	253	<variablelist>
	254	<varlistentry>
	255	<term><literal>tmpfiles.extra</literal></term>
	256
	257	<listitem><para> The contents of this credential may contain additional lines to operate on. The
	258	credential contents should follow the same format as any other <filename>tmpfiles.d/</filename>
	259	drop-in configuration file. If this credential is passed it is processed after all of the drop-in
	260	files read from the file system. The lines in the credential can hence augment existing lines of the
	261	OS, but not override them.</para></listitem>
	262	</varlistentry>
	263	</variablelist>
	264
	265	<para>Note that by default the <filename>systemd-tmpfiles-setup.service</filename> unit file (and related
	266	unit files) is set up to inherit the <literal>tmpfiles.extra</literal> credential from the service
	267	manager.</para>
	268	</refsect1>
	269
36f57e02 ZJS	270	<refsect1>
	271	<title>Environment</title>
	272
	273	<variablelist class='environment-variables'>
	274	<xi:include href="common-variables.xml" xpointer="log-level" />
	275	<xi:include href="common-variables.xml" xpointer="log-color" />
	276	<xi:include href="common-variables.xml" xpointer="log-time" />
	277	<xi:include href="common-variables.xml" xpointer="log-location" />
	278	<xi:include href="common-variables.xml" xpointer="log-target" />
	279	<xi:include href="common-variables.xml" xpointer="pager" />
	280	<xi:include href="common-variables.xml" xpointer="less" />
	281	<xi:include href="common-variables.xml" xpointer="lesscharset" />
	282	<xi:include href="common-variables.xml" xpointer="lesssecure" />
	283	<xi:include href="common-variables.xml" xpointer="colors" />
	284	<xi:include href="common-variables.xml" xpointer="urlify" />
	285	</variablelist>
	286	</refsect1>
	287
798d3a52 ZJS	288	<refsect1>
	289	<title>Unprivileged --cleanup operation</title>
	290
	291	<para><command>systemd-tmpfiles</command> tries to avoid changing
	292	the access and modification times on the directories it accesses,
3c84514d	293	which requires <constant>CAP_FOWNER</constant> privileges. When
798d3a52 ZJS	294	running as non-root, directories which are checked for files to
	295	clean up will have their access time bumped, which might prevent
	296	their cleanup.
	297	</para>
	298	</refsect1>
	299
	300	<refsect1>
	301	<title>Exit status</title>
	302
b88ba6c7 ZJS	303	<para>On success, 0 is returned. If the configuration was syntactically invalid (syntax errors, missing
	304	arguments, …), so some lines had to be ignored, but no other errors occurred, <constant>65</constant> is
	305	returned (<constant>EX_DATAERR</constant> from <filename>/usr/include/sysexits.h</filename>). If the
	306	configuration was syntactically valid, but could not be executed (lack of permissions, creation of files
	307	in missing directories, invalid contents when writing to <filename>/sys/</filename> values, …),
	308	<constant>73</constant> is returned (<constant>EX_CANTCREAT</constant> from
	309	<filename>/usr/include/sysexits.h</filename>). Otherwise, <constant>1</constant> is returned
	310	(<constant>EXIT_FAILURE</constant> from <filename>/usr/include/stdlib.h</filename>).</para>
	311
	312	<para>Note: when creating items, if the target already exists, but is of the wrong type or otherwise does
	313	not match the requested state, and forced operation has not been requested with <literal>+</literal>,
	314	a message is emitted, but the failure is otherwise ignored.</para>
798d3a52 ZJS	315	</refsect1>
	316
	317	<refsect1>
	318	<title>See Also</title>
	319	<para>
	320	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	321	<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	322	</para>
	323	</refsect1>
522d4a49 LP	324
522d4a49 LP	325	</refentry>