]>
Commit | Line | Data |
---|---|---|
5fb13eb5 | 1 | <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
12b42c76 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
4149f86d | 3 | <!-- |
572eb058 ZJS |
4 | SPDX-License-Identifier: LGPL-2.1+ |
5 | ||
4149f86d | 6 | Copyright 2010 Brandon Philips |
4149f86d BP |
7 | --> |
8 | <refentry id="tmpfiles.d"> | |
9 | ||
302fbdf2 ZJS |
10 | <refentryinfo> |
11 | <title>tmpfiles.d</title> | |
12 | <productname>systemd</productname> | |
13 | ||
14 | <authorgroup> | |
15 | <author> | |
16 | <contrib>Documentation</contrib> | |
17 | <firstname>Brandon</firstname> | |
18 | <surname>Philips</surname> | |
19 | <email>brandon@ifup.org</email> | |
20 | </author> | |
21 | </authorgroup> | |
22 | </refentryinfo> | |
23 | ||
24 | <refmeta> | |
25 | <refentrytitle>tmpfiles.d</refentrytitle> | |
26 | <manvolnum>5</manvolnum> | |
27 | </refmeta> | |
28 | ||
29 | <refnamediv> | |
30 | <refname>tmpfiles.d</refname> | |
31 | <refpurpose>Configuration for creation, deletion and cleaning of | |
32 | volatile and temporary files</refpurpose> | |
33 | </refnamediv> | |
34 | ||
35 | <refsynopsisdiv> | |
f2b5ca0e ZJS |
36 | <para><literallayout><filename>/etc/tmpfiles.d/*.conf</filename> |
37 | <filename>/run/tmpfiles.d/*.conf</filename> | |
38 | <filename>/usr/lib/tmpfiles.d/*.conf</filename> | |
39 | </literallayout></para> | |
40 | ||
41 | <para><literallayout><filename>~/.config/user-tmpfiles.d/*.conf</filename> | |
42 | <filename>$XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf</filename> | |
43 | <filename>~/.local/share/user-tmpfiles.d/*.conf</filename> | |
44 | <filename>…</filename> | |
45 | <filename>/usr/share/user-tmpfiles.d/*.conf</filename> | |
46 | </literallayout></para> | |
302fbdf2 ZJS |
47 | </refsynopsisdiv> |
48 | ||
49 | <refsect1> | |
50 | <title>Description</title> | |
51 | ||
52 | <para><command>systemd-tmpfiles</command> uses the configuration | |
53 | files from the above directories to describe the creation, | |
54 | cleaning and removal of volatile and temporary files and | |
55 | directories which usually reside in directories such as | |
56 | <filename>/run</filename> or <filename>/tmp</filename>.</para> | |
57 | ||
58 | <para>Volatile and temporary files and directories are those | |
59 | located in <filename>/run</filename> (and its alias | |
60 | <filename>/var/run</filename>), <filename>/tmp</filename>, | |
61 | <filename>/var/tmp</filename>, the API file systems such as | |
62 | <filename>/sys</filename> or <filename>/proc</filename>, as well | |
63 | as some other directories below <filename>/var</filename>.</para> | |
64 | ||
65 | <para>System daemons frequently require private runtime | |
66 | directories below <filename>/run</filename> to place communication | |
67 | sockets and similar in. For these, consider declaring them in | |
68 | their unit files using <varname>RuntimeDirectory=</varname> (see | |
69 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
70 | for details), if this is feasible.</para> | |
71 | </refsect1> | |
72 | ||
73 | <refsect1> | |
8165be2e | 74 | <title>Configuration Directories and Precedence</title> |
302fbdf2 ZJS |
75 | |
76 | <para>Each configuration file shall be named in the style of | |
77 | <filename><replaceable>package</replaceable>.conf</filename> or | |
78 | <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>. | |
79 | The second variant should be used when it is desirable to make it | |
80 | easy to override just this part of configuration.</para> | |
81 | ||
82 | <para>Files in <filename>/etc/tmpfiles.d</filename> override files | |
83 | with the same name in <filename>/usr/lib/tmpfiles.d</filename> and | |
84 | <filename>/run/tmpfiles.d</filename>. Files in | |
85 | <filename>/run/tmpfiles.d</filename> override files with the same | |
86 | name in <filename>/usr/lib/tmpfiles.d</filename>. Packages should | |
87 | install their configuration files in | |
88 | <filename>/usr/lib/tmpfiles.d</filename>. Files in | |
89 | <filename>/etc/tmpfiles.d</filename> are reserved for the local | |
90 | administrator, who may use this logic to override the | |
91 | configuration files installed by vendor packages. All | |
92 | configuration files are sorted by their filename in lexicographic | |
93 | order, regardless of which of the directories they reside in. If | |
94 | multiple files specify the same path, the entry in the file with | |
95 | the lexicographically earliest name will be applied. All other | |
96 | conflicting entries will be logged as errors. When two lines are | |
97 | prefix and suffix of each other, then the prefix is always | |
6d785b6d LP |
98 | processed first, the suffix later. Lines that take globs are |
99 | applied after those accepting no globs. If multiple operations | |
b938cb90 JE |
100 | shall be applied on the same file, (such as ACL, xattr, file |
101 | attribute adjustments), these are always done in the same fixed | |
6d785b6d LP |
102 | order. Otherwise, the files/directories are processed in the order |
103 | they are listed.</para> | |
302fbdf2 ZJS |
104 | |
105 | <para>If the administrator wants to disable a configuration file | |
106 | supplied by the vendor, the recommended way is to place a symlink | |
107 | to <filename>/dev/null</filename> in | |
108 | <filename>/etc/tmpfiles.d/</filename> bearing the same filename. | |
109 | </para> | |
8165be2e ZJS |
110 | </refsect1> |
111 | ||
112 | <refsect1> | |
113 | <title>Configuration File Format</title> | |
302fbdf2 ZJS |
114 | |
115 | <para>The configuration format is one line per path containing | |
116 | type, path, mode, ownership, age, and argument fields:</para> | |
117 | ||
118 | <programlisting>#Type Path Mode UID GID Age Argument | |
ed7fd549 ZJS |
119 | d /run/user 0755 root root 10d - |
120 | L /tmp/foobar - - - - /dev/null</programlisting> | |
302fbdf2 | 121 | |
657cf7f4 | 122 | <para>Fields may be enclosed within quotes and contain C-style escapes.</para> |
123 | ||
302fbdf2 ZJS |
124 | <refsect2> |
125 | <title>Type</title> | |
126 | ||
127 | <para>The type consists of a single letter and optionally an | |
128 | exclamation mark.</para> | |
129 | ||
130 | <para>The following line types are understood:</para> | |
131 | ||
132 | <variablelist> | |
133 | <varlistentry> | |
134 | <term><varname>f</varname></term> | |
49e87292 LP |
135 | <listitem><para>Create a file if it does not exist yet. If the argument parameter is given and the file did |
136 | not exist yet, it will be written to the file. Does not follow symlinks.</para></listitem> | |
302fbdf2 ZJS |
137 | </varlistentry> |
138 | ||
139 | <varlistentry> | |
140 | <term><varname>F</varname></term> | |
141 | <listitem><para>Create or truncate a file. If the argument | |
6a9171d2 | 142 | parameter is given, it will be written to the file. Does not follow symlinks.</para> |
302fbdf2 ZJS |
143 | </listitem> |
144 | </varlistentry> | |
145 | ||
146 | <varlistentry> | |
147 | <term><varname>w</varname></term> | |
148 | <listitem><para>Write the argument parameter to a file, if | |
149 | the file exists. Lines of this type accept shell-style | |
150 | globs in place of normal path names. The argument parameter | |
151 | will be written without a trailing newline. C-style | |
6a9171d2 LP |
152 | backslash escapes are interpreted. Follows |
153 | symlinks.</para></listitem> | |
302fbdf2 ZJS |
154 | </varlistentry> |
155 | ||
156 | <varlistentry> | |
157 | <term><varname>d</varname></term> | |
4b743d67 ZJS |
158 | <listitem><para>Create a directory. The mode and ownership will be adjusted if |
159 | specified and the directory already exists. Contents of this directory are subject | |
ed7fd549 | 160 | to time based cleanup if the age argument is specified.</para></listitem> |
302fbdf2 ZJS |
161 | </varlistentry> |
162 | ||
163 | <varlistentry> | |
164 | <term><varname>D</varname></term> | |
4b743d67 ZJS |
165 | <listitem><para>Similar to <varname>d</varname>, but in addition the contents |
166 | of the directory will be removed when <option>--remove</option> is used. | |
167 | </para></listitem> | |
168 | </varlistentry> | |
df8dee85 ZJS |
169 | |
170 | <varlistentry> | |
171 | <term><varname>e</varname></term> | |
ed7fd549 ZJS |
172 | <listitem><para>Similar to <varname>d</varname>, but the directory will not be created if |
173 | it does not exist. Lines of this type accept shell-style globs in place of normal path | |
174 | names. For this entry to be useful, at least one of the mode, uid, gid, or age arguments | |
175 | must be specified, since otherwise this entry has no effect. If the age argument is | |
176 | <literal>0</literal>, contents of the directory will be unconditionally deleted every time | |
177 | <command>systemd-tmpfiles --clean</command> is run. This can be useful when combined with | |
178 | <varname>!</varname>, see the examples.</para></listitem> | |
302fbdf2 ZJS |
179 | </varlistentry> |
180 | ||
181 | <varlistentry> | |
182 | <term><varname>v</varname></term> | |
183 | <listitem><para>Create a subvolume if the path does not | |
2904e949 LP |
184 | exist yet, the file system supports subvolumes (btrfs), and |
185 | the system itself is installed into a subvolume | |
186 | (specifically: the root directory <filename>/</filename> is | |
187 | itself a subvolume). Otherwise, create a normal directory, in | |
188 | the same way as <varname>d</varname>. A subvolume created | |
189 | with this line type is not assigned to any higher-level | |
190 | quota group. For that, use <varname>q</varname> or | |
191 | <varname>Q</varname>, which allow creating simple quota | |
192 | group hierarchies, see below.</para></listitem> | |
5fb13eb5 LP |
193 | </varlistentry> |
194 | ||
195 | <varlistentry> | |
196 | <term><varname>q</varname></term> | |
b938cb90 | 197 | <listitem><para>Similar to <varname>v</varname>. However, |
5fb13eb5 LP |
198 | makes sure that the subvolume will be assigned to the same |
199 | higher-level quota groups as the subvolume it has been | |
200 | created in. This ensures that higher-level limits and | |
201 | accounting applied to the parent subvolume also include the | |
202 | specified subvolume. On non-btrfs file systems, this line | |
203 | type is identical to <varname>d</varname>. If the subvolume | |
204 | already exists and is already assigned to one or more higher | |
b938cb90 | 205 | level quota groups, no change to the quota hierarchy is |
5fb13eb5 LP |
206 | made. Also see <varname>Q</varname> below. See <citerefentry |
207 | project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
208 | for details about the btrfs quota group | |
209 | concept.</para></listitem> | |
210 | </varlistentry> | |
211 | ||
212 | <varlistentry> | |
213 | <term><varname>Q</varname></term> | |
b938cb90 | 214 | <listitem><para>Similar to <varname>q</varname>. However, |
5fb13eb5 LP |
215 | instead of copying the higher-level quota group assignments |
216 | from the parent as-is, the lowest quota group of the parent | |
217 | subvolume is determined that is not the leaf quota | |
218 | group. Then, an "intermediary" quota group is inserted that | |
219 | is one level below this level, and shares the same ID part | |
220 | as the specified subvolume. If no higher-level quota group | |
221 | exists for the parent subvolume, a new quota group at level | |
222 | 255 sharing the same ID as the specified subvolume is | |
223 | inserted instead. This new intermediary quota group is then | |
224 | assigned to the parent subvolume's higher-level quota | |
225 | groups, and the specified subvolume's leaf quota group is | |
226 | assigned to it.</para> | |
227 | ||
228 | <para>Effectively, this has a similar effect as | |
229 | <varname>q</varname>, however introduces a new higher-level | |
230 | quota group for the specified subvolume that may be used to | |
231 | enforce limits and accounting to the specified subvolume and | |
232 | children subvolume created within it. Thus, by creating | |
233 | subvolumes only via <varname>q</varname> and | |
b938cb90 | 234 | <varname>Q</varname>, a concept of "subtree quotas" is |
5fb13eb5 LP |
235 | implemented. Each subvolume for which <varname>Q</varname> |
236 | is set will get a "subtree" quota group created, and all | |
237 | child subvolumes created within it will be assigned to | |
238 | it. Each subvolume for which <varname>q</varname> is set | |
239 | will not get such a "subtree" quota group, but it is ensured | |
240 | that they are added to the same "subtree" quota group as their | |
241 | immediate parents.</para> | |
242 | ||
243 | <para>It is recommended to use | |
244 | <varname>Q</varname> for subvolumes that typically contain | |
245 | further subvolumes, and where it is desirable to have | |
246 | accounting and quota limits on all child subvolumes | |
247 | together. Examples for <varname>Q</varname> are typically | |
248 | <filename>/home</filename> or | |
249 | <filename>/var/lib/machines</filename>. In contrast, | |
250 | <varname>q</varname> should be used for subvolumes that | |
251 | either usually do not include further subvolumes or where no | |
252 | accounting and quota limits are needed that apply to all | |
253 | child subvolumes together. Examples for <varname>q</varname> | |
254 | are typically <filename>/var</filename> or | |
255 | <filename>/var/tmp</filename>. As with <varname>Q</varname>, | |
256 | <varname>q</varname> has no effect on the quota group | |
257 | hierarchy if the subvolume exists and already has at least | |
258 | one higher-level quota group assigned.</para></listitem> | |
302fbdf2 ZJS |
259 | </varlistentry> |
260 | ||
261 | <varlistentry> | |
262 | <term><varname>p</varname></term> | |
263 | <term><varname>p+</varname></term> | |
264 | <listitem><para>Create a named pipe (FIFO) if it does not | |
265 | exist yet. If suffixed with <varname>+</varname> and a file | |
266 | already exists where the pipe is to be created, it will be | |
267 | removed and be replaced by the pipe.</para></listitem> | |
268 | </varlistentry> | |
269 | ||
270 | <varlistentry> | |
271 | <term><varname>L</varname></term> | |
272 | <term><varname>L+</varname></term> | |
273 | <listitem><para>Create a symlink if it does not exist | |
b3f5897f WD |
274 | yet. If suffixed with <varname>+</varname> and a file or |
275 | directory already exists where the symlink is to be created, | |
276 | it will be removed and be replaced by the symlink. If the | |
277 | argument is omitted, symlinks to files with the same name | |
278 | residing in the directory | |
279 | <filename>/usr/share/factory/</filename> are created. Note | |
280 | that permissions and ownership on symlinks are ignored. | |
281 | </para></listitem> | |
302fbdf2 ZJS |
282 | </varlistentry> |
283 | ||
284 | <varlistentry> | |
285 | <term><varname>c</varname></term> | |
286 | <term><varname>c+</varname></term> | |
287 | <listitem><para>Create a character device node if it does | |
288 | not exist yet. If suffixed with <varname>+</varname> and a | |
289 | file already exists where the device node is to be created, | |
290 | it will be removed and be replaced by the device node. It is | |
291 | recommended to suffix this entry with an exclamation mark to | |
292 | only create static device nodes at boot, as udev will not | |
293 | manage static device nodes that are created at runtime. | |
294 | </para></listitem> | |
295 | </varlistentry> | |
296 | ||
297 | <varlistentry> | |
298 | <term><varname>b</varname></term> | |
299 | <term><varname>b+</varname></term> | |
300 | <listitem><para>Create a block device node if it does not | |
301 | exist yet. If suffixed with <varname>+</varname> and a file | |
302 | already exists where the device node is to be created, it | |
303 | will be removed and be replaced by the device node. It is | |
304 | recommended to suffix this entry with an exclamation mark to | |
305 | only create static device nodes at boot, as udev will not | |
306 | manage static device nodes that are created at runtime. | |
307 | </para></listitem> | |
308 | </varlistentry> | |
309 | ||
310 | <varlistentry> | |
311 | <term><varname>C</varname></term> | |
312 | <listitem><para>Recursively copy a file or directory, if the | |
313 | destination files or directories do not exist yet. Note that | |
314 | this command will not descend into subdirectories if the | |
315 | destination directory already exists. Instead, the entire | |
316 | copy operation is skipped. If the argument is omitted, files | |
317 | from the source directory | |
318 | <filename>/usr/share/factory/</filename> with the same name | |
6a9171d2 | 319 | are copied. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
320 | </varlistentry> |
321 | ||
322 | <varlistentry> | |
323 | <term><varname>x</varname></term> | |
324 | <listitem><para>Ignore a path during cleaning. Use this type | |
325 | to exclude paths from clean-up as controlled with the Age | |
326 | parameter. Note that lines of this type do not influence the | |
327 | effect of <varname>r</varname> or <varname>R</varname> | |
50d9e46d | 328 | lines. Lines of this type accept shell-style globs in place |
302fbdf2 ZJS |
329 | of normal path names. </para></listitem> |
330 | </varlistentry> | |
331 | ||
332 | <varlistentry> | |
333 | <term><varname>X</varname></term> | |
334 | <listitem><para>Ignore a path during cleaning. Use this type | |
335 | to exclude paths from clean-up as controlled with the Age | |
336 | parameter. Unlike <varname>x</varname>, this parameter will | |
337 | not exclude the content if path is a directory, but only | |
338 | directory itself. Note that lines of this type do not | |
339 | influence the effect of <varname>r</varname> or | |
50d9e46d | 340 | <varname>R</varname> lines. Lines of this type accept |
302fbdf2 ZJS |
341 | shell-style globs in place of normal path names. |
342 | </para></listitem> | |
343 | </varlistentry> | |
344 | ||
345 | <varlistentry> | |
346 | <term><varname>r</varname></term> | |
347 | <listitem><para>Remove a file or directory if it exists. | |
348 | This may not be used to remove non-empty directories, use | |
349 | <varname>R</varname> for that. Lines of this type accept | |
350 | shell-style globs in place of normal path | |
6a9171d2 | 351 | names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
352 | </varlistentry> |
353 | ||
354 | <varlistentry> | |
355 | <term><varname>R</varname></term> | |
356 | <listitem><para>Recursively remove a path and all its | |
357 | subdirectories (if it is a directory). Lines of this type | |
358 | accept shell-style globs in place of normal path | |
6a9171d2 | 359 | names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
360 | </varlistentry> |
361 | ||
362 | <varlistentry> | |
363 | <term><varname>z</varname></term> | |
364 | <listitem><para>Adjust the access mode, group and user, and | |
365 | restore the SELinux security context of a file or directory, | |
366 | if it exists. Lines of this type accept shell-style globs in | |
6a9171d2 | 367 | place of normal path names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
368 | </varlistentry> |
369 | ||
370 | <varlistentry> | |
371 | <term><varname>Z</varname></term> | |
372 | <listitem><para>Recursively set the access mode, group and | |
373 | user, and restore the SELinux security context of a file or | |
374 | directory if it exists, as well as of its subdirectories and | |
375 | the files contained therein (if applicable). Lines of this | |
6a9171d2 LP |
376 | type accept shell-style globs in place of normal path |
377 | names. Does not follow symlinks. </para></listitem> | |
302fbdf2 ZJS |
378 | </varlistentry> |
379 | ||
380 | <varlistentry> | |
381 | <term><varname>t</varname></term> | |
b705ab6a ZJS |
382 | <listitem><para>Set extended attributes. Lines of this type |
383 | accept shell-style globs in place of normal path names. | |
6a9171d2 LP |
384 | This can be useful for setting SMACK labels. Does not follow |
385 | symlinks.</para></listitem> | |
b705ab6a ZJS |
386 | </varlistentry> |
387 | ||
388 | <varlistentry> | |
389 | <term><varname>T</varname></term> | |
390 | <listitem><para>Recursively set extended attributes. Lines | |
391 | of this type accept shell-style globs in place of normal | |
6a9171d2 LP |
392 | path names. This can be useful for setting SMACK |
393 | labels. Does not follow symlinks. </para></listitem> | |
302fbdf2 | 394 | </varlistentry> |
f8eeeaf9 | 395 | |
fa3f5fd2 GB |
396 | <varlistentry> |
397 | <term><varname>h</varname></term> | |
398 | <listitem><para>Set file/directory attributes. Lines of this type | |
399 | accept shell-style globs in place of normal path names.</para> | |
400 | ||
1ae705fb LP |
401 | <para>The format of the argument field is |
402 | <varname>[+-=][aAcCdDeijsStTu] </varname>. The prefix | |
403 | <varname>+</varname> (the default one) causes the | |
fa3f5fd2 | 404 | attribute(s) to be added; <varname>-</varname> causes the |
1ae705fb | 405 | attribute(s) to be removed; <varname>=</varname> causes the |
a8eaaee7 | 406 | attributes to be set exactly as the following letters. The |
1ae705fb | 407 | letters <literal>aAcCdDeijsStTu</literal> select the new |
fa3f5fd2 | 408 | attributes for the files, see |
c30c611c | 409 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle> |
fa3f5fd2 GB |
410 | <manvolnum>1</manvolnum></citerefentry> for further information. |
411 | </para> | |
1ae705fb LP |
412 | <para>Passing only <varname>=</varname> as argument resets |
413 | all the file attributes listed above. It has to be pointed | |
b938cb90 | 414 | out that the <varname>=</varname> prefix limits itself to |
1ae705fb LP |
415 | the attributes corresponding to the letters listed here. All |
416 | other attributes will be left untouched. Does not follow | |
417 | symlinks.</para> | |
fa3f5fd2 GB |
418 | </listitem> |
419 | </varlistentry> | |
420 | ||
421 | <varlistentry> | |
422 | <term><varname>H</varname></term> | |
423 | <listitem><para>Recursively set file/directory attributes. Lines | |
424 | of this type accept shell-style globs in place of normal | |
6a9171d2 | 425 | path names. Does not follow symlinks. |
fa3f5fd2 GB |
426 | </para></listitem> |
427 | </varlistentry> | |
428 | ||
f8eeeaf9 ZJS |
429 | <varlistentry> |
430 | <term><varname>a</varname></term> | |
50d9e46d ZJS |
431 | <term><varname>a+</varname></term> |
432 | <listitem><para>Set POSIX ACLs (access control lists). If | |
a8eaaee7 | 433 | suffixed with <varname>+</varname>, the specified entries will |
dd4105b0 ZJS |
434 | be added to the existing set. |
435 | <command>systemd-tmpfiles</command> will automatically add | |
436 | the required base entries for user and group based on the | |
437 | access mode of the file, unless base entries already exist | |
7f3fdb7f | 438 | or are explicitly specified. The mask will be added if not |
dd4105b0 ZJS |
439 | specified explicitly or already present. Lines of this type |
440 | accept shell-style globs in place of normal path names. This | |
441 | can be useful for allowing additional access to certain | |
6a9171d2 | 442 | files. Does not follow symlinks.</para></listitem> |
b705ab6a ZJS |
443 | </varlistentry> |
444 | ||
445 | <varlistentry> | |
446 | <term><varname>A</varname></term> | |
50d9e46d ZJS |
447 | <term><varname>A+</varname></term> |
448 | <listitem><para>Same as <varname>a</varname> and | |
6a9171d2 LP |
449 | <varname>a+</varname>, but recursive. Does not follow |
450 | symlinks.</para></listitem> | |
f8eeeaf9 | 451 | </varlistentry> |
302fbdf2 ZJS |
452 | </variablelist> |
453 | ||
454 | <para>If the exclamation mark is used, this line is only safe of | |
455 | execute during boot, and can break a running system. Lines | |
456 | without the exclamation mark are presumed to be safe to execute | |
457 | at any time, e.g. on package upgrades. | |
458 | <command>systemd-tmpfiles</command> will execute line with an | |
459 | exclamation mark only if option <option>--boot</option> is | |
460 | given.</para> | |
461 | ||
462 | <para>For example: | |
463 | <programlisting># Make sure these are created by default so that nobody else can | |
9b9c30ec | 464 | d /tmp/.X11-unix 1777 root root 10d |
302fbdf2 | 465 | |
9b9c30ec LP |
466 | # Unlink the X11 lock files |
467 | r! /tmp/.X[0-9]*-lock</programlisting> | |
302fbdf2 ZJS |
468 | The second line in contrast to the first one would break a |
469 | running system, and will only be executed with | |
470 | <option>--boot</option>.</para> | |
7fa10748 LP |
471 | |
472 | <para>Note that for all line types that result in creation of any kind of file node | |
473 | (i.e. <varname>f</varname>/<varname>F</varname>, | |
474 | <varname>d</varname>/<varname>D</varname>/<varname>v</varname>/<varname>q</varname>/<varname>Q</varname>, | |
475 | <varname>p</varname>, <varname>L</varname>, <varname>c</varname>/<varname>b</varname> and <varname>C</varname>) | |
476 | leading directories are implicitly created if needed, owned by root with an access mode of 0755. In order to | |
477 | create them with different modes or ownership make sure to add appropriate <varname>d</varname> lines.</para> | |
302fbdf2 ZJS |
478 | </refsect2> |
479 | ||
480 | <refsect2> | |
481 | <title>Path</title> | |
482 | ||
483 | <para>The file system path specification supports simple | |
2df36d09 ZJS |
484 | specifier expansion, see below. The path (after expansion) must be |
485 | absolute.</para> | |
302fbdf2 ZJS |
486 | </refsect2> |
487 | ||
488 | <refsect2> | |
489 | <title>Mode</title> | |
490 | ||
491 | <para>The file access mode to use when creating this file or | |
492 | directory. If omitted or when set to <literal>-</literal>, the | |
493 | default is used: 0755 for directories, 0644 for all other file | |
494 | objects. For <varname>z</varname>, <varname>Z</varname> lines, | |
495 | if omitted or when set to <literal>-</literal>, the file access | |
496 | mode will not be modified. This parameter is ignored for | |
497 | <varname>x</varname>, <varname>r</varname>, | |
f8eeeaf9 ZJS |
498 | <varname>R</varname>, <varname>L</varname>, <varname>t</varname>, |
499 | and <varname>a</varname> lines.</para> | |
302fbdf2 ZJS |
500 | |
501 | <para>Optionally, if prefixed with <literal>~</literal>, the | |
502 | access mode is masked based on the already set access bits for | |
503 | existing file or directories: if the existing file has all | |
504 | executable bits unset, all executable bits are removed from the | |
505 | new access mode, too. Similarly, if all read bits are removed | |
506 | from the old access mode, they will be removed from the new | |
507 | access mode too, and if all write bits are removed, they will be | |
508 | removed from the new access mode too. In addition, the | |
509 | sticky/SUID/SGID bit is removed unless applied to a | |
510 | directory. This functionality is particularly useful in | |
511 | conjunction with <varname>Z</varname>.</para> | |
512 | </refsect2> | |
513 | ||
514 | <refsect2> | |
515 | <title>UID, GID</title> | |
516 | ||
517 | <para>The user and group to use for this file or directory. This | |
518 | may either be a numeric user/group ID or a user or group | |
519 | name. If omitted or when set to <literal>-</literal>, the | |
a8eaaee7 | 520 | default 0 (root) is used. For <varname>z</varname> and |
f8eeeaf9 ZJS |
521 | <varname>Z</varname> lines, when omitted or when set to |
522 | <literal>-</literal>, the file ownership will not be | |
523 | modified. These parameters are ignored for <varname>x</varname>, | |
524 | <varname>r</varname>, <varname>R</varname>, | |
525 | <varname>L</varname>, <varname>t</varname>, and | |
526 | <varname>a</varname> lines.</para> | |
302fbdf2 ZJS |
527 | </refsect2> |
528 | ||
529 | <refsect2> | |
530 | <title>Age</title> | |
531 | <para>The date field, when set, is used to decide what files to | |
532 | delete when cleaning. If a file or directory is older than the | |
533 | current time minus the age field, it is deleted. The field | |
534 | format is a series of integers each followed by one of the | |
a8eaaee7 | 535 | following suffixes for the respective time units: |
00c53f42 ZJS |
536 | <constant>s</constant>, |
537 | <constant>m</constant> or <constant>min</constant>, | |
538 | <constant>h</constant>, | |
539 | <constant>d</constant>, | |
540 | <constant>w</constant>, | |
a8eaaee7 | 541 | <constant>ms</constant>, and |
00c53f42 | 542 | <constant>us</constant>, |
a8eaaee7 JE |
543 | meaning seconds, minutes, hours, days, weeks, |
544 | milliseconds, and microseconds, respectively. Full names of the time units can | |
00c53f42 ZJS |
545 | be used too. |
546 | </para> | |
302fbdf2 ZJS |
547 | |
548 | <para>If multiple integers and units are specified, the time | |
00c53f42 ZJS |
549 | values are summed. If an integer is given without a unit, |
550 | <constant>s</constant> is assumed. | |
302fbdf2 ZJS |
551 | </para> |
552 | ||
553 | <para>When the age is set to zero, the files are cleaned | |
554 | unconditionally.</para> | |
555 | ||
5fb13eb5 | 556 | <para>The age field only applies to lines starting with |
df8dee85 | 557 | <varname>d</varname>, <varname>D</varname>, <varname>e</varname>, |
5fb13eb5 LP |
558 | <varname>v</varname>, <varname>q</varname>, |
559 | <varname>Q</varname>, <varname>C</varname>, <varname>x</varname> | |
560 | and <varname>X</varname>. If omitted or set to | |
561 | <literal>-</literal>, no automatic clean-up is done.</para> | |
302fbdf2 ZJS |
562 | |
563 | <para>If the age field starts with a tilde character | |
564 | <literal>~</literal>, the clean-up is only applied to files and | |
565 | directories one level inside the directory specified, but not | |
566 | the files and directories immediately inside it.</para> | |
662b3e58 LW |
567 | |
568 | <para>The age of a file system entry is determined from its last | |
569 | modification timestamp (mtime), its last access timestamp (atime), | |
570 | and (except for directories) its last status change timestamp | |
571 | (ctime). Any of these three (or two) values will prevent cleanup | |
572 | if it is more recent than the current time minus the age | |
573 | field.</para> | |
302fbdf2 ZJS |
574 | </refsect2> |
575 | ||
576 | <refsect2> | |
577 | <title>Argument</title> | |
578 | ||
49e87292 LP |
579 | <para>For <varname>L</varname> lines determines the destination path of the symlink. For <varname>c</varname> and |
580 | <varname>b</varname>, determines the major/minor of the device node, with major and minor formatted as integers, | |
581 | separated by <literal>:</literal>, e.g. <literal>1:3</literal>. For <varname>f</varname>, <varname>F</varname>, | |
582 | and <varname>w</varname>, the argument may be used to specify a short string that is written to the file, | |
583 | suffixed by a newline. For <varname>C</varname>, specifies the source file or directory. For <varname>t</varname> | |
584 | and <varname>T</varname>, determines extended attributes to be set. For <varname>a</varname> and | |
585 | <varname>A</varname>, determines ACL attributes to be set. For <varname>h</varname> and <varname>H</varname>, | |
586 | determines the file attributes to set. Ignored for all other lines.</para> | |
2df36d09 ZJS |
587 | |
588 | <para>This field can contain specifiers, see below.</para> | |
302fbdf2 | 589 | </refsect2> |
2df36d09 | 590 | </refsect1> |
302fbdf2 | 591 | |
2df36d09 ZJS |
592 | <refsect1> |
593 | <title>Specifiers</title> | |
594 | ||
595 | <para>Specifiers can be used in the "path" and "argument" fields. | |
751223fe | 596 | An unknown or unresolvable specifier is treated as invalid configuration. |
2df36d09 ZJS |
597 | The following expansions are understood:</para> |
598 | <table> | |
599 | <title>Specifiers available</title> | |
600 | <tgroup cols='3' align='left' colsep='1' rowsep='1'> | |
601 | <colspec colname="spec" /> | |
602 | <colspec colname="mean" /> | |
603 | <colspec colname="detail" /> | |
604 | <thead> | |
605 | <row> | |
606 | <entry>Specifier</entry> | |
607 | <entry>Meaning</entry> | |
608 | <entry>Details</entry> | |
609 | </row> | |
610 | </thead> | |
611 | <tbody> | |
2df36d09 ZJS |
612 | <row> |
613 | <entry><literal>%b</literal></entry> | |
614 | <entry>Boot ID</entry> | |
615 | <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry> | |
616 | </row> | |
709f4c47 LP |
617 | <row> |
618 | <entry><literal>%C</literal></entry> | |
619 | <entry>System or user cache directory</entry> | |
620 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CACHE_HOME</varname>, and <filename>/var/cache</filename> otherwise.</entry> | |
621 | </row> | |
622 | <row> | |
623 | <entry><literal>%h</literal></entry> | |
624 | <entry>User home directory</entry> | |
052c59c3 | 625 | <entry>This is the home directory of the user running the command. In case of the system instance this resolves to <literal>/root</literal>.</entry> |
709f4c47 | 626 | </row> |
2df36d09 ZJS |
627 | <row> |
628 | <entry><literal>%H</literal></entry> | |
629 | <entry>Host name</entry> | |
630 | <entry>The hostname of the running system.</entry> | |
631 | </row> | |
632 | <row> | |
709f4c47 LP |
633 | <entry><literal>%L</literal></entry> |
634 | <entry>System or user log directory</entry> | |
635 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname> with <filename noindex='true'>/log</filename> appended, and <filename>/var/log</filename> otherwise.</entry> | |
ca23eeb5 TW |
636 | </row> |
637 | <row> | |
709f4c47 LP |
638 | <entry><literal>%m</literal></entry> |
639 | <entry>Machine ID</entry> | |
640 | <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry> | |
ca23eeb5 TW |
641 | </row> |
642 | <row> | |
709f4c47 LP |
643 | <entry><literal>%S</literal></entry> |
644 | <entry>System or user state directory</entry> | |
645 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname>, and <filename>/var/lib</filename> otherwise.</entry> | |
ca23eeb5 | 646 | </row> |
5a8575ef ZJS |
647 | <row> |
648 | <entry><literal>%t</literal></entry> | |
649 | <entry>System or user runtime directory</entry> | |
650 | <entry>In --user mode, this is the same <varname>$XDG_RUNTIME_DIR</varname>, and <filename>/run</filename> otherwise.</entry> | |
651 | </row> | |
b294e594 LP |
652 | <row> |
653 | <entry><literal>%T</literal></entry> | |
654 | <entry>Directory for temporary files</entry> | |
655 | <entry>This is either <filename>/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> | |
656 | </row> | |
5a8575ef | 657 | <row> |
709f4c47 LP |
658 | <entry><literal>%u</literal></entry> |
659 | <entry>User name</entry> | |
052c59c3 | 660 | <entry>This is the name of the user running the command. In case of the system instance this resolves to <literal>root</literal>.</entry> |
5a8575ef ZJS |
661 | </row> |
662 | <row> | |
709f4c47 LP |
663 | <entry><literal>%U</literal></entry> |
664 | <entry>User UID</entry> | |
052c59c3 | 665 | <entry>This is the numeric UID of the user running the command. In case of the system instance this resolves to <constant>0</constant>.</entry> |
5a8575ef ZJS |
666 | </row> |
667 | <row> | |
709f4c47 LP |
668 | <entry><literal>%v</literal></entry> |
669 | <entry>Kernel release</entry> | |
670 | <entry>Identical to <command>uname -r</command> output.</entry> | |
5a8575ef | 671 | </row> |
b294e594 LP |
672 | <row> |
673 | <entry><literal>%V</literal></entry> | |
674 | <entry>Directory for larger and persistent temporary files</entry> | |
675 | <entry>This is either <filename>/var/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> | |
676 | </row> | |
2df36d09 ZJS |
677 | <row> |
678 | <entry><literal>%%</literal></entry> | |
5a8575ef | 679 | <entry>Escaped <literal>%</literal></entry> |
2df36d09 ZJS |
680 | <entry>Single percent sign.</entry> |
681 | </row> | |
682 | </tbody> | |
683 | </tgroup> | |
684 | </table> | |
302fbdf2 ZJS |
685 | </refsect1> |
686 | ||
687 | <refsect1> | |
4b743d67 | 688 | <title>Examples</title> |
302fbdf2 | 689 | <example> |
4b743d67 ZJS |
690 | <title>Create directories with specific mode and ownership</title> |
691 | <para> | |
0a07667d | 692 | <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4b743d67 ZJS |
693 | needs two directories created at boot with specific modes and ownership:</para> |
694 | ||
695 | <programlisting># /usr/lib/tmpfiles.d/screen.conf | |
696 | d /run/screens 1777 root screen 10d | |
697 | d /run/uscreens 0755 root screen 10d12h | |
698 | </programlisting> | |
699 | ||
700 | <para>Contents of <filename>/run/screens</filename> and /run/uscreens will | |
1655cdee | 701 | be cleaned up after 10 and 10½ days, respectively.</para> |
4b743d67 | 702 | </example> |
302fbdf2 | 703 | |
4b743d67 ZJS |
704 | <example> |
705 | <title>Create a directory with a SMACK attribute</title> | |
706 | <programlisting>D /run/cups - - - - | |
707 | t /run/cups - - - - security.SMACK64=printing user.attr-with-spaces="foo bar" | |
708 | </programlisting> | |
709 | ||
b17649ee | 710 | <para>The directory will be owned by root and have default mode. Its contents are |
4b743d67 ZJS |
711 | not subject to time based cleanup, but will be obliterated when |
712 | <command>systemd-tmpfiles --remove</command> runs.</para> | |
302fbdf2 | 713 | </example> |
4b743d67 | 714 | |
302fbdf2 | 715 | <example> |
4b743d67 ZJS |
716 | <title>Create a directory and prevent its contents from cleanup</title> |
717 | <para> | |
0a07667d | 718 | <citerefentry project='die-net'><refentrytitle>abrt</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4b743d67 ZJS |
719 | needs a directory created at boot with specific mode and ownership and its content |
720 | should be preserved from the automatic cleanup applied to the contents of | |
721 | <filename>/var/tmp</filename>:</para> | |
722 | ||
723 | <programlisting># /usr/lib/tmpfiles.d/tmp.conf | |
724 | d /var/tmp 1777 root root 30d | |
725 | </programlisting> | |
726 | ||
727 | <programlisting># /usr/lib/tmpfiles.d/abrt.conf | |
728 | d /var/tmp/abrt 0755 abrt abrt - | |
df8dee85 ZJS |
729 | </programlisting> |
730 | </example> | |
731 | ||
732 | <example> | |
733 | <title>Apply clean up during boot and based on time</title> | |
734 | ||
735 | <programlisting># /usr/lib/tmpfiles.d/dnf.conf | |
736 | r! /var/cache/dnf/*/*/download_lock.pid | |
737 | r! /var/cache/dnf/*/*/metadata_lock.pid | |
738 | r! /var/lib/dnf/rpmdb_lock.pid | |
e80f1a79 | 739 | e /var/cache/dnf/ - - - 30d |
4b743d67 | 740 | </programlisting> |
302fbdf2 | 741 | |
df8dee85 | 742 | <para>The lock files will be removed during boot. Any files and directories in |
e80f1a79 | 743 | <filename>/var/cache/dnf/</filename> will be removed after they have not been |
df8dee85 | 744 | accessed in 30 days.</para> |
302fbdf2 | 745 | </example> |
ed7fd549 ZJS |
746 | |
747 | <example> | |
b719b26c | 748 | <title>Empty the contents of a cache directory on boot</title> |
ed7fd549 ZJS |
749 | |
750 | <programlisting># /usr/lib/tmpfiles.d/krb5rcache.conf | |
751 | e! /var/cache/krb5rcache - - - 0 | |
752 | </programlisting> | |
753 | ||
754 | <para>Any files and subdirectories in <filename>/var/cache/krb5rcache/</filename> | |
755 | will be removed on boot. The directory will not be created. | |
756 | </para> | |
757 | </example> | |
302fbdf2 ZJS |
758 | </refsect1> |
759 | ||
760 | <refsect1> | |
761 | <title>See Also</title> | |
762 | <para> | |
763 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
764 | <citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
765 | <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
f8eeeaf9 ZJS |
766 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
767 | <citerefentry project='man-pages'><refentrytitle>attr</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
768 | <citerefentry project='man-pages'><refentrytitle>getfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
769 | <citerefentry project='man-pages'><refentrytitle>setfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
770 | <citerefentry project='man-pages'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
fa3f5fd2 | 771 | <citerefentry project='man-pages'><refentrytitle>getfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
5fb13eb5 LP |
772 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
773 | <citerefentry project='die-net'><refentrytitle>btrfs-subvolume</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
774 | <citerefentry project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
302fbdf2 ZJS |
775 | </para> |
776 | </refsect1> | |
4149f86d BP |
777 | |
778 | </refentry> |