]>
Commit | Line | Data |
---|---|---|
514094f9 | 1 | <?xml version='1.0'?> |
12b42c76 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
4149f86d | 3 | <!-- |
572eb058 ZJS |
4 | SPDX-License-Identifier: LGPL-2.1+ |
5 | ||
96b2fb93 | 6 | Copyright © 2010 Brandon Philips |
4149f86d BP |
7 | --> |
8 | <refentry id="tmpfiles.d"> | |
9 | ||
302fbdf2 ZJS |
10 | <refentryinfo> |
11 | <title>tmpfiles.d</title> | |
12 | <productname>systemd</productname> | |
302fbdf2 ZJS |
13 | </refentryinfo> |
14 | ||
15 | <refmeta> | |
16 | <refentrytitle>tmpfiles.d</refentrytitle> | |
17 | <manvolnum>5</manvolnum> | |
18 | </refmeta> | |
19 | ||
20 | <refnamediv> | |
21 | <refname>tmpfiles.d</refname> | |
22 | <refpurpose>Configuration for creation, deletion and cleaning of | |
23 | volatile and temporary files</refpurpose> | |
24 | </refnamediv> | |
25 | ||
26 | <refsynopsisdiv> | |
f2b5ca0e ZJS |
27 | <para><literallayout><filename>/etc/tmpfiles.d/*.conf</filename> |
28 | <filename>/run/tmpfiles.d/*.conf</filename> | |
29 | <filename>/usr/lib/tmpfiles.d/*.conf</filename> | |
30 | </literallayout></para> | |
31 | ||
32 | <para><literallayout><filename>~/.config/user-tmpfiles.d/*.conf</filename> | |
33 | <filename>$XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf</filename> | |
34 | <filename>~/.local/share/user-tmpfiles.d/*.conf</filename> | |
35 | <filename>…</filename> | |
36 | <filename>/usr/share/user-tmpfiles.d/*.conf</filename> | |
37 | </literallayout></para> | |
302fbdf2 ZJS |
38 | </refsynopsisdiv> |
39 | ||
40 | <refsect1> | |
41 | <title>Description</title> | |
42 | ||
43 | <para><command>systemd-tmpfiles</command> uses the configuration | |
44 | files from the above directories to describe the creation, | |
45 | cleaning and removal of volatile and temporary files and | |
46 | directories which usually reside in directories such as | |
47 | <filename>/run</filename> or <filename>/tmp</filename>.</para> | |
48 | ||
51c169c8 LP |
49 | <para>Volatile and temporary files and directories are those located in <filename>/run</filename>, |
50 | <filename>/tmp</filename>, <filename>/var/tmp</filename>, the API file systems such as <filename>/sys</filename> or | |
51 | <filename>/proc</filename>, as well as some other directories below <filename>/var</filename>.</para> | |
302fbdf2 ZJS |
52 | |
53 | <para>System daemons frequently require private runtime | |
54 | directories below <filename>/run</filename> to place communication | |
55 | sockets and similar in. For these, consider declaring them in | |
56 | their unit files using <varname>RuntimeDirectory=</varname> (see | |
57 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
58 | for details), if this is feasible.</para> | |
59 | </refsect1> | |
60 | ||
61 | <refsect1> | |
8165be2e | 62 | <title>Configuration Directories and Precedence</title> |
302fbdf2 ZJS |
63 | |
64 | <para>Each configuration file shall be named in the style of | |
65 | <filename><replaceable>package</replaceable>.conf</filename> or | |
66 | <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>. | |
67 | The second variant should be used when it is desirable to make it | |
68 | easy to override just this part of configuration.</para> | |
69 | ||
ad19c578 LP |
70 | <para>Files in <filename>/etc/tmpfiles.d</filename> override files with the same name in |
71 | <filename>/usr/lib/tmpfiles.d</filename> and <filename>/run/tmpfiles.d</filename>. Files in | |
72 | <filename>/run/tmpfiles.d</filename> override files with the same name in | |
73 | <filename>/usr/lib/tmpfiles.d</filename>. Packages should install their configuration files in | |
74 | <filename>/usr/lib/tmpfiles.d</filename>. Files in <filename>/etc/tmpfiles.d</filename> are reserved for the local | |
75 | administrator, who may use this logic to override the configuration files installed by vendor packages. All | |
76 | configuration files are sorted by their filename in lexicographic order, regardless of which of the directories | |
77 | they reside in. If multiple files specify the same path, the entry in the file with the lexicographically earliest | |
78 | name will be applied. All other conflicting entries will be logged as errors. When two lines are prefix path and | |
79 | suffix path of each other, then the prefix line is always created first, the suffix later (and if removal applies | |
80 | to the line, the order is reversed: the suffix is removed first, the prefix later). Lines that take globs are | |
81 | applied after those accepting no globs. If multiple operations shall be applied on the same file, (such as ACL, | |
82 | xattr, file attribute adjustments), these are always done in the same fixed order. Otherwise, the files/directories | |
83 | are processed in the order they are listed.</para> | |
302fbdf2 ZJS |
84 | |
85 | <para>If the administrator wants to disable a configuration file | |
86 | supplied by the vendor, the recommended way is to place a symlink | |
87 | to <filename>/dev/null</filename> in | |
88 | <filename>/etc/tmpfiles.d/</filename> bearing the same filename. | |
89 | </para> | |
8165be2e ZJS |
90 | </refsect1> |
91 | ||
92 | <refsect1> | |
93 | <title>Configuration File Format</title> | |
302fbdf2 ZJS |
94 | |
95 | <para>The configuration format is one line per path containing | |
96 | type, path, mode, ownership, age, and argument fields:</para> | |
97 | ||
98 | <programlisting>#Type Path Mode UID GID Age Argument | |
ed7fd549 ZJS |
99 | d /run/user 0755 root root 10d - |
100 | L /tmp/foobar - - - - /dev/null</programlisting> | |
302fbdf2 | 101 | |
657cf7f4 | 102 | <para>Fields may be enclosed within quotes and contain C-style escapes.</para> |
103 | ||
302fbdf2 ZJS |
104 | <refsect2> |
105 | <title>Type</title> | |
106 | ||
107 | <para>The type consists of a single letter and optionally an | |
6d7b5433 | 108 | exclamation mark and/or minus sign.</para> |
302fbdf2 ZJS |
109 | |
110 | <para>The following line types are understood:</para> | |
111 | ||
112 | <variablelist> | |
113 | <varlistentry> | |
114 | <term><varname>f</varname></term> | |
49e87292 LP |
115 | <listitem><para>Create a file if it does not exist yet. If the argument parameter is given and the file did |
116 | not exist yet, it will be written to the file. Does not follow symlinks.</para></listitem> | |
302fbdf2 ZJS |
117 | </varlistentry> |
118 | ||
119 | <varlistentry> | |
120 | <term><varname>F</varname></term> | |
121 | <listitem><para>Create or truncate a file. If the argument | |
6a9171d2 | 122 | parameter is given, it will be written to the file. Does not follow symlinks.</para> |
302fbdf2 ZJS |
123 | </listitem> |
124 | </varlistentry> | |
125 | ||
126 | <varlistentry> | |
127 | <term><varname>w</varname></term> | |
128 | <listitem><para>Write the argument parameter to a file, if | |
129 | the file exists. Lines of this type accept shell-style | |
130 | globs in place of normal path names. The argument parameter | |
131 | will be written without a trailing newline. C-style | |
6a9171d2 LP |
132 | backslash escapes are interpreted. Follows |
133 | symlinks.</para></listitem> | |
302fbdf2 ZJS |
134 | </varlistentry> |
135 | ||
136 | <varlistentry> | |
137 | <term><varname>d</varname></term> | |
4b743d67 ZJS |
138 | <listitem><para>Create a directory. The mode and ownership will be adjusted if |
139 | specified and the directory already exists. Contents of this directory are subject | |
ed7fd549 | 140 | to time based cleanup if the age argument is specified.</para></listitem> |
302fbdf2 ZJS |
141 | </varlistentry> |
142 | ||
143 | <varlistentry> | |
144 | <term><varname>D</varname></term> | |
4b743d67 ZJS |
145 | <listitem><para>Similar to <varname>d</varname>, but in addition the contents |
146 | of the directory will be removed when <option>--remove</option> is used. | |
147 | </para></listitem> | |
148 | </varlistentry> | |
df8dee85 ZJS |
149 | |
150 | <varlistentry> | |
151 | <term><varname>e</varname></term> | |
ed7fd549 ZJS |
152 | <listitem><para>Similar to <varname>d</varname>, but the directory will not be created if |
153 | it does not exist. Lines of this type accept shell-style globs in place of normal path | |
154 | names. For this entry to be useful, at least one of the mode, uid, gid, or age arguments | |
155 | must be specified, since otherwise this entry has no effect. If the age argument is | |
156 | <literal>0</literal>, contents of the directory will be unconditionally deleted every time | |
157 | <command>systemd-tmpfiles --clean</command> is run. This can be useful when combined with | |
158 | <varname>!</varname>, see the examples.</para></listitem> | |
302fbdf2 ZJS |
159 | </varlistentry> |
160 | ||
161 | <varlistentry> | |
162 | <term><varname>v</varname></term> | |
163 | <listitem><para>Create a subvolume if the path does not | |
2904e949 LP |
164 | exist yet, the file system supports subvolumes (btrfs), and |
165 | the system itself is installed into a subvolume | |
166 | (specifically: the root directory <filename>/</filename> is | |
167 | itself a subvolume). Otherwise, create a normal directory, in | |
168 | the same way as <varname>d</varname>. A subvolume created | |
169 | with this line type is not assigned to any higher-level | |
170 | quota group. For that, use <varname>q</varname> or | |
171 | <varname>Q</varname>, which allow creating simple quota | |
172 | group hierarchies, see below.</para></listitem> | |
5fb13eb5 LP |
173 | </varlistentry> |
174 | ||
175 | <varlistentry> | |
176 | <term><varname>q</varname></term> | |
f17a8d61 FB |
177 | <listitem><para>Similar to <varname>v</varname>. However, makes sure that the subvolume will be assigned to |
178 | the same higher-level quota groups as the subvolume it has been created in. This ensures that higher-level | |
179 | limits and accounting applied to the parent subvolume also include the specified subvolume. On non-btrfs file | |
180 | systems, this line type is identical to <varname>d</varname>.</para> | |
181 | ||
182 | <para>If the subvolume already exists, no change to the quota hierarchy is made, regardless of whether the | |
183 | subvolume is already attached to a quota group or not. Also see <varname>Q</varname> below. See <citerefentry | |
184 | project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for | |
185 | details about the btrfs quota group concept.</para></listitem> | |
5fb13eb5 LP |
186 | </varlistentry> |
187 | ||
188 | <varlistentry> | |
189 | <term><varname>Q</varname></term> | |
f17a8d61 FB |
190 | <listitem><para>Similar to <varname>q</varname>. However, instead of copying the higher-level quota group |
191 | assignments from the parent as-is, the lowest quota group of the parent subvolume is determined that is not | |
192 | the leaf quota group. Then, an "intermediary" quota group is inserted that is one level below this level, and | |
193 | shares the same ID part as the specified subvolume. If no higher-level quota group exists for the parent | |
194 | subvolume, a new quota group at level 255 sharing the same ID as the specified subvolume is inserted | |
195 | instead. This new intermediary quota group is then assigned to the parent subvolume's higher-level quota | |
196 | groups, and the specified subvolume's leaf quota group is assigned to it.</para> | |
197 | ||
198 | <para>Effectively, this has a similar effect as <varname>q</varname>, however introduces a new higher-level | |
199 | quota group for the specified subvolume that may be used to enforce limits and accounting to the specified | |
200 | subvolume and children subvolume created within it. Thus, by creating subvolumes only via | |
201 | <varname>q</varname> and <varname>Q</varname>, a concept of "subtree quotas" is implemented. Each subvolume | |
202 | for which <varname>Q</varname> is set will get a "subtree" quota group created, and all child subvolumes | |
203 | created within it will be assigned to it. Each subvolume for which <varname>q</varname> is set will not get | |
204 | such a "subtree" quota group, but it is ensured that they are added to the same "subtree" quota group as | |
205 | their immediate parents.</para> | |
206 | ||
207 | <para>It is recommended to use <varname>Q</varname> for subvolumes that typically contain further subvolumes, | |
208 | and where it is desirable to have accounting and quota limits on all child subvolumes together. Examples for | |
209 | <varname>Q</varname> are typically <filename>/home</filename> or <filename>/var/lib/machines</filename>. In | |
210 | contrast, <varname>q</varname> should be used for subvolumes that either usually do not include further | |
211 | subvolumes or where no accounting and quota limits are needed that apply to all child subvolumes | |
212 | together. Examples for <varname>q</varname> are typically <filename>/var</filename> or | |
213 | <filename>/var/tmp</filename>. </para> | |
214 | ||
215 | <para>As with <varname>q</varname>, <varname>Q</varname> has no effect on the quota group hierarchy if the | |
216 | subvolume already exists, regardless of whether the subvolume already belong to a quota group or | |
217 | not.</para></listitem> | |
302fbdf2 ZJS |
218 | </varlistentry> |
219 | ||
220 | <varlistentry> | |
221 | <term><varname>p</varname></term> | |
222 | <term><varname>p+</varname></term> | |
223 | <listitem><para>Create a named pipe (FIFO) if it does not | |
224 | exist yet. If suffixed with <varname>+</varname> and a file | |
225 | already exists where the pipe is to be created, it will be | |
226 | removed and be replaced by the pipe.</para></listitem> | |
227 | </varlistentry> | |
228 | ||
229 | <varlistentry> | |
230 | <term><varname>L</varname></term> | |
231 | <term><varname>L+</varname></term> | |
232 | <listitem><para>Create a symlink if it does not exist | |
b3f5897f WD |
233 | yet. If suffixed with <varname>+</varname> and a file or |
234 | directory already exists where the symlink is to be created, | |
235 | it will be removed and be replaced by the symlink. If the | |
236 | argument is omitted, symlinks to files with the same name | |
237 | residing in the directory | |
238 | <filename>/usr/share/factory/</filename> are created. Note | |
239 | that permissions and ownership on symlinks are ignored. | |
240 | </para></listitem> | |
302fbdf2 ZJS |
241 | </varlistentry> |
242 | ||
243 | <varlistentry> | |
244 | <term><varname>c</varname></term> | |
245 | <term><varname>c+</varname></term> | |
246 | <listitem><para>Create a character device node if it does | |
247 | not exist yet. If suffixed with <varname>+</varname> and a | |
248 | file already exists where the device node is to be created, | |
249 | it will be removed and be replaced by the device node. It is | |
250 | recommended to suffix this entry with an exclamation mark to | |
251 | only create static device nodes at boot, as udev will not | |
252 | manage static device nodes that are created at runtime. | |
253 | </para></listitem> | |
254 | </varlistentry> | |
255 | ||
256 | <varlistentry> | |
257 | <term><varname>b</varname></term> | |
258 | <term><varname>b+</varname></term> | |
259 | <listitem><para>Create a block device node if it does not | |
260 | exist yet. If suffixed with <varname>+</varname> and a file | |
261 | already exists where the device node is to be created, it | |
262 | will be removed and be replaced by the device node. It is | |
263 | recommended to suffix this entry with an exclamation mark to | |
264 | only create static device nodes at boot, as udev will not | |
265 | manage static device nodes that are created at runtime. | |
266 | </para></listitem> | |
267 | </varlistentry> | |
268 | ||
269 | <varlistentry> | |
270 | <term><varname>C</varname></term> | |
271 | <listitem><para>Recursively copy a file or directory, if the | |
272 | destination files or directories do not exist yet. Note that | |
273 | this command will not descend into subdirectories if the | |
274 | destination directory already exists. Instead, the entire | |
275 | copy operation is skipped. If the argument is omitted, files | |
276 | from the source directory | |
277 | <filename>/usr/share/factory/</filename> with the same name | |
6a9171d2 | 278 | are copied. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
279 | </varlistentry> |
280 | ||
281 | <varlistentry> | |
282 | <term><varname>x</varname></term> | |
283 | <listitem><para>Ignore a path during cleaning. Use this type | |
284 | to exclude paths from clean-up as controlled with the Age | |
285 | parameter. Note that lines of this type do not influence the | |
286 | effect of <varname>r</varname> or <varname>R</varname> | |
50d9e46d | 287 | lines. Lines of this type accept shell-style globs in place |
302fbdf2 ZJS |
288 | of normal path names. </para></listitem> |
289 | </varlistentry> | |
290 | ||
291 | <varlistentry> | |
292 | <term><varname>X</varname></term> | |
293 | <listitem><para>Ignore a path during cleaning. Use this type | |
294 | to exclude paths from clean-up as controlled with the Age | |
295 | parameter. Unlike <varname>x</varname>, this parameter will | |
296 | not exclude the content if path is a directory, but only | |
297 | directory itself. Note that lines of this type do not | |
298 | influence the effect of <varname>r</varname> or | |
50d9e46d | 299 | <varname>R</varname> lines. Lines of this type accept |
302fbdf2 ZJS |
300 | shell-style globs in place of normal path names. |
301 | </para></listitem> | |
302 | </varlistentry> | |
303 | ||
304 | <varlistentry> | |
305 | <term><varname>r</varname></term> | |
306 | <listitem><para>Remove a file or directory if it exists. | |
307 | This may not be used to remove non-empty directories, use | |
308 | <varname>R</varname> for that. Lines of this type accept | |
309 | shell-style globs in place of normal path | |
6a9171d2 | 310 | names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
311 | </varlistentry> |
312 | ||
313 | <varlistentry> | |
314 | <term><varname>R</varname></term> | |
315 | <listitem><para>Recursively remove a path and all its | |
316 | subdirectories (if it is a directory). Lines of this type | |
317 | accept shell-style globs in place of normal path | |
6a9171d2 | 318 | names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
319 | </varlistentry> |
320 | ||
321 | <varlistentry> | |
322 | <term><varname>z</varname></term> | |
323 | <listitem><para>Adjust the access mode, group and user, and | |
324 | restore the SELinux security context of a file or directory, | |
325 | if it exists. Lines of this type accept shell-style globs in | |
6a9171d2 | 326 | place of normal path names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
327 | </varlistentry> |
328 | ||
329 | <varlistentry> | |
330 | <term><varname>Z</varname></term> | |
331 | <listitem><para>Recursively set the access mode, group and | |
332 | user, and restore the SELinux security context of a file or | |
333 | directory if it exists, as well as of its subdirectories and | |
334 | the files contained therein (if applicable). Lines of this | |
6a9171d2 LP |
335 | type accept shell-style globs in place of normal path |
336 | names. Does not follow symlinks. </para></listitem> | |
302fbdf2 ZJS |
337 | </varlistentry> |
338 | ||
339 | <varlistentry> | |
340 | <term><varname>t</varname></term> | |
b705ab6a ZJS |
341 | <listitem><para>Set extended attributes. Lines of this type |
342 | accept shell-style globs in place of normal path names. | |
6a9171d2 LP |
343 | This can be useful for setting SMACK labels. Does not follow |
344 | symlinks.</para></listitem> | |
b705ab6a ZJS |
345 | </varlistentry> |
346 | ||
347 | <varlistentry> | |
348 | <term><varname>T</varname></term> | |
349 | <listitem><para>Recursively set extended attributes. Lines | |
350 | of this type accept shell-style globs in place of normal | |
6a9171d2 LP |
351 | path names. This can be useful for setting SMACK |
352 | labels. Does not follow symlinks. </para></listitem> | |
302fbdf2 | 353 | </varlistentry> |
f8eeeaf9 | 354 | |
fa3f5fd2 GB |
355 | <varlistentry> |
356 | <term><varname>h</varname></term> | |
357 | <listitem><para>Set file/directory attributes. Lines of this type | |
358 | accept shell-style globs in place of normal path names.</para> | |
359 | ||
1ae705fb LP |
360 | <para>The format of the argument field is |
361 | <varname>[+-=][aAcCdDeijsStTu] </varname>. The prefix | |
362 | <varname>+</varname> (the default one) causes the | |
fa3f5fd2 | 363 | attribute(s) to be added; <varname>-</varname> causes the |
1ae705fb | 364 | attribute(s) to be removed; <varname>=</varname> causes the |
a8eaaee7 | 365 | attributes to be set exactly as the following letters. The |
1ae705fb | 366 | letters <literal>aAcCdDeijsStTu</literal> select the new |
fa3f5fd2 | 367 | attributes for the files, see |
c30c611c | 368 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle> |
fa3f5fd2 GB |
369 | <manvolnum>1</manvolnum></citerefentry> for further information. |
370 | </para> | |
1ae705fb LP |
371 | <para>Passing only <varname>=</varname> as argument resets |
372 | all the file attributes listed above. It has to be pointed | |
b938cb90 | 373 | out that the <varname>=</varname> prefix limits itself to |
1ae705fb LP |
374 | the attributes corresponding to the letters listed here. All |
375 | other attributes will be left untouched. Does not follow | |
376 | symlinks.</para> | |
fa3f5fd2 GB |
377 | </listitem> |
378 | </varlistentry> | |
379 | ||
380 | <varlistentry> | |
381 | <term><varname>H</varname></term> | |
382 | <listitem><para>Recursively set file/directory attributes. Lines | |
383 | of this type accept shell-style globs in place of normal | |
6a9171d2 | 384 | path names. Does not follow symlinks. |
fa3f5fd2 GB |
385 | </para></listitem> |
386 | </varlistentry> | |
387 | ||
f8eeeaf9 ZJS |
388 | <varlistentry> |
389 | <term><varname>a</varname></term> | |
50d9e46d ZJS |
390 | <term><varname>a+</varname></term> |
391 | <listitem><para>Set POSIX ACLs (access control lists). If | |
a8eaaee7 | 392 | suffixed with <varname>+</varname>, the specified entries will |
dd4105b0 ZJS |
393 | be added to the existing set. |
394 | <command>systemd-tmpfiles</command> will automatically add | |
395 | the required base entries for user and group based on the | |
396 | access mode of the file, unless base entries already exist | |
7f3fdb7f | 397 | or are explicitly specified. The mask will be added if not |
dd4105b0 ZJS |
398 | specified explicitly or already present. Lines of this type |
399 | accept shell-style globs in place of normal path names. This | |
400 | can be useful for allowing additional access to certain | |
6a9171d2 | 401 | files. Does not follow symlinks.</para></listitem> |
b705ab6a ZJS |
402 | </varlistentry> |
403 | ||
404 | <varlistentry> | |
405 | <term><varname>A</varname></term> | |
50d9e46d ZJS |
406 | <term><varname>A+</varname></term> |
407 | <listitem><para>Same as <varname>a</varname> and | |
6a9171d2 LP |
408 | <varname>a+</varname>, but recursive. Does not follow |
409 | symlinks.</para></listitem> | |
f8eeeaf9 | 410 | </varlistentry> |
302fbdf2 ZJS |
411 | </variablelist> |
412 | ||
413 | <para>If the exclamation mark is used, this line is only safe of | |
414 | execute during boot, and can break a running system. Lines | |
415 | without the exclamation mark are presumed to be safe to execute | |
416 | at any time, e.g. on package upgrades. | |
417 | <command>systemd-tmpfiles</command> will execute line with an | |
418 | exclamation mark only if option <option>--boot</option> is | |
419 | given.</para> | |
420 | ||
421 | <para>For example: | |
422 | <programlisting># Make sure these are created by default so that nobody else can | |
9b9c30ec | 423 | d /tmp/.X11-unix 1777 root root 10d |
302fbdf2 | 424 | |
9b9c30ec LP |
425 | # Unlink the X11 lock files |
426 | r! /tmp/.X[0-9]*-lock</programlisting> | |
302fbdf2 ZJS |
427 | The second line in contrast to the first one would break a |
428 | running system, and will only be executed with | |
429 | <option>--boot</option>.</para> | |
7fa10748 | 430 | |
6d7b5433 WD |
431 | <para>If the minus sign is used, this line failing to run |
432 | successfully during create (and only create) will not cause | |
433 | the execution of <command>systemd-tmpfiles</command> to return | |
434 | an error.</para> | |
435 | ||
436 | <para>For example: | |
437 | <programlisting># Modify sysfs but don't fail if we are in a container with a read-only /proc | |
438 | w- /proc/sys/vm/swappiness - - - - 10</programlisting></para> | |
439 | ||
7fa10748 LP |
440 | <para>Note that for all line types that result in creation of any kind of file node |
441 | (i.e. <varname>f</varname>/<varname>F</varname>, | |
442 | <varname>d</varname>/<varname>D</varname>/<varname>v</varname>/<varname>q</varname>/<varname>Q</varname>, | |
443 | <varname>p</varname>, <varname>L</varname>, <varname>c</varname>/<varname>b</varname> and <varname>C</varname>) | |
444 | leading directories are implicitly created if needed, owned by root with an access mode of 0755. In order to | |
445 | create them with different modes or ownership make sure to add appropriate <varname>d</varname> lines.</para> | |
302fbdf2 ZJS |
446 | </refsect2> |
447 | ||
448 | <refsect2> | |
449 | <title>Path</title> | |
450 | ||
451 | <para>The file system path specification supports simple | |
2df36d09 ZJS |
452 | specifier expansion, see below. The path (after expansion) must be |
453 | absolute.</para> | |
302fbdf2 ZJS |
454 | </refsect2> |
455 | ||
456 | <refsect2> | |
457 | <title>Mode</title> | |
458 | ||
459 | <para>The file access mode to use when creating this file or | |
460 | directory. If omitted or when set to <literal>-</literal>, the | |
461 | default is used: 0755 for directories, 0644 for all other file | |
462 | objects. For <varname>z</varname>, <varname>Z</varname> lines, | |
463 | if omitted or when set to <literal>-</literal>, the file access | |
464 | mode will not be modified. This parameter is ignored for | |
465 | <varname>x</varname>, <varname>r</varname>, | |
f8eeeaf9 ZJS |
466 | <varname>R</varname>, <varname>L</varname>, <varname>t</varname>, |
467 | and <varname>a</varname> lines.</para> | |
302fbdf2 ZJS |
468 | |
469 | <para>Optionally, if prefixed with <literal>~</literal>, the | |
470 | access mode is masked based on the already set access bits for | |
471 | existing file or directories: if the existing file has all | |
472 | executable bits unset, all executable bits are removed from the | |
473 | new access mode, too. Similarly, if all read bits are removed | |
474 | from the old access mode, they will be removed from the new | |
475 | access mode too, and if all write bits are removed, they will be | |
476 | removed from the new access mode too. In addition, the | |
477 | sticky/SUID/SGID bit is removed unless applied to a | |
478 | directory. This functionality is particularly useful in | |
479 | conjunction with <varname>Z</varname>.</para> | |
480 | </refsect2> | |
481 | ||
482 | <refsect2> | |
483 | <title>UID, GID</title> | |
484 | ||
8a89c539 YW |
485 | <para>The user and group to use for this file or directory. This may either be a numeric user/group ID or a user or group |
486 | name. If omitted or when set to <literal>-</literal>, the user/group ID of the user who invokes <command>systemd-tmpfiles</command> is used. | |
487 | For <varname>z</varname> and <varname>Z</varname> lines, when omitted or when set to <literal>-</literal>, the file ownership will not be | |
488 | modified. These parameters are ignored for <varname>x</varname>, <varname>r</varname>, <varname>R</varname>, <varname>L</varname>, | |
489 | <varname>t</varname>, and <varname>a</varname> lines.</para> | |
302fbdf2 ZJS |
490 | </refsect2> |
491 | ||
492 | <refsect2> | |
493 | <title>Age</title> | |
494 | <para>The date field, when set, is used to decide what files to | |
495 | delete when cleaning. If a file or directory is older than the | |
496 | current time minus the age field, it is deleted. The field | |
497 | format is a series of integers each followed by one of the | |
a8eaaee7 | 498 | following suffixes for the respective time units: |
00c53f42 ZJS |
499 | <constant>s</constant>, |
500 | <constant>m</constant> or <constant>min</constant>, | |
501 | <constant>h</constant>, | |
502 | <constant>d</constant>, | |
503 | <constant>w</constant>, | |
a8eaaee7 | 504 | <constant>ms</constant>, and |
00c53f42 | 505 | <constant>us</constant>, |
a8eaaee7 JE |
506 | meaning seconds, minutes, hours, days, weeks, |
507 | milliseconds, and microseconds, respectively. Full names of the time units can | |
00c53f42 ZJS |
508 | be used too. |
509 | </para> | |
302fbdf2 ZJS |
510 | |
511 | <para>If multiple integers and units are specified, the time | |
00c53f42 ZJS |
512 | values are summed. If an integer is given without a unit, |
513 | <constant>s</constant> is assumed. | |
302fbdf2 ZJS |
514 | </para> |
515 | ||
516 | <para>When the age is set to zero, the files are cleaned | |
517 | unconditionally.</para> | |
518 | ||
5fb13eb5 | 519 | <para>The age field only applies to lines starting with |
df8dee85 | 520 | <varname>d</varname>, <varname>D</varname>, <varname>e</varname>, |
5fb13eb5 LP |
521 | <varname>v</varname>, <varname>q</varname>, |
522 | <varname>Q</varname>, <varname>C</varname>, <varname>x</varname> | |
523 | and <varname>X</varname>. If omitted or set to | |
524 | <literal>-</literal>, no automatic clean-up is done.</para> | |
302fbdf2 ZJS |
525 | |
526 | <para>If the age field starts with a tilde character | |
527 | <literal>~</literal>, the clean-up is only applied to files and | |
528 | directories one level inside the directory specified, but not | |
529 | the files and directories immediately inside it.</para> | |
662b3e58 LW |
530 | |
531 | <para>The age of a file system entry is determined from its last | |
532 | modification timestamp (mtime), its last access timestamp (atime), | |
533 | and (except for directories) its last status change timestamp | |
534 | (ctime). Any of these three (or two) values will prevent cleanup | |
535 | if it is more recent than the current time minus the age | |
536 | field.</para> | |
302fbdf2 ZJS |
537 | </refsect2> |
538 | ||
539 | <refsect2> | |
540 | <title>Argument</title> | |
541 | ||
49e87292 LP |
542 | <para>For <varname>L</varname> lines determines the destination path of the symlink. For <varname>c</varname> and |
543 | <varname>b</varname>, determines the major/minor of the device node, with major and minor formatted as integers, | |
544 | separated by <literal>:</literal>, e.g. <literal>1:3</literal>. For <varname>f</varname>, <varname>F</varname>, | |
545 | and <varname>w</varname>, the argument may be used to specify a short string that is written to the file, | |
546 | suffixed by a newline. For <varname>C</varname>, specifies the source file or directory. For <varname>t</varname> | |
547 | and <varname>T</varname>, determines extended attributes to be set. For <varname>a</varname> and | |
548 | <varname>A</varname>, determines ACL attributes to be set. For <varname>h</varname> and <varname>H</varname>, | |
549 | determines the file attributes to set. Ignored for all other lines.</para> | |
2df36d09 ZJS |
550 | |
551 | <para>This field can contain specifiers, see below.</para> | |
302fbdf2 | 552 | </refsect2> |
2df36d09 | 553 | </refsect1> |
302fbdf2 | 554 | |
2df36d09 ZJS |
555 | <refsect1> |
556 | <title>Specifiers</title> | |
557 | ||
558 | <para>Specifiers can be used in the "path" and "argument" fields. | |
751223fe | 559 | An unknown or unresolvable specifier is treated as invalid configuration. |
2df36d09 ZJS |
560 | The following expansions are understood:</para> |
561 | <table> | |
562 | <title>Specifiers available</title> | |
563 | <tgroup cols='3' align='left' colsep='1' rowsep='1'> | |
564 | <colspec colname="spec" /> | |
565 | <colspec colname="mean" /> | |
566 | <colspec colname="detail" /> | |
567 | <thead> | |
568 | <row> | |
569 | <entry>Specifier</entry> | |
570 | <entry>Meaning</entry> | |
571 | <entry>Details</entry> | |
572 | </row> | |
573 | </thead> | |
574 | <tbody> | |
2df36d09 ZJS |
575 | <row> |
576 | <entry><literal>%b</literal></entry> | |
577 | <entry>Boot ID</entry> | |
578 | <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry> | |
579 | </row> | |
709f4c47 LP |
580 | <row> |
581 | <entry><literal>%C</literal></entry> | |
582 | <entry>System or user cache directory</entry> | |
583 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CACHE_HOME</varname>, and <filename>/var/cache</filename> otherwise.</entry> | |
584 | </row> | |
585 | <row> | |
586 | <entry><literal>%h</literal></entry> | |
587 | <entry>User home directory</entry> | |
052c59c3 | 588 | <entry>This is the home directory of the user running the command. In case of the system instance this resolves to <literal>/root</literal>.</entry> |
709f4c47 | 589 | </row> |
2df36d09 ZJS |
590 | <row> |
591 | <entry><literal>%H</literal></entry> | |
592 | <entry>Host name</entry> | |
593 | <entry>The hostname of the running system.</entry> | |
594 | </row> | |
595 | <row> | |
709f4c47 LP |
596 | <entry><literal>%L</literal></entry> |
597 | <entry>System or user log directory</entry> | |
598 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname> with <filename noindex='true'>/log</filename> appended, and <filename>/var/log</filename> otherwise.</entry> | |
ca23eeb5 TW |
599 | </row> |
600 | <row> | |
709f4c47 LP |
601 | <entry><literal>%m</literal></entry> |
602 | <entry>Machine ID</entry> | |
603 | <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry> | |
ca23eeb5 TW |
604 | </row> |
605 | <row> | |
709f4c47 LP |
606 | <entry><literal>%S</literal></entry> |
607 | <entry>System or user state directory</entry> | |
608 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname>, and <filename>/var/lib</filename> otherwise.</entry> | |
ca23eeb5 | 609 | </row> |
5a8575ef ZJS |
610 | <row> |
611 | <entry><literal>%t</literal></entry> | |
612 | <entry>System or user runtime directory</entry> | |
8252eb18 | 613 | <entry>In <option>--user</option> mode, this is the same <varname>$XDG_RUNTIME_DIR</varname>, and <filename>/run</filename> otherwise.</entry> |
5a8575ef | 614 | </row> |
b294e594 LP |
615 | <row> |
616 | <entry><literal>%T</literal></entry> | |
617 | <entry>Directory for temporary files</entry> | |
618 | <entry>This is either <filename>/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> | |
619 | </row> | |
b75f0c69 DC |
620 | <row> |
621 | <entry><literal>%g</literal></entry> | |
622 | <entry>User group</entry> | |
623 | <entry>This is the name of the group running the command. In case of the system instance this resolves to <literal>root</literal>.</entry> | |
624 | </row> | |
625 | <row> | |
626 | <entry><literal>%G</literal></entry> | |
627 | <entry>User GID</entry> | |
628 | <entry>This is the numeric GID of the group running the command. In case of the system instance this resolves to <constant>0</constant>.</entry> | |
629 | </row> | |
5a8575ef | 630 | <row> |
709f4c47 LP |
631 | <entry><literal>%u</literal></entry> |
632 | <entry>User name</entry> | |
052c59c3 | 633 | <entry>This is the name of the user running the command. In case of the system instance this resolves to <literal>root</literal>.</entry> |
5a8575ef ZJS |
634 | </row> |
635 | <row> | |
709f4c47 LP |
636 | <entry><literal>%U</literal></entry> |
637 | <entry>User UID</entry> | |
052c59c3 | 638 | <entry>This is the numeric UID of the user running the command. In case of the system instance this resolves to <constant>0</constant>.</entry> |
5a8575ef ZJS |
639 | </row> |
640 | <row> | |
709f4c47 LP |
641 | <entry><literal>%v</literal></entry> |
642 | <entry>Kernel release</entry> | |
643 | <entry>Identical to <command>uname -r</command> output.</entry> | |
5a8575ef | 644 | </row> |
b294e594 LP |
645 | <row> |
646 | <entry><literal>%V</literal></entry> | |
647 | <entry>Directory for larger and persistent temporary files</entry> | |
648 | <entry>This is either <filename>/var/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> | |
649 | </row> | |
2df36d09 ZJS |
650 | <row> |
651 | <entry><literal>%%</literal></entry> | |
5a8575ef | 652 | <entry>Escaped <literal>%</literal></entry> |
2df36d09 ZJS |
653 | <entry>Single percent sign.</entry> |
654 | </row> | |
655 | </tbody> | |
656 | </tgroup> | |
657 | </table> | |
302fbdf2 ZJS |
658 | </refsect1> |
659 | ||
660 | <refsect1> | |
4b743d67 | 661 | <title>Examples</title> |
302fbdf2 | 662 | <example> |
4b743d67 ZJS |
663 | <title>Create directories with specific mode and ownership</title> |
664 | <para> | |
0a07667d | 665 | <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4b743d67 ZJS |
666 | needs two directories created at boot with specific modes and ownership:</para> |
667 | ||
668 | <programlisting># /usr/lib/tmpfiles.d/screen.conf | |
669 | d /run/screens 1777 root screen 10d | |
670 | d /run/uscreens 0755 root screen 10d12h | |
671 | </programlisting> | |
672 | ||
673 | <para>Contents of <filename>/run/screens</filename> and /run/uscreens will | |
1655cdee | 674 | be cleaned up after 10 and 10½ days, respectively.</para> |
4b743d67 | 675 | </example> |
302fbdf2 | 676 | |
4b743d67 ZJS |
677 | <example> |
678 | <title>Create a directory with a SMACK attribute</title> | |
679 | <programlisting>D /run/cups - - - - | |
680 | t /run/cups - - - - security.SMACK64=printing user.attr-with-spaces="foo bar" | |
681 | </programlisting> | |
682 | ||
b17649ee | 683 | <para>The directory will be owned by root and have default mode. Its contents are |
4b743d67 ZJS |
684 | not subject to time based cleanup, but will be obliterated when |
685 | <command>systemd-tmpfiles --remove</command> runs.</para> | |
302fbdf2 | 686 | </example> |
4b743d67 | 687 | |
302fbdf2 | 688 | <example> |
4b743d67 ZJS |
689 | <title>Create a directory and prevent its contents from cleanup</title> |
690 | <para> | |
0a07667d | 691 | <citerefentry project='die-net'><refentrytitle>abrt</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4b743d67 ZJS |
692 | needs a directory created at boot with specific mode and ownership and its content |
693 | should be preserved from the automatic cleanup applied to the contents of | |
694 | <filename>/var/tmp</filename>:</para> | |
695 | ||
696 | <programlisting># /usr/lib/tmpfiles.d/tmp.conf | |
697 | d /var/tmp 1777 root root 30d | |
698 | </programlisting> | |
699 | ||
700 | <programlisting># /usr/lib/tmpfiles.d/abrt.conf | |
701 | d /var/tmp/abrt 0755 abrt abrt - | |
df8dee85 ZJS |
702 | </programlisting> |
703 | </example> | |
704 | ||
705 | <example> | |
706 | <title>Apply clean up during boot and based on time</title> | |
707 | ||
708 | <programlisting># /usr/lib/tmpfiles.d/dnf.conf | |
709 | r! /var/cache/dnf/*/*/download_lock.pid | |
710 | r! /var/cache/dnf/*/*/metadata_lock.pid | |
711 | r! /var/lib/dnf/rpmdb_lock.pid | |
e80f1a79 | 712 | e /var/cache/dnf/ - - - 30d |
4b743d67 | 713 | </programlisting> |
302fbdf2 | 714 | |
df8dee85 | 715 | <para>The lock files will be removed during boot. Any files and directories in |
e80f1a79 | 716 | <filename>/var/cache/dnf/</filename> will be removed after they have not been |
df8dee85 | 717 | accessed in 30 days.</para> |
302fbdf2 | 718 | </example> |
ed7fd549 ZJS |
719 | |
720 | <example> | |
b719b26c | 721 | <title>Empty the contents of a cache directory on boot</title> |
ed7fd549 ZJS |
722 | |
723 | <programlisting># /usr/lib/tmpfiles.d/krb5rcache.conf | |
724 | e! /var/cache/krb5rcache - - - 0 | |
725 | </programlisting> | |
726 | ||
727 | <para>Any files and subdirectories in <filename>/var/cache/krb5rcache/</filename> | |
728 | will be removed on boot. The directory will not be created. | |
729 | </para> | |
730 | </example> | |
302fbdf2 ZJS |
731 | </refsect1> |
732 | ||
733 | <refsect1> | |
734 | <title>See Also</title> | |
735 | <para> | |
736 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
737 | <citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
738 | <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
f8eeeaf9 ZJS |
739 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
740 | <citerefentry project='man-pages'><refentrytitle>attr</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
741 | <citerefentry project='man-pages'><refentrytitle>getfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
742 | <citerefentry project='man-pages'><refentrytitle>setfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
743 | <citerefentry project='man-pages'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
fa3f5fd2 | 744 | <citerefentry project='man-pages'><refentrytitle>getfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
5fb13eb5 LP |
745 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
746 | <citerefentry project='die-net'><refentrytitle>btrfs-subvolume</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
747 | <citerefentry project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
302fbdf2 ZJS |
748 | </para> |
749 | </refsect1> | |
4149f86d BP |
750 | |
751 | </refentry> |