]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/tmpfiles.d.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #10850 from poettering/log-setup
[thirdparty/systemd.git] / man / tmpfiles.d.xml
CommitLineData
514094f9 1<?xml version='1.0'?>
12b42c76 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4149f86d 3<!--
572eb058
ZJS		 4 SPDX-License-Identifier: LGPL-2.1+
5
96b2fb93 6 Copyright © 2010 Brandon Philips
4149f86d
BP		 7-->
8<refentry id="tmpfiles.d">
9
302fbdf2
ZJS		 10 <refentryinfo>
11 <title>tmpfiles.d</title>
12 <productname>systemd</productname>
302fbdf2
ZJS		 13 </refentryinfo>
14
15 <refmeta>
16 <refentrytitle>tmpfiles.d</refentrytitle>
17 <manvolnum>5</manvolnum>
18 </refmeta>
19
20 <refnamediv>
21 <refname>tmpfiles.d</refname>
22 <refpurpose>Configuration for creation, deletion and cleaning of
23 volatile and temporary files</refpurpose>
24 </refnamediv>
25
26 <refsynopsisdiv>
f2b5ca0e
ZJS		 27 <para><literallayout><filename>/etc/tmpfiles.d/*.conf</filename>
28<filename>/run/tmpfiles.d/*.conf</filename>
29<filename>/usr/lib/tmpfiles.d/*.conf</filename>
30 </literallayout></para>
31
32 <para><literallayout><filename>~/.config/user-tmpfiles.d/*.conf</filename>
33<filename>$XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf</filename>
34<filename>~/.local/share/user-tmpfiles.d/*.conf</filename>
35<filename>…</filename>
36<filename>/usr/share/user-tmpfiles.d/*.conf</filename>
37 </literallayout></para>
302fbdf2
ZJS		 38 </refsynopsisdiv>
39
40 <refsect1>
41 <title>Description</title>
42
43 <para><command>systemd-tmpfiles</command> uses the configuration
44 files from the above directories to describe the creation,
45 cleaning and removal of volatile and temporary files and
46 directories which usually reside in directories such as
47 <filename>/run</filename> or <filename>/tmp</filename>.</para>
48
51c169c8
LP		 49 <para>Volatile and temporary files and directories are those located in <filename>/run</filename>,
50 <filename>/tmp</filename>, <filename>/var/tmp</filename>, the API file systems such as <filename>/sys</filename> or
51 <filename>/proc</filename>, as well as some other directories below <filename>/var</filename>.</para>
302fbdf2
ZJS		 52
53 <para>System daemons frequently require private runtime
54 directories below <filename>/run</filename> to place communication
55 sockets and similar in. For these, consider declaring them in
56 their unit files using <varname>RuntimeDirectory=</varname> (see
57 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
58 for details), if this is feasible.</para>
59 </refsect1>
60
61 <refsect1>
8165be2e 62 <title>Configuration Directories and Precedence</title>
302fbdf2
ZJS		 63
64 <para>Each configuration file shall be named in the style of
65 <filename><replaceable>package</replaceable>.conf</filename> or
66 <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
67 The second variant should be used when it is desirable to make it
68 easy to override just this part of configuration.</para>
69
ad19c578
LP		 70 <para>Files in <filename>/etc/tmpfiles.d</filename> override files with the same name in
71 <filename>/usr/lib/tmpfiles.d</filename> and <filename>/run/tmpfiles.d</filename>. Files in
72 <filename>/run/tmpfiles.d</filename> override files with the same name in
73 <filename>/usr/lib/tmpfiles.d</filename>. Packages should install their configuration files in
74 <filename>/usr/lib/tmpfiles.d</filename>. Files in <filename>/etc/tmpfiles.d</filename> are reserved for the local
75 administrator, who may use this logic to override the configuration files installed by vendor packages. All
76 configuration files are sorted by their filename in lexicographic order, regardless of which of the directories
77 they reside in. If multiple files specify the same path, the entry in the file with the lexicographically earliest
78 name will be applied. All other conflicting entries will be logged as errors. When two lines are prefix path and
79 suffix path of each other, then the prefix line is always created first, the suffix later (and if removal applies
80 to the line, the order is reversed: the suffix is removed first, the prefix later). Lines that take globs are
81 applied after those accepting no globs. If multiple operations shall be applied on the same file, (such as ACL,
82 xattr, file attribute adjustments), these are always done in the same fixed order. Otherwise, the files/directories
83 are processed in the order they are listed.</para>
302fbdf2
ZJS		 84
85 <para>If the administrator wants to disable a configuration file
86 supplied by the vendor, the recommended way is to place a symlink
87 to <filename>/dev/null</filename> in
88 <filename>/etc/tmpfiles.d/</filename> bearing the same filename.
89 </para>
8165be2e
ZJS		 90 </refsect1>
91
92 <refsect1>
93 <title>Configuration File Format</title>
302fbdf2
ZJS		 94
95 <para>The configuration format is one line per path containing
96 type, path, mode, ownership, age, and argument fields:</para>
97
98 <programlisting>#Type Path Mode UID GID Age Argument
ed7fd549
ZJS		 99d /run/user 0755 root root 10d -
100L /tmp/foobar - - - - /dev/null</programlisting>
302fbdf2 101
657cf7f4 102 <para>Fields may be enclosed within quotes and contain C-style escapes.</para>
103
302fbdf2
ZJS		 104 <refsect2>
105 <title>Type</title>
106
107 <para>The type consists of a single letter and optionally an
6d7b5433 108 exclamation mark and/or minus sign.</para>
302fbdf2
ZJS		 109
110 <para>The following line types are understood:</para>
111
112 <variablelist>
113 <varlistentry>
114 <term><varname>f</varname></term>
49e87292
LP		 115 <listitem><para>Create a file if it does not exist yet. If the argument parameter is given and the file did
116 not exist yet, it will be written to the file. Does not follow symlinks.</para></listitem>
302fbdf2
ZJS		 117 </varlistentry>
118
119 <varlistentry>
120 <term><varname>F</varname></term>
121 <listitem><para>Create or truncate a file. If the argument
6a9171d2 122 parameter is given, it will be written to the file. Does not follow symlinks.</para>
302fbdf2
ZJS		 123 </listitem>
124 </varlistentry>
125
126 <varlistentry>
127 <term><varname>w</varname></term>
128 <listitem><para>Write the argument parameter to a file, if
129 the file exists. Lines of this type accept shell-style
130 globs in place of normal path names. The argument parameter
131 will be written without a trailing newline. C-style
6a9171d2
LP		 132 backslash escapes are interpreted. Follows
133 symlinks.</para></listitem>
302fbdf2
ZJS		 134 </varlistentry>
135
136 <varlistentry>
137 <term><varname>d</varname></term>
4b743d67
ZJS		 138 <listitem><para>Create a directory. The mode and ownership will be adjusted if
139 specified and the directory already exists. Contents of this directory are subject
ed7fd549 140 to time based cleanup if the age argument is specified.</para></listitem>
302fbdf2
ZJS		 141 </varlistentry>
142
143 <varlistentry>
144 <term><varname>D</varname></term>
4b743d67
ZJS		 145 <listitem><para>Similar to <varname>d</varname>, but in addition the contents
146 of the directory will be removed when <option>--remove</option> is used.
147 </para></listitem>
148 </varlistentry>
df8dee85
ZJS		 149
150 <varlistentry>
151 <term><varname>e</varname></term>
ed7fd549
ZJS		 152 <listitem><para>Similar to <varname>d</varname>, but the directory will not be created if
153 it does not exist. Lines of this type accept shell-style globs in place of normal path
154 names. For this entry to be useful, at least one of the mode, uid, gid, or age arguments
155 must be specified, since otherwise this entry has no effect. If the age argument is
156 <literal>0</literal>, contents of the directory will be unconditionally deleted every time
157 <command>systemd-tmpfiles --clean</command> is run. This can be useful when combined with
158 <varname>!</varname>, see the examples.</para></listitem>
302fbdf2
ZJS		 159 </varlistentry>
160
161 <varlistentry>
162 <term><varname>v</varname></term>
163 <listitem><para>Create a subvolume if the path does not
2904e949
LP		 164 exist yet, the file system supports subvolumes (btrfs), and
165 the system itself is installed into a subvolume
166 (specifically: the root directory <filename>/</filename> is
167 itself a subvolume). Otherwise, create a normal directory, in
168 the same way as <varname>d</varname>. A subvolume created
169 with this line type is not assigned to any higher-level
170 quota group. For that, use <varname>q</varname> or
171 <varname>Q</varname>, which allow creating simple quota
172 group hierarchies, see below.</para></listitem>
5fb13eb5
LP		 173 </varlistentry>
174
175 <varlistentry>
176 <term><varname>q</varname></term>
f17a8d61
FB		 177 <listitem><para>Similar to <varname>v</varname>. However, makes sure that the subvolume will be assigned to
178 the same higher-level quota groups as the subvolume it has been created in. This ensures that higher-level
179 limits and accounting applied to the parent subvolume also include the specified subvolume. On non-btrfs file
180 systems, this line type is identical to <varname>d</varname>.</para>
181
182 <para>If the subvolume already exists, no change to the quota hierarchy is made, regardless of whether the
183 subvolume is already attached to a quota group or not. Also see <varname>Q</varname> below. See <citerefentry
184 project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
185 details about the btrfs quota group concept.</para></listitem>
5fb13eb5
LP		 186 </varlistentry>
187
188 <varlistentry>
189 <term><varname>Q</varname></term>
f17a8d61
FB		 190 <listitem><para>Similar to <varname>q</varname>. However, instead of copying the higher-level quota group
191 assignments from the parent as-is, the lowest quota group of the parent subvolume is determined that is not
192 the leaf quota group. Then, an "intermediary" quota group is inserted that is one level below this level, and
193 shares the same ID part as the specified subvolume. If no higher-level quota group exists for the parent
194 subvolume, a new quota group at level 255 sharing the same ID as the specified subvolume is inserted
195 instead. This new intermediary quota group is then assigned to the parent subvolume's higher-level quota
196 groups, and the specified subvolume's leaf quota group is assigned to it.</para>
197
198 <para>Effectively, this has a similar effect as <varname>q</varname>, however introduces a new higher-level
199 quota group for the specified subvolume that may be used to enforce limits and accounting to the specified
200 subvolume and children subvolume created within it. Thus, by creating subvolumes only via
201 <varname>q</varname> and <varname>Q</varname>, a concept of "subtree quotas" is implemented. Each subvolume
202 for which <varname>Q</varname> is set will get a "subtree" quota group created, and all child subvolumes
203 created within it will be assigned to it. Each subvolume for which <varname>q</varname> is set will not get
204 such a "subtree" quota group, but it is ensured that they are added to the same "subtree" quota group as
205 their immediate parents.</para>
206
207 <para>It is recommended to use <varname>Q</varname> for subvolumes that typically contain further subvolumes,
208 and where it is desirable to have accounting and quota limits on all child subvolumes together. Examples for
209 <varname>Q</varname> are typically <filename>/home</filename> or <filename>/var/lib/machines</filename>. In
210 contrast, <varname>q</varname> should be used for subvolumes that either usually do not include further
211 subvolumes or where no accounting and quota limits are needed that apply to all child subvolumes
212 together. Examples for <varname>q</varname> are typically <filename>/var</filename> or
213 <filename>/var/tmp</filename>. </para>
214
215 <para>As with <varname>q</varname>, <varname>Q</varname> has no effect on the quota group hierarchy if the
216 subvolume already exists, regardless of whether the subvolume already belong to a quota group or
217 not.</para></listitem>
302fbdf2
ZJS		 218 </varlistentry>
219
220 <varlistentry>
221 <term><varname>p</varname></term>
222 <term><varname>p+</varname></term>
223 <listitem><para>Create a named pipe (FIFO) if it does not
224 exist yet. If suffixed with <varname>+</varname> and a file
225 already exists where the pipe is to be created, it will be
226 removed and be replaced by the pipe.</para></listitem>
227 </varlistentry>
228
229 <varlistentry>
230 <term><varname>L</varname></term>
231 <term><varname>L+</varname></term>
232 <listitem><para>Create a symlink if it does not exist
b3f5897f
WD		 233 yet. If suffixed with <varname>+</varname> and a file or
234 directory already exists where the symlink is to be created,
235 it will be removed and be replaced by the symlink. If the
236 argument is omitted, symlinks to files with the same name
237 residing in the directory
238 <filename>/usr/share/factory/</filename> are created. Note
239 that permissions and ownership on symlinks are ignored.
240 </para></listitem>
302fbdf2
ZJS		 241 </varlistentry>
242
243 <varlistentry>
244 <term><varname>c</varname></term>
245 <term><varname>c+</varname></term>
246 <listitem><para>Create a character device node if it does
247 not exist yet. If suffixed with <varname>+</varname> and a
248 file already exists where the device node is to be created,
249 it will be removed and be replaced by the device node. It is
250 recommended to suffix this entry with an exclamation mark to
251 only create static device nodes at boot, as udev will not
252 manage static device nodes that are created at runtime.
253 </para></listitem>
254 </varlistentry>
255
256 <varlistentry>
257 <term><varname>b</varname></term>
258 <term><varname>b+</varname></term>
259 <listitem><para>Create a block device node if it does not
260 exist yet. If suffixed with <varname>+</varname> and a file
261 already exists where the device node is to be created, it
262 will be removed and be replaced by the device node. It is
263 recommended to suffix this entry with an exclamation mark to
264 only create static device nodes at boot, as udev will not
265 manage static device nodes that are created at runtime.
266 </para></listitem>
267 </varlistentry>
268
269 <varlistentry>
270 <term><varname>C</varname></term>
271 <listitem><para>Recursively copy a file or directory, if the
272 destination files or directories do not exist yet. Note that
273 this command will not descend into subdirectories if the
274 destination directory already exists. Instead, the entire
275 copy operation is skipped. If the argument is omitted, files
276 from the source directory
277 <filename>/usr/share/factory/</filename> with the same name
6a9171d2 278 are copied. Does not follow symlinks.</para></listitem>
302fbdf2
ZJS		 279 </varlistentry>
280
281 <varlistentry>
282 <term><varname>x</varname></term>
283 <listitem><para>Ignore a path during cleaning. Use this type
284 to exclude paths from clean-up as controlled with the Age
285 parameter. Note that lines of this type do not influence the
286 effect of <varname>r</varname> or <varname>R</varname>
50d9e46d 287 lines. Lines of this type accept shell-style globs in place
302fbdf2
ZJS		 288 of normal path names. </para></listitem>
289 </varlistentry>
290
291 <varlistentry>
292 <term><varname>X</varname></term>
293 <listitem><para>Ignore a path during cleaning. Use this type
294 to exclude paths from clean-up as controlled with the Age
295 parameter. Unlike <varname>x</varname>, this parameter will
296 not exclude the content if path is a directory, but only
297 directory itself. Note that lines of this type do not
298 influence the effect of <varname>r</varname> or
50d9e46d 299 <varname>R</varname> lines. Lines of this type accept
302fbdf2
ZJS		 300 shell-style globs in place of normal path names.
301 </para></listitem>
302 </varlistentry>
303
304 <varlistentry>
305 <term><varname>r</varname></term>
306 <listitem><para>Remove a file or directory if it exists.
307 This may not be used to remove non-empty directories, use
308 <varname>R</varname> for that. Lines of this type accept
309 shell-style globs in place of normal path
6a9171d2 310 names. Does not follow symlinks.</para></listitem>
302fbdf2
ZJS		 311 </varlistentry>
312
313 <varlistentry>
314 <term><varname>R</varname></term>
315 <listitem><para>Recursively remove a path and all its
316 subdirectories (if it is a directory). Lines of this type
317 accept shell-style globs in place of normal path
6a9171d2 318 names. Does not follow symlinks.</para></listitem>
302fbdf2
ZJS		 319 </varlistentry>
320
321 <varlistentry>
322 <term><varname>z</varname></term>
323 <listitem><para>Adjust the access mode, group and user, and
324 restore the SELinux security context of a file or directory,
325 if it exists. Lines of this type accept shell-style globs in
6a9171d2 326 place of normal path names. Does not follow symlinks.</para></listitem>
302fbdf2
ZJS		 327 </varlistentry>
328
329 <varlistentry>
330 <term><varname>Z</varname></term>
331 <listitem><para>Recursively set the access mode, group and
332 user, and restore the SELinux security context of a file or
333 directory if it exists, as well as of its subdirectories and
334 the files contained therein (if applicable). Lines of this
6a9171d2
LP		 335 type accept shell-style globs in place of normal path
336 names. Does not follow symlinks. </para></listitem>
302fbdf2
ZJS		 337 </varlistentry>
338
339 <varlistentry>
340 <term><varname>t</varname></term>
b705ab6a
ZJS		 341 <listitem><para>Set extended attributes. Lines of this type
342 accept shell-style globs in place of normal path names.
6a9171d2
LP		 343 This can be useful for setting SMACK labels. Does not follow
344 symlinks.</para></listitem>
b705ab6a
ZJS		 345 </varlistentry>
346
347 <varlistentry>
348 <term><varname>T</varname></term>
349 <listitem><para>Recursively set extended attributes. Lines
350 of this type accept shell-style globs in place of normal
6a9171d2
LP		 351 path names. This can be useful for setting SMACK
352 labels. Does not follow symlinks. </para></listitem>
302fbdf2 353 </varlistentry>
f8eeeaf9 354
fa3f5fd2
GB		 355 <varlistentry>
356 <term><varname>h</varname></term>
357 <listitem><para>Set file/directory attributes. Lines of this type
358 accept shell-style globs in place of normal path names.</para>
359
1ae705fb
LP		 360 <para>The format of the argument field is
361 <varname>[+-=][aAcCdDeijsStTu] </varname>. The prefix
362 <varname>+</varname> (the default one) causes the
fa3f5fd2 363 attribute(s) to be added; <varname>-</varname> causes the
1ae705fb 364 attribute(s) to be removed; <varname>=</varname> causes the
a8eaaee7 365 attributes to be set exactly as the following letters. The
1ae705fb 366 letters <literal>aAcCdDeijsStTu</literal> select the new
fa3f5fd2 367 attributes for the files, see
c30c611c 368 <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle>
fa3f5fd2
GB		 369 <manvolnum>1</manvolnum></citerefentry> for further information.
370 </para>
1ae705fb
LP		 371 <para>Passing only <varname>=</varname> as argument resets
372 all the file attributes listed above. It has to be pointed
b938cb90 373 out that the <varname>=</varname> prefix limits itself to
1ae705fb
LP		 374 the attributes corresponding to the letters listed here. All
375 other attributes will be left untouched. Does not follow
376 symlinks.</para>
fa3f5fd2
GB		 377 </listitem>
378 </varlistentry>
379
380 <varlistentry>
381 <term><varname>H</varname></term>
382 <listitem><para>Recursively set file/directory attributes. Lines
383 of this type accept shell-style globs in place of normal
6a9171d2 384 path names. Does not follow symlinks.
fa3f5fd2
GB		 385 </para></listitem>
386 </varlistentry>
387
f8eeeaf9
ZJS		 388 <varlistentry>
389 <term><varname>a</varname></term>
50d9e46d
ZJS		 390 <term><varname>a+</varname></term>
391 <listitem><para>Set POSIX ACLs (access control lists). If
a8eaaee7 392 suffixed with <varname>+</varname>, the specified entries will
dd4105b0
ZJS		 393 be added to the existing set.
394 <command>systemd-tmpfiles</command> will automatically add
395 the required base entries for user and group based on the
396 access mode of the file, unless base entries already exist
7f3fdb7f 397 or are explicitly specified. The mask will be added if not
dd4105b0
ZJS		 398 specified explicitly or already present. Lines of this type
399 accept shell-style globs in place of normal path names. This
400 can be useful for allowing additional access to certain
6a9171d2 401 files. Does not follow symlinks.</para></listitem>
b705ab6a
ZJS		 402 </varlistentry>
403
404 <varlistentry>
405 <term><varname>A</varname></term>
50d9e46d
ZJS		 406 <term><varname>A+</varname></term>
407 <listitem><para>Same as <varname>a</varname> and
6a9171d2
LP		 408 <varname>a+</varname>, but recursive. Does not follow
409 symlinks.</para></listitem>
f8eeeaf9 410 </varlistentry>
302fbdf2
ZJS		 411 </variablelist>
412
413 <para>If the exclamation mark is used, this line is only safe of
414 execute during boot, and can break a running system. Lines
415 without the exclamation mark are presumed to be safe to execute
416 at any time, e.g. on package upgrades.
417 <command>systemd-tmpfiles</command> will execute line with an
418 exclamation mark only if option <option>--boot</option> is
419 given.</para>
420
421 <para>For example:
422 <programlisting># Make sure these are created by default so that nobody else can
9b9c30ec 423d /tmp/.X11-unix 1777 root root 10d
302fbdf2 424
9b9c30ec
LP		 425# Unlink the X11 lock files
426r! /tmp/.X[0-9]*-lock</programlisting>
302fbdf2
ZJS		 427 The second line in contrast to the first one would break a
428 running system, and will only be executed with
429 <option>--boot</option>.</para>
7fa10748 430
6d7b5433
WD		 431 <para>If the minus sign is used, this line failing to run
432 successfully during create (and only create) will not cause
433 the execution of <command>systemd-tmpfiles</command> to return
434 an error.</para>
435
436 <para>For example:
437 <programlisting># Modify sysfs but don't fail if we are in a container with a read-only /proc
438w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
439
7fa10748
LP		 440 <para>Note that for all line types that result in creation of any kind of file node
441 (i.e. <varname>f</varname>/<varname>F</varname>,
442 <varname>d</varname>/<varname>D</varname>/<varname>v</varname>/<varname>q</varname>/<varname>Q</varname>,
443 <varname>p</varname>, <varname>L</varname>, <varname>c</varname>/<varname>b</varname> and <varname>C</varname>)
444 leading directories are implicitly created if needed, owned by root with an access mode of 0755. In order to
445 create them with different modes or ownership make sure to add appropriate <varname>d</varname> lines.</para>
302fbdf2
ZJS		 446 </refsect2>
447
448 <refsect2>
449 <title>Path</title>
450
451 <para>The file system path specification supports simple
2df36d09
ZJS		 452 specifier expansion, see below. The path (after expansion) must be
453 absolute.</para>
302fbdf2
ZJS		 454 </refsect2>
455
456 <refsect2>
457 <title>Mode</title>
458
459 <para>The file access mode to use when creating this file or
460 directory. If omitted or when set to <literal>-</literal>, the
461 default is used: 0755 for directories, 0644 for all other file
462 objects. For <varname>z</varname>, <varname>Z</varname> lines,
463 if omitted or when set to <literal>-</literal>, the file access
464 mode will not be modified. This parameter is ignored for
465 <varname>x</varname>, <varname>r</varname>,
f8eeeaf9
ZJS		 466 <varname>R</varname>, <varname>L</varname>, <varname>t</varname>,
467 and <varname>a</varname> lines.</para>
302fbdf2
ZJS		 468
469 <para>Optionally, if prefixed with <literal>~</literal>, the
470 access mode is masked based on the already set access bits for
471 existing file or directories: if the existing file has all
472 executable bits unset, all executable bits are removed from the
473 new access mode, too. Similarly, if all read bits are removed
474 from the old access mode, they will be removed from the new
475 access mode too, and if all write bits are removed, they will be
476 removed from the new access mode too. In addition, the
477 sticky/SUID/SGID bit is removed unless applied to a
478 directory. This functionality is particularly useful in
479 conjunction with <varname>Z</varname>.</para>
480 </refsect2>
481
482 <refsect2>
483 <title>UID, GID</title>
484
8a89c539
YW		 485 <para>The user and group to use for this file or directory. This may either be a numeric user/group ID or a user or group
486 name. If omitted or when set to <literal>-</literal>, the user/group ID of the user who invokes <command>systemd-tmpfiles</command> is used.
487 For <varname>z</varname> and <varname>Z</varname> lines, when omitted or when set to <literal>-</literal>, the file ownership will not be
488 modified. These parameters are ignored for <varname>x</varname>, <varname>r</varname>, <varname>R</varname>, <varname>L</varname>,
489 <varname>t</varname>, and <varname>a</varname> lines.</para>
302fbdf2
ZJS		 490 </refsect2>
491
492 <refsect2>
493 <title>Age</title>
494 <para>The date field, when set, is used to decide what files to
495 delete when cleaning. If a file or directory is older than the
496 current time minus the age field, it is deleted. The field
497 format is a series of integers each followed by one of the
a8eaaee7 498 following suffixes for the respective time units:
00c53f42
ZJS		 499 <constant>s</constant>,
500 <constant>m</constant> or <constant>min</constant>,
501 <constant>h</constant>,
502 <constant>d</constant>,
503 <constant>w</constant>,
a8eaaee7 504 <constant>ms</constant>, and
00c53f42 505 <constant>us</constant>,
a8eaaee7
JE		 506 meaning seconds, minutes, hours, days, weeks,
507 milliseconds, and microseconds, respectively. Full names of the time units can
00c53f42
ZJS		 508 be used too.
509 </para>
302fbdf2
ZJS		 510
511 <para>If multiple integers and units are specified, the time
00c53f42
ZJS		 512 values are summed. If an integer is given without a unit,
513 <constant>s</constant> is assumed.
302fbdf2
ZJS		 514 </para>
515
516 <para>When the age is set to zero, the files are cleaned
517 unconditionally.</para>
518
5fb13eb5 519 <para>The age field only applies to lines starting with
df8dee85 520 <varname>d</varname>, <varname>D</varname>, <varname>e</varname>,
5fb13eb5
LP		 521 <varname>v</varname>, <varname>q</varname>,
522 <varname>Q</varname>, <varname>C</varname>, <varname>x</varname>
523 and <varname>X</varname>. If omitted or set to
524 <literal>-</literal>, no automatic clean-up is done.</para>
302fbdf2
ZJS		 525
526 <para>If the age field starts with a tilde character
527 <literal>~</literal>, the clean-up is only applied to files and
528 directories one level inside the directory specified, but not
529 the files and directories immediately inside it.</para>
662b3e58
LW		 530
531 <para>The age of a file system entry is determined from its last
532 modification timestamp (mtime), its last access timestamp (atime),
533 and (except for directories) its last status change timestamp
534 (ctime). Any of these three (or two) values will prevent cleanup
535 if it is more recent than the current time minus the age
536 field.</para>
302fbdf2
ZJS		 537 </refsect2>
538
539 <refsect2>
540 <title>Argument</title>
541
49e87292
LP		 542 <para>For <varname>L</varname> lines determines the destination path of the symlink. For <varname>c</varname> and
543 <varname>b</varname>, determines the major/minor of the device node, with major and minor formatted as integers,
544 separated by <literal>:</literal>, e.g. <literal>1:3</literal>. For <varname>f</varname>, <varname>F</varname>,
545 and <varname>w</varname>, the argument may be used to specify a short string that is written to the file,
546 suffixed by a newline. For <varname>C</varname>, specifies the source file or directory. For <varname>t</varname>
547 and <varname>T</varname>, determines extended attributes to be set. For <varname>a</varname> and
548 <varname>A</varname>, determines ACL attributes to be set. For <varname>h</varname> and <varname>H</varname>,
549 determines the file attributes to set. Ignored for all other lines.</para>
2df36d09
ZJS		 550
551 <para>This field can contain specifiers, see below.</para>
302fbdf2 552 </refsect2>
2df36d09 553 </refsect1>
302fbdf2 554
2df36d09
ZJS		 555 <refsect1>
556 <title>Specifiers</title>
557
558 <para>Specifiers can be used in the "path" and "argument" fields.
751223fe 559 An unknown or unresolvable specifier is treated as invalid configuration.
2df36d09
ZJS		 560 The following expansions are understood:</para>
561 <table>
562 <title>Specifiers available</title>
563 <tgroup cols='3' align='left' colsep='1' rowsep='1'>
564 <colspec colname="spec" />
565 <colspec colname="mean" />
566 <colspec colname="detail" />
567 <thead>
568 <row>
569 <entry>Specifier</entry>
570 <entry>Meaning</entry>
571 <entry>Details</entry>
572 </row>
573 </thead>
574 <tbody>
2df36d09
ZJS		 575 <row>
576 <entry><literal>%b</literal></entry>
577 <entry>Boot ID</entry>
578 <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry>
579 </row>
709f4c47
LP		 580 <row>
581 <entry><literal>%C</literal></entry>
582 <entry>System or user cache directory</entry>
583 <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CACHE_HOME</varname>, and <filename>/var/cache</filename> otherwise.</entry>
584 </row>
585 <row>
586 <entry><literal>%h</literal></entry>
587 <entry>User home directory</entry>
052c59c3 588 <entry>This is the home directory of the user running the command. In case of the system instance this resolves to <literal>/root</literal>.</entry>
709f4c47 589 </row>
2df36d09
ZJS		 590 <row>
591 <entry><literal>%H</literal></entry>
592 <entry>Host name</entry>
593 <entry>The hostname of the running system.</entry>
594 </row>
595 <row>
709f4c47
LP		 596 <entry><literal>%L</literal></entry>
597 <entry>System or user log directory</entry>
598 <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname> with <filename noindex='true'>/log</filename> appended, and <filename>/var/log</filename> otherwise.</entry>
ca23eeb5
TW		 599 </row>
600 <row>
709f4c47
LP		 601 <entry><literal>%m</literal></entry>
602 <entry>Machine ID</entry>
603 <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry>
ca23eeb5
TW		 604 </row>
605 <row>
709f4c47
LP		 606 <entry><literal>%S</literal></entry>
607 <entry>System or user state directory</entry>
608 <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname>, and <filename>/var/lib</filename> otherwise.</entry>
ca23eeb5 609 </row>
5a8575ef
ZJS		 610 <row>
611 <entry><literal>%t</literal></entry>
612 <entry>System or user runtime directory</entry>
8252eb18 613 <entry>In <option>--user</option> mode, this is the same <varname>$XDG_RUNTIME_DIR</varname>, and <filename>/run</filename> otherwise.</entry>
5a8575ef 614 </row>
b294e594
LP		 615 <row>
616 <entry><literal>%T</literal></entry>
617 <entry>Directory for temporary files</entry>
618 <entry>This is either <filename>/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry>
619 </row>
b75f0c69
DC		 620 <row>
621 <entry><literal>%g</literal></entry>
622 <entry>User group</entry>
623 <entry>This is the name of the group running the command. In case of the system instance this resolves to <literal>root</literal>.</entry>
624 </row>
625 <row>
626 <entry><literal>%G</literal></entry>
627 <entry>User GID</entry>
628 <entry>This is the numeric GID of the group running the command. In case of the system instance this resolves to <constant>0</constant>.</entry>
629 </row>
5a8575ef 630 <row>
709f4c47
LP		 631 <entry><literal>%u</literal></entry>
632 <entry>User name</entry>
052c59c3 633 <entry>This is the name of the user running the command. In case of the system instance this resolves to <literal>root</literal>.</entry>
5a8575ef
ZJS		 634 </row>
635 <row>
709f4c47
LP		 636 <entry><literal>%U</literal></entry>
637 <entry>User UID</entry>
052c59c3 638 <entry>This is the numeric UID of the user running the command. In case of the system instance this resolves to <constant>0</constant>.</entry>
5a8575ef
ZJS		 639 </row>
640 <row>
709f4c47
LP		 641 <entry><literal>%v</literal></entry>
642 <entry>Kernel release</entry>
643 <entry>Identical to <command>uname -r</command> output.</entry>
5a8575ef 644 </row>
b294e594
LP		 645 <row>
646 <entry><literal>%V</literal></entry>
647 <entry>Directory for larger and persistent temporary files</entry>
648 <entry>This is either <filename>/var/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry>
649 </row>
2df36d09
ZJS		 650 <row>
651 <entry><literal>%%</literal></entry>
5a8575ef 652 <entry>Escaped <literal>%</literal></entry>
2df36d09
ZJS		 653 <entry>Single percent sign.</entry>
654 </row>
655 </tbody>
656 </tgroup>
657 </table>
302fbdf2
ZJS		 658 </refsect1>
659
660 <refsect1>
4b743d67 661 <title>Examples</title>
302fbdf2 662 <example>
4b743d67
ZJS		 663 <title>Create directories with specific mode and ownership</title>
664 <para>
0a07667d 665 <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
4b743d67
ZJS		 666 needs two directories created at boot with specific modes and ownership:</para>
667
668 <programlisting># /usr/lib/tmpfiles.d/screen.conf
669d /run/screens 1777 root screen 10d
670d /run/uscreens 0755 root screen 10d12h
671</programlisting>
672
673 <para>Contents of <filename>/run/screens</filename> and /run/uscreens will
1655cdee 674 be cleaned up after 10 and 10½ days, respectively.</para>
4b743d67 675 </example>
302fbdf2 676
4b743d67
ZJS		 677 <example>
678 <title>Create a directory with a SMACK attribute</title>
679 <programlisting>D /run/cups - - - -
680t /run/cups - - - - security.SMACK64=printing user.attr-with-spaces="foo bar"
681 </programlisting>
682
b17649ee 683 <para>The directory will be owned by root and have default mode. Its contents are
4b743d67
ZJS		 684 not subject to time based cleanup, but will be obliterated when
685 <command>systemd-tmpfiles --remove</command> runs.</para>
302fbdf2 686 </example>
4b743d67 687
302fbdf2 688 <example>
4b743d67
ZJS		 689 <title>Create a directory and prevent its contents from cleanup</title>
690 <para>
0a07667d 691 <citerefentry project='die-net'><refentrytitle>abrt</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
4b743d67
ZJS		 692 needs a directory created at boot with specific mode and ownership and its content
693 should be preserved from the automatic cleanup applied to the contents of
694 <filename>/var/tmp</filename>:</para>
695
696 <programlisting># /usr/lib/tmpfiles.d/tmp.conf
697d /var/tmp 1777 root root 30d
698</programlisting>
699
700 <programlisting># /usr/lib/tmpfiles.d/abrt.conf
701d /var/tmp/abrt 0755 abrt abrt -
df8dee85
ZJS		 702</programlisting>
703 </example>
704
705 <example>
706 <title>Apply clean up during boot and based on time</title>
707
708 <programlisting># /usr/lib/tmpfiles.d/dnf.conf
709r! /var/cache/dnf/*/*/download_lock.pid
710r! /var/cache/dnf/*/*/metadata_lock.pid
711r! /var/lib/dnf/rpmdb_lock.pid
e80f1a79 712e /var/cache/dnf/ - - - 30d
4b743d67 713</programlisting>
302fbdf2 714
df8dee85 715 <para>The lock files will be removed during boot. Any files and directories in
e80f1a79 716 <filename>/var/cache/dnf/</filename> will be removed after they have not been
df8dee85 717 accessed in 30 days.</para>
302fbdf2 718 </example>
ed7fd549
ZJS		 719
720 <example>
b719b26c 721 <title>Empty the contents of a cache directory on boot</title>
ed7fd549
ZJS		 722
723 <programlisting># /usr/lib/tmpfiles.d/krb5rcache.conf
724e! /var/cache/krb5rcache - - - 0
725</programlisting>
726
727 <para>Any files and subdirectories in <filename>/var/cache/krb5rcache/</filename>
728 will be removed on boot. The directory will not be created.
729 </para>
730 </example>
302fbdf2
ZJS		 731 </refsect1>
732
733 <refsect1>
734 <title>See Also</title>
735 <para>
736 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
737 <citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
738 <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
f8eeeaf9
ZJS		 739 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
740 <citerefentry project='man-pages'><refentrytitle>attr</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
741 <citerefentry project='man-pages'><refentrytitle>getfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
742 <citerefentry project='man-pages'><refentrytitle>setfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
743 <citerefentry project='man-pages'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
fa3f5fd2 744 <citerefentry project='man-pages'><refentrytitle>getfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
5fb13eb5
LP		 745 <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
746 <citerefentry project='die-net'><refentrytitle>btrfs-subvolume</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
747 <citerefentry project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
302fbdf2
ZJS		 748 </para>
749 </refsect1>
4149f86d
BP		 750
751</refentry>
Unnamed repository; edit this file 'description' to name the repository.