]>
Commit | Line | Data |
---|---|---|
5fb13eb5 | 1 | <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
12b42c76 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
4149f86d | 3 | <!-- |
572eb058 ZJS |
4 | SPDX-License-Identifier: LGPL-2.1+ |
5 | ||
4149f86d BP |
6 | This file is part of systemd. |
7 | ||
8 | Copyright 2010 Brandon Philips | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
11 | under the terms of the GNU Lesser General Public License as published by |
12 | the Free Software Foundation; either version 2.1 of the License, or | |
4149f86d BP |
13 | (at your option) any later version. |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 18 | Lesser General Public License for more details. |
4149f86d | 19 | |
5430f7f2 | 20 | You should have received a copy of the GNU Lesser General Public License |
4149f86d BP |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
22 | --> | |
23 | <refentry id="tmpfiles.d"> | |
24 | ||
302fbdf2 ZJS |
25 | <refentryinfo> |
26 | <title>tmpfiles.d</title> | |
27 | <productname>systemd</productname> | |
28 | ||
29 | <authorgroup> | |
30 | <author> | |
31 | <contrib>Documentation</contrib> | |
32 | <firstname>Brandon</firstname> | |
33 | <surname>Philips</surname> | |
34 | <email>brandon@ifup.org</email> | |
35 | </author> | |
36 | </authorgroup> | |
37 | </refentryinfo> | |
38 | ||
39 | <refmeta> | |
40 | <refentrytitle>tmpfiles.d</refentrytitle> | |
41 | <manvolnum>5</manvolnum> | |
42 | </refmeta> | |
43 | ||
44 | <refnamediv> | |
45 | <refname>tmpfiles.d</refname> | |
46 | <refpurpose>Configuration for creation, deletion and cleaning of | |
47 | volatile and temporary files</refpurpose> | |
48 | </refnamediv> | |
49 | ||
50 | <refsynopsisdiv> | |
f2b5ca0e ZJS |
51 | <para><literallayout><filename>/etc/tmpfiles.d/*.conf</filename> |
52 | <filename>/run/tmpfiles.d/*.conf</filename> | |
53 | <filename>/usr/lib/tmpfiles.d/*.conf</filename> | |
54 | </literallayout></para> | |
55 | ||
56 | <para><literallayout><filename>~/.config/user-tmpfiles.d/*.conf</filename> | |
57 | <filename>$XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf</filename> | |
58 | <filename>~/.local/share/user-tmpfiles.d/*.conf</filename> | |
59 | <filename>…</filename> | |
60 | <filename>/usr/share/user-tmpfiles.d/*.conf</filename> | |
61 | </literallayout></para> | |
302fbdf2 ZJS |
62 | </refsynopsisdiv> |
63 | ||
64 | <refsect1> | |
65 | <title>Description</title> | |
66 | ||
67 | <para><command>systemd-tmpfiles</command> uses the configuration | |
68 | files from the above directories to describe the creation, | |
69 | cleaning and removal of volatile and temporary files and | |
70 | directories which usually reside in directories such as | |
71 | <filename>/run</filename> or <filename>/tmp</filename>.</para> | |
72 | ||
73 | <para>Volatile and temporary files and directories are those | |
74 | located in <filename>/run</filename> (and its alias | |
75 | <filename>/var/run</filename>), <filename>/tmp</filename>, | |
76 | <filename>/var/tmp</filename>, the API file systems such as | |
77 | <filename>/sys</filename> or <filename>/proc</filename>, as well | |
78 | as some other directories below <filename>/var</filename>.</para> | |
79 | ||
80 | <para>System daemons frequently require private runtime | |
81 | directories below <filename>/run</filename> to place communication | |
82 | sockets and similar in. For these, consider declaring them in | |
83 | their unit files using <varname>RuntimeDirectory=</varname> (see | |
84 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
85 | for details), if this is feasible.</para> | |
86 | </refsect1> | |
87 | ||
88 | <refsect1> | |
8165be2e | 89 | <title>Configuration Directories and Precedence</title> |
302fbdf2 ZJS |
90 | |
91 | <para>Each configuration file shall be named in the style of | |
92 | <filename><replaceable>package</replaceable>.conf</filename> or | |
93 | <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>. | |
94 | The second variant should be used when it is desirable to make it | |
95 | easy to override just this part of configuration.</para> | |
96 | ||
97 | <para>Files in <filename>/etc/tmpfiles.d</filename> override files | |
98 | with the same name in <filename>/usr/lib/tmpfiles.d</filename> and | |
99 | <filename>/run/tmpfiles.d</filename>. Files in | |
100 | <filename>/run/tmpfiles.d</filename> override files with the same | |
101 | name in <filename>/usr/lib/tmpfiles.d</filename>. Packages should | |
102 | install their configuration files in | |
103 | <filename>/usr/lib/tmpfiles.d</filename>. Files in | |
104 | <filename>/etc/tmpfiles.d</filename> are reserved for the local | |
105 | administrator, who may use this logic to override the | |
106 | configuration files installed by vendor packages. All | |
107 | configuration files are sorted by their filename in lexicographic | |
108 | order, regardless of which of the directories they reside in. If | |
109 | multiple files specify the same path, the entry in the file with | |
110 | the lexicographically earliest name will be applied. All other | |
111 | conflicting entries will be logged as errors. When two lines are | |
112 | prefix and suffix of each other, then the prefix is always | |
6d785b6d LP |
113 | processed first, the suffix later. Lines that take globs are |
114 | applied after those accepting no globs. If multiple operations | |
b938cb90 JE |
115 | shall be applied on the same file, (such as ACL, xattr, file |
116 | attribute adjustments), these are always done in the same fixed | |
6d785b6d LP |
117 | order. Otherwise, the files/directories are processed in the order |
118 | they are listed.</para> | |
302fbdf2 ZJS |
119 | |
120 | <para>If the administrator wants to disable a configuration file | |
121 | supplied by the vendor, the recommended way is to place a symlink | |
122 | to <filename>/dev/null</filename> in | |
123 | <filename>/etc/tmpfiles.d/</filename> bearing the same filename. | |
124 | </para> | |
8165be2e ZJS |
125 | </refsect1> |
126 | ||
127 | <refsect1> | |
128 | <title>Configuration File Format</title> | |
302fbdf2 ZJS |
129 | |
130 | <para>The configuration format is one line per path containing | |
131 | type, path, mode, ownership, age, and argument fields:</para> | |
132 | ||
133 | <programlisting>#Type Path Mode UID GID Age Argument | |
ed7fd549 ZJS |
134 | d /run/user 0755 root root 10d - |
135 | L /tmp/foobar - - - - /dev/null</programlisting> | |
302fbdf2 | 136 | |
657cf7f4 | 137 | <para>Fields may be enclosed within quotes and contain C-style escapes.</para> |
138 | ||
302fbdf2 ZJS |
139 | <refsect2> |
140 | <title>Type</title> | |
141 | ||
142 | <para>The type consists of a single letter and optionally an | |
143 | exclamation mark.</para> | |
144 | ||
145 | <para>The following line types are understood:</para> | |
146 | ||
147 | <variablelist> | |
148 | <varlistentry> | |
149 | <term><varname>f</varname></term> | |
150 | <listitem><para>Create a file if it does not exist yet. If | |
151 | the argument parameter is given, it will be written to the | |
6a9171d2 | 152 | file. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
153 | </varlistentry> |
154 | ||
155 | <varlistentry> | |
156 | <term><varname>F</varname></term> | |
157 | <listitem><para>Create or truncate a file. If the argument | |
6a9171d2 | 158 | parameter is given, it will be written to the file. Does not follow symlinks.</para> |
302fbdf2 ZJS |
159 | </listitem> |
160 | </varlistentry> | |
161 | ||
162 | <varlistentry> | |
163 | <term><varname>w</varname></term> | |
164 | <listitem><para>Write the argument parameter to a file, if | |
165 | the file exists. Lines of this type accept shell-style | |
166 | globs in place of normal path names. The argument parameter | |
167 | will be written without a trailing newline. C-style | |
6a9171d2 LP |
168 | backslash escapes are interpreted. Follows |
169 | symlinks.</para></listitem> | |
302fbdf2 ZJS |
170 | </varlistentry> |
171 | ||
172 | <varlistentry> | |
173 | <term><varname>d</varname></term> | |
4b743d67 ZJS |
174 | <listitem><para>Create a directory. The mode and ownership will be adjusted if |
175 | specified and the directory already exists. Contents of this directory are subject | |
ed7fd549 | 176 | to time based cleanup if the age argument is specified.</para></listitem> |
302fbdf2 ZJS |
177 | </varlistentry> |
178 | ||
179 | <varlistentry> | |
180 | <term><varname>D</varname></term> | |
4b743d67 ZJS |
181 | <listitem><para>Similar to <varname>d</varname>, but in addition the contents |
182 | of the directory will be removed when <option>--remove</option> is used. | |
183 | </para></listitem> | |
184 | </varlistentry> | |
df8dee85 ZJS |
185 | |
186 | <varlistentry> | |
187 | <term><varname>e</varname></term> | |
ed7fd549 ZJS |
188 | <listitem><para>Similar to <varname>d</varname>, but the directory will not be created if |
189 | it does not exist. Lines of this type accept shell-style globs in place of normal path | |
190 | names. For this entry to be useful, at least one of the mode, uid, gid, or age arguments | |
191 | must be specified, since otherwise this entry has no effect. If the age argument is | |
192 | <literal>0</literal>, contents of the directory will be unconditionally deleted every time | |
193 | <command>systemd-tmpfiles --clean</command> is run. This can be useful when combined with | |
194 | <varname>!</varname>, see the examples.</para></listitem> | |
302fbdf2 ZJS |
195 | </varlistentry> |
196 | ||
197 | <varlistentry> | |
198 | <term><varname>v</varname></term> | |
199 | <listitem><para>Create a subvolume if the path does not | |
2904e949 LP |
200 | exist yet, the file system supports subvolumes (btrfs), and |
201 | the system itself is installed into a subvolume | |
202 | (specifically: the root directory <filename>/</filename> is | |
203 | itself a subvolume). Otherwise, create a normal directory, in | |
204 | the same way as <varname>d</varname>. A subvolume created | |
205 | with this line type is not assigned to any higher-level | |
206 | quota group. For that, use <varname>q</varname> or | |
207 | <varname>Q</varname>, which allow creating simple quota | |
208 | group hierarchies, see below.</para></listitem> | |
5fb13eb5 LP |
209 | </varlistentry> |
210 | ||
211 | <varlistentry> | |
212 | <term><varname>q</varname></term> | |
b938cb90 | 213 | <listitem><para>Similar to <varname>v</varname>. However, |
5fb13eb5 LP |
214 | makes sure that the subvolume will be assigned to the same |
215 | higher-level quota groups as the subvolume it has been | |
216 | created in. This ensures that higher-level limits and | |
217 | accounting applied to the parent subvolume also include the | |
218 | specified subvolume. On non-btrfs file systems, this line | |
219 | type is identical to <varname>d</varname>. If the subvolume | |
220 | already exists and is already assigned to one or more higher | |
b938cb90 | 221 | level quota groups, no change to the quota hierarchy is |
5fb13eb5 LP |
222 | made. Also see <varname>Q</varname> below. See <citerefentry |
223 | project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
224 | for details about the btrfs quota group | |
225 | concept.</para></listitem> | |
226 | </varlistentry> | |
227 | ||
228 | <varlistentry> | |
229 | <term><varname>Q</varname></term> | |
b938cb90 | 230 | <listitem><para>Similar to <varname>q</varname>. However, |
5fb13eb5 LP |
231 | instead of copying the higher-level quota group assignments |
232 | from the parent as-is, the lowest quota group of the parent | |
233 | subvolume is determined that is not the leaf quota | |
234 | group. Then, an "intermediary" quota group is inserted that | |
235 | is one level below this level, and shares the same ID part | |
236 | as the specified subvolume. If no higher-level quota group | |
237 | exists for the parent subvolume, a new quota group at level | |
238 | 255 sharing the same ID as the specified subvolume is | |
239 | inserted instead. This new intermediary quota group is then | |
240 | assigned to the parent subvolume's higher-level quota | |
241 | groups, and the specified subvolume's leaf quota group is | |
242 | assigned to it.</para> | |
243 | ||
244 | <para>Effectively, this has a similar effect as | |
245 | <varname>q</varname>, however introduces a new higher-level | |
246 | quota group for the specified subvolume that may be used to | |
247 | enforce limits and accounting to the specified subvolume and | |
248 | children subvolume created within it. Thus, by creating | |
249 | subvolumes only via <varname>q</varname> and | |
b938cb90 | 250 | <varname>Q</varname>, a concept of "subtree quotas" is |
5fb13eb5 LP |
251 | implemented. Each subvolume for which <varname>Q</varname> |
252 | is set will get a "subtree" quota group created, and all | |
253 | child subvolumes created within it will be assigned to | |
254 | it. Each subvolume for which <varname>q</varname> is set | |
255 | will not get such a "subtree" quota group, but it is ensured | |
256 | that they are added to the same "subtree" quota group as their | |
257 | immediate parents.</para> | |
258 | ||
259 | <para>It is recommended to use | |
260 | <varname>Q</varname> for subvolumes that typically contain | |
261 | further subvolumes, and where it is desirable to have | |
262 | accounting and quota limits on all child subvolumes | |
263 | together. Examples for <varname>Q</varname> are typically | |
264 | <filename>/home</filename> or | |
265 | <filename>/var/lib/machines</filename>. In contrast, | |
266 | <varname>q</varname> should be used for subvolumes that | |
267 | either usually do not include further subvolumes or where no | |
268 | accounting and quota limits are needed that apply to all | |
269 | child subvolumes together. Examples for <varname>q</varname> | |
270 | are typically <filename>/var</filename> or | |
271 | <filename>/var/tmp</filename>. As with <varname>Q</varname>, | |
272 | <varname>q</varname> has no effect on the quota group | |
273 | hierarchy if the subvolume exists and already has at least | |
274 | one higher-level quota group assigned.</para></listitem> | |
302fbdf2 ZJS |
275 | </varlistentry> |
276 | ||
277 | <varlistentry> | |
278 | <term><varname>p</varname></term> | |
279 | <term><varname>p+</varname></term> | |
280 | <listitem><para>Create a named pipe (FIFO) if it does not | |
281 | exist yet. If suffixed with <varname>+</varname> and a file | |
282 | already exists where the pipe is to be created, it will be | |
283 | removed and be replaced by the pipe.</para></listitem> | |
284 | </varlistentry> | |
285 | ||
286 | <varlistentry> | |
287 | <term><varname>L</varname></term> | |
288 | <term><varname>L+</varname></term> | |
289 | <listitem><para>Create a symlink if it does not exist | |
b3f5897f WD |
290 | yet. If suffixed with <varname>+</varname> and a file or |
291 | directory already exists where the symlink is to be created, | |
292 | it will be removed and be replaced by the symlink. If the | |
293 | argument is omitted, symlinks to files with the same name | |
294 | residing in the directory | |
295 | <filename>/usr/share/factory/</filename> are created. Note | |
296 | that permissions and ownership on symlinks are ignored. | |
297 | </para></listitem> | |
302fbdf2 ZJS |
298 | </varlistentry> |
299 | ||
300 | <varlistentry> | |
301 | <term><varname>c</varname></term> | |
302 | <term><varname>c+</varname></term> | |
303 | <listitem><para>Create a character device node if it does | |
304 | not exist yet. If suffixed with <varname>+</varname> and a | |
305 | file already exists where the device node is to be created, | |
306 | it will be removed and be replaced by the device node. It is | |
307 | recommended to suffix this entry with an exclamation mark to | |
308 | only create static device nodes at boot, as udev will not | |
309 | manage static device nodes that are created at runtime. | |
310 | </para></listitem> | |
311 | </varlistentry> | |
312 | ||
313 | <varlistentry> | |
314 | <term><varname>b</varname></term> | |
315 | <term><varname>b+</varname></term> | |
316 | <listitem><para>Create a block device node if it does not | |
317 | exist yet. If suffixed with <varname>+</varname> and a file | |
318 | already exists where the device node is to be created, it | |
319 | will be removed and be replaced by the device node. It is | |
320 | recommended to suffix this entry with an exclamation mark to | |
321 | only create static device nodes at boot, as udev will not | |
322 | manage static device nodes that are created at runtime. | |
323 | </para></listitem> | |
324 | </varlistentry> | |
325 | ||
326 | <varlistentry> | |
327 | <term><varname>C</varname></term> | |
328 | <listitem><para>Recursively copy a file or directory, if the | |
329 | destination files or directories do not exist yet. Note that | |
330 | this command will not descend into subdirectories if the | |
331 | destination directory already exists. Instead, the entire | |
332 | copy operation is skipped. If the argument is omitted, files | |
333 | from the source directory | |
334 | <filename>/usr/share/factory/</filename> with the same name | |
6a9171d2 | 335 | are copied. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
336 | </varlistentry> |
337 | ||
338 | <varlistentry> | |
339 | <term><varname>x</varname></term> | |
340 | <listitem><para>Ignore a path during cleaning. Use this type | |
341 | to exclude paths from clean-up as controlled with the Age | |
342 | parameter. Note that lines of this type do not influence the | |
343 | effect of <varname>r</varname> or <varname>R</varname> | |
50d9e46d | 344 | lines. Lines of this type accept shell-style globs in place |
302fbdf2 ZJS |
345 | of normal path names. </para></listitem> |
346 | </varlistentry> | |
347 | ||
348 | <varlistentry> | |
349 | <term><varname>X</varname></term> | |
350 | <listitem><para>Ignore a path during cleaning. Use this type | |
351 | to exclude paths from clean-up as controlled with the Age | |
352 | parameter. Unlike <varname>x</varname>, this parameter will | |
353 | not exclude the content if path is a directory, but only | |
354 | directory itself. Note that lines of this type do not | |
355 | influence the effect of <varname>r</varname> or | |
50d9e46d | 356 | <varname>R</varname> lines. Lines of this type accept |
302fbdf2 ZJS |
357 | shell-style globs in place of normal path names. |
358 | </para></listitem> | |
359 | </varlistentry> | |
360 | ||
361 | <varlistentry> | |
362 | <term><varname>r</varname></term> | |
363 | <listitem><para>Remove a file or directory if it exists. | |
364 | This may not be used to remove non-empty directories, use | |
365 | <varname>R</varname> for that. Lines of this type accept | |
366 | shell-style globs in place of normal path | |
6a9171d2 | 367 | names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
368 | </varlistentry> |
369 | ||
370 | <varlistentry> | |
371 | <term><varname>R</varname></term> | |
372 | <listitem><para>Recursively remove a path and all its | |
373 | subdirectories (if it is a directory). Lines of this type | |
374 | accept shell-style globs in place of normal path | |
6a9171d2 | 375 | names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
376 | </varlistentry> |
377 | ||
378 | <varlistentry> | |
379 | <term><varname>z</varname></term> | |
380 | <listitem><para>Adjust the access mode, group and user, and | |
381 | restore the SELinux security context of a file or directory, | |
382 | if it exists. Lines of this type accept shell-style globs in | |
6a9171d2 | 383 | place of normal path names. Does not follow symlinks.</para></listitem> |
302fbdf2 ZJS |
384 | </varlistentry> |
385 | ||
386 | <varlistentry> | |
387 | <term><varname>Z</varname></term> | |
388 | <listitem><para>Recursively set the access mode, group and | |
389 | user, and restore the SELinux security context of a file or | |
390 | directory if it exists, as well as of its subdirectories and | |
391 | the files contained therein (if applicable). Lines of this | |
6a9171d2 LP |
392 | type accept shell-style globs in place of normal path |
393 | names. Does not follow symlinks. </para></listitem> | |
302fbdf2 ZJS |
394 | </varlistentry> |
395 | ||
396 | <varlistentry> | |
397 | <term><varname>t</varname></term> | |
b705ab6a ZJS |
398 | <listitem><para>Set extended attributes. Lines of this type |
399 | accept shell-style globs in place of normal path names. | |
6a9171d2 LP |
400 | This can be useful for setting SMACK labels. Does not follow |
401 | symlinks.</para></listitem> | |
b705ab6a ZJS |
402 | </varlistentry> |
403 | ||
404 | <varlistentry> | |
405 | <term><varname>T</varname></term> | |
406 | <listitem><para>Recursively set extended attributes. Lines | |
407 | of this type accept shell-style globs in place of normal | |
6a9171d2 LP |
408 | path names. This can be useful for setting SMACK |
409 | labels. Does not follow symlinks. </para></listitem> | |
302fbdf2 | 410 | </varlistentry> |
f8eeeaf9 | 411 | |
fa3f5fd2 GB |
412 | <varlistentry> |
413 | <term><varname>h</varname></term> | |
414 | <listitem><para>Set file/directory attributes. Lines of this type | |
415 | accept shell-style globs in place of normal path names.</para> | |
416 | ||
1ae705fb LP |
417 | <para>The format of the argument field is |
418 | <varname>[+-=][aAcCdDeijsStTu] </varname>. The prefix | |
419 | <varname>+</varname> (the default one) causes the | |
fa3f5fd2 | 420 | attribute(s) to be added; <varname>-</varname> causes the |
1ae705fb | 421 | attribute(s) to be removed; <varname>=</varname> causes the |
a8eaaee7 | 422 | attributes to be set exactly as the following letters. The |
1ae705fb | 423 | letters <literal>aAcCdDeijsStTu</literal> select the new |
fa3f5fd2 | 424 | attributes for the files, see |
c30c611c | 425 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle> |
fa3f5fd2 GB |
426 | <manvolnum>1</manvolnum></citerefentry> for further information. |
427 | </para> | |
1ae705fb LP |
428 | <para>Passing only <varname>=</varname> as argument resets |
429 | all the file attributes listed above. It has to be pointed | |
b938cb90 | 430 | out that the <varname>=</varname> prefix limits itself to |
1ae705fb LP |
431 | the attributes corresponding to the letters listed here. All |
432 | other attributes will be left untouched. Does not follow | |
433 | symlinks.</para> | |
fa3f5fd2 GB |
434 | </listitem> |
435 | </varlistentry> | |
436 | ||
437 | <varlistentry> | |
438 | <term><varname>H</varname></term> | |
439 | <listitem><para>Recursively set file/directory attributes. Lines | |
440 | of this type accept shell-style globs in place of normal | |
6a9171d2 | 441 | path names. Does not follow symlinks. |
fa3f5fd2 GB |
442 | </para></listitem> |
443 | </varlistentry> | |
444 | ||
f8eeeaf9 ZJS |
445 | <varlistentry> |
446 | <term><varname>a</varname></term> | |
50d9e46d ZJS |
447 | <term><varname>a+</varname></term> |
448 | <listitem><para>Set POSIX ACLs (access control lists). If | |
a8eaaee7 | 449 | suffixed with <varname>+</varname>, the specified entries will |
dd4105b0 ZJS |
450 | be added to the existing set. |
451 | <command>systemd-tmpfiles</command> will automatically add | |
452 | the required base entries for user and group based on the | |
453 | access mode of the file, unless base entries already exist | |
7f3fdb7f | 454 | or are explicitly specified. The mask will be added if not |
dd4105b0 ZJS |
455 | specified explicitly or already present. Lines of this type |
456 | accept shell-style globs in place of normal path names. This | |
457 | can be useful for allowing additional access to certain | |
6a9171d2 | 458 | files. Does not follow symlinks.</para></listitem> |
b705ab6a ZJS |
459 | </varlistentry> |
460 | ||
461 | <varlistentry> | |
462 | <term><varname>A</varname></term> | |
50d9e46d ZJS |
463 | <term><varname>A+</varname></term> |
464 | <listitem><para>Same as <varname>a</varname> and | |
6a9171d2 LP |
465 | <varname>a+</varname>, but recursive. Does not follow |
466 | symlinks.</para></listitem> | |
f8eeeaf9 | 467 | </varlistentry> |
302fbdf2 ZJS |
468 | </variablelist> |
469 | ||
470 | <para>If the exclamation mark is used, this line is only safe of | |
471 | execute during boot, and can break a running system. Lines | |
472 | without the exclamation mark are presumed to be safe to execute | |
473 | at any time, e.g. on package upgrades. | |
474 | <command>systemd-tmpfiles</command> will execute line with an | |
475 | exclamation mark only if option <option>--boot</option> is | |
476 | given.</para> | |
477 | ||
478 | <para>For example: | |
479 | <programlisting># Make sure these are created by default so that nobody else can | |
9b9c30ec | 480 | d /tmp/.X11-unix 1777 root root 10d |
302fbdf2 | 481 | |
9b9c30ec LP |
482 | # Unlink the X11 lock files |
483 | r! /tmp/.X[0-9]*-lock</programlisting> | |
302fbdf2 ZJS |
484 | The second line in contrast to the first one would break a |
485 | running system, and will only be executed with | |
486 | <option>--boot</option>.</para> | |
487 | </refsect2> | |
488 | ||
489 | <refsect2> | |
490 | <title>Path</title> | |
491 | ||
492 | <para>The file system path specification supports simple | |
2df36d09 ZJS |
493 | specifier expansion, see below. The path (after expansion) must be |
494 | absolute.</para> | |
302fbdf2 ZJS |
495 | </refsect2> |
496 | ||
497 | <refsect2> | |
498 | <title>Mode</title> | |
499 | ||
500 | <para>The file access mode to use when creating this file or | |
501 | directory. If omitted or when set to <literal>-</literal>, the | |
502 | default is used: 0755 for directories, 0644 for all other file | |
503 | objects. For <varname>z</varname>, <varname>Z</varname> lines, | |
504 | if omitted or when set to <literal>-</literal>, the file access | |
505 | mode will not be modified. This parameter is ignored for | |
506 | <varname>x</varname>, <varname>r</varname>, | |
f8eeeaf9 ZJS |
507 | <varname>R</varname>, <varname>L</varname>, <varname>t</varname>, |
508 | and <varname>a</varname> lines.</para> | |
302fbdf2 ZJS |
509 | |
510 | <para>Optionally, if prefixed with <literal>~</literal>, the | |
511 | access mode is masked based on the already set access bits for | |
512 | existing file or directories: if the existing file has all | |
513 | executable bits unset, all executable bits are removed from the | |
514 | new access mode, too. Similarly, if all read bits are removed | |
515 | from the old access mode, they will be removed from the new | |
516 | access mode too, and if all write bits are removed, they will be | |
517 | removed from the new access mode too. In addition, the | |
518 | sticky/SUID/SGID bit is removed unless applied to a | |
519 | directory. This functionality is particularly useful in | |
520 | conjunction with <varname>Z</varname>.</para> | |
521 | </refsect2> | |
522 | ||
523 | <refsect2> | |
524 | <title>UID, GID</title> | |
525 | ||
526 | <para>The user and group to use for this file or directory. This | |
527 | may either be a numeric user/group ID or a user or group | |
528 | name. If omitted or when set to <literal>-</literal>, the | |
a8eaaee7 | 529 | default 0 (root) is used. For <varname>z</varname> and |
f8eeeaf9 ZJS |
530 | <varname>Z</varname> lines, when omitted or when set to |
531 | <literal>-</literal>, the file ownership will not be | |
532 | modified. These parameters are ignored for <varname>x</varname>, | |
533 | <varname>r</varname>, <varname>R</varname>, | |
534 | <varname>L</varname>, <varname>t</varname>, and | |
535 | <varname>a</varname> lines.</para> | |
302fbdf2 ZJS |
536 | </refsect2> |
537 | ||
538 | <refsect2> | |
539 | <title>Age</title> | |
540 | <para>The date field, when set, is used to decide what files to | |
541 | delete when cleaning. If a file or directory is older than the | |
542 | current time minus the age field, it is deleted. The field | |
543 | format is a series of integers each followed by one of the | |
a8eaaee7 | 544 | following suffixes for the respective time units: |
00c53f42 ZJS |
545 | <constant>s</constant>, |
546 | <constant>m</constant> or <constant>min</constant>, | |
547 | <constant>h</constant>, | |
548 | <constant>d</constant>, | |
549 | <constant>w</constant>, | |
a8eaaee7 | 550 | <constant>ms</constant>, and |
00c53f42 | 551 | <constant>us</constant>, |
a8eaaee7 JE |
552 | meaning seconds, minutes, hours, days, weeks, |
553 | milliseconds, and microseconds, respectively. Full names of the time units can | |
00c53f42 ZJS |
554 | be used too. |
555 | </para> | |
302fbdf2 ZJS |
556 | |
557 | <para>If multiple integers and units are specified, the time | |
00c53f42 ZJS |
558 | values are summed. If an integer is given without a unit, |
559 | <constant>s</constant> is assumed. | |
302fbdf2 ZJS |
560 | </para> |
561 | ||
562 | <para>When the age is set to zero, the files are cleaned | |
563 | unconditionally.</para> | |
564 | ||
5fb13eb5 | 565 | <para>The age field only applies to lines starting with |
df8dee85 | 566 | <varname>d</varname>, <varname>D</varname>, <varname>e</varname>, |
5fb13eb5 LP |
567 | <varname>v</varname>, <varname>q</varname>, |
568 | <varname>Q</varname>, <varname>C</varname>, <varname>x</varname> | |
569 | and <varname>X</varname>. If omitted or set to | |
570 | <literal>-</literal>, no automatic clean-up is done.</para> | |
302fbdf2 ZJS |
571 | |
572 | <para>If the age field starts with a tilde character | |
573 | <literal>~</literal>, the clean-up is only applied to files and | |
574 | directories one level inside the directory specified, but not | |
575 | the files and directories immediately inside it.</para> | |
576 | </refsect2> | |
577 | ||
578 | <refsect2> | |
579 | <title>Argument</title> | |
580 | ||
581 | <para>For <varname>L</varname> lines determines the destination | |
a8eaaee7 JE |
582 | path of the symlink. For <varname>c</varname> and |
583 | <varname>b</varname>, determines the major/minor of the device | |
302fbdf2 ZJS |
584 | node, with major and minor formatted as integers, separated by |
585 | <literal>:</literal>, e.g. <literal>1:3</literal>. For | |
586 | <varname>f</varname>, <varname>F</varname>, and | |
a8eaaee7 | 587 | <varname>w</varname>, the argument may be used to specify a short string that |
302fbdf2 ZJS |
588 | is written to the file, suffixed by a newline. For |
589 | <varname>C</varname>, specifies the source file or | |
a8eaaee7 | 590 | directory. For <varname>t</varname> and <varname>T</varname>, |
0ac0b1e7 | 591 | determines extended attributes to be set. For |
a8eaaee7 JE |
592 | <varname>a</varname> and <varname>A</varname>, determines ACL |
593 | attributes to be set. For <varname>h</varname> and | |
b938cb90 | 594 | <varname>H</varname>, determines the file attributes to |
0ac0b1e7 | 595 | set. Ignored for all other lines.</para> |
2df36d09 ZJS |
596 | |
597 | <para>This field can contain specifiers, see below.</para> | |
302fbdf2 | 598 | </refsect2> |
2df36d09 | 599 | </refsect1> |
302fbdf2 | 600 | |
2df36d09 ZJS |
601 | <refsect1> |
602 | <title>Specifiers</title> | |
603 | ||
604 | <para>Specifiers can be used in the "path" and "argument" fields. | |
751223fe | 605 | An unknown or unresolvable specifier is treated as invalid configuration. |
2df36d09 ZJS |
606 | The following expansions are understood:</para> |
607 | <table> | |
608 | <title>Specifiers available</title> | |
609 | <tgroup cols='3' align='left' colsep='1' rowsep='1'> | |
610 | <colspec colname="spec" /> | |
611 | <colspec colname="mean" /> | |
612 | <colspec colname="detail" /> | |
613 | <thead> | |
614 | <row> | |
615 | <entry>Specifier</entry> | |
616 | <entry>Meaning</entry> | |
617 | <entry>Details</entry> | |
618 | </row> | |
619 | </thead> | |
620 | <tbody> | |
621 | <row> | |
622 | <entry><literal>%m</literal></entry> | |
623 | <entry>Machine ID</entry> | |
624 | <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry> | |
625 | </row> | |
626 | <row> | |
627 | <entry><literal>%b</literal></entry> | |
628 | <entry>Boot ID</entry> | |
629 | <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry> | |
630 | </row> | |
631 | <row> | |
632 | <entry><literal>%H</literal></entry> | |
633 | <entry>Host name</entry> | |
634 | <entry>The hostname of the running system.</entry> | |
635 | </row> | |
636 | <row> | |
637 | <entry><literal>%v</literal></entry> | |
638 | <entry>Kernel release</entry> | |
639 | <entry>Identical to <command>uname -r</command> output.</entry> | |
640 | </row> | |
ca23eeb5 TW |
641 | <row> |
642 | <entry><literal>%U</literal></entry> | |
643 | <entry>User UID</entry> | |
644 | <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <constant>0</constant>.</entry> | |
645 | </row> | |
646 | <row> | |
647 | <entry><literal>%u</literal></entry> | |
648 | <entry>User name</entry> | |
649 | <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> | |
650 | </row> | |
651 | <row> | |
652 | <entry><literal>%h</literal></entry> | |
653 | <entry>User home directory</entry> | |
654 | <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry> | |
655 | </row> | |
5a8575ef ZJS |
656 | <row> |
657 | <entry><literal>%t</literal></entry> | |
658 | <entry>System or user runtime directory</entry> | |
659 | <entry>In --user mode, this is the same <varname>$XDG_RUNTIME_DIR</varname>, and <filename>/run</filename> otherwise.</entry> | |
660 | </row> | |
661 | <row> | |
662 | <entry><literal>%S</literal></entry> | |
663 | <entry>System or user state directory</entry> | |
664 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname>, and <filename>/var/lib</filename> otherwise.</entry> | |
665 | </row> | |
666 | <row> | |
667 | <entry><literal>%C</literal></entry> | |
668 | <entry>System or user cache directory</entry> | |
669 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CACHE_HOME</varname>, and <filename>/var/cache</filename> otherwise.</entry> | |
670 | </row> | |
671 | <row> | |
672 | <entry><literal>%L</literal></entry> | |
673 | <entry>System or user log directory</entry> | |
674 | <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname> with <filename noindex='true'>/log</filename> appended, and <filename>/var/log</filename> otherwise.</entry> | |
675 | </row> | |
2df36d09 ZJS |
676 | <row> |
677 | <entry><literal>%%</literal></entry> | |
5a8575ef | 678 | <entry>Escaped <literal>%</literal></entry> |
2df36d09 ZJS |
679 | <entry>Single percent sign.</entry> |
680 | </row> | |
681 | </tbody> | |
682 | </tgroup> | |
683 | </table> | |
302fbdf2 ZJS |
684 | </refsect1> |
685 | ||
686 | <refsect1> | |
4b743d67 | 687 | <title>Examples</title> |
302fbdf2 | 688 | <example> |
4b743d67 ZJS |
689 | <title>Create directories with specific mode and ownership</title> |
690 | <para> | |
0a07667d | 691 | <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4b743d67 ZJS |
692 | needs two directories created at boot with specific modes and ownership:</para> |
693 | ||
694 | <programlisting># /usr/lib/tmpfiles.d/screen.conf | |
695 | d /run/screens 1777 root screen 10d | |
696 | d /run/uscreens 0755 root screen 10d12h | |
697 | </programlisting> | |
698 | ||
699 | <para>Contents of <filename>/run/screens</filename> and /run/uscreens will | |
700 | cleaned up after 10 and 10½ days, respectively.</para> | |
701 | </example> | |
302fbdf2 | 702 | |
4b743d67 ZJS |
703 | <example> |
704 | <title>Create a directory with a SMACK attribute</title> | |
705 | <programlisting>D /run/cups - - - - | |
706 | t /run/cups - - - - security.SMACK64=printing user.attr-with-spaces="foo bar" | |
707 | </programlisting> | |
708 | ||
b17649ee | 709 | <para>The directory will be owned by root and have default mode. Its contents are |
4b743d67 ZJS |
710 | not subject to time based cleanup, but will be obliterated when |
711 | <command>systemd-tmpfiles --remove</command> runs.</para> | |
302fbdf2 | 712 | </example> |
4b743d67 | 713 | |
302fbdf2 | 714 | <example> |
4b743d67 ZJS |
715 | <title>Create a directory and prevent its contents from cleanup</title> |
716 | <para> | |
0a07667d | 717 | <citerefentry project='die-net'><refentrytitle>abrt</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4b743d67 ZJS |
718 | needs a directory created at boot with specific mode and ownership and its content |
719 | should be preserved from the automatic cleanup applied to the contents of | |
720 | <filename>/var/tmp</filename>:</para> | |
721 | ||
722 | <programlisting># /usr/lib/tmpfiles.d/tmp.conf | |
723 | d /var/tmp 1777 root root 30d | |
724 | </programlisting> | |
725 | ||
726 | <programlisting># /usr/lib/tmpfiles.d/abrt.conf | |
727 | d /var/tmp/abrt 0755 abrt abrt - | |
df8dee85 ZJS |
728 | </programlisting> |
729 | </example> | |
730 | ||
731 | <example> | |
732 | <title>Apply clean up during boot and based on time</title> | |
733 | ||
734 | <programlisting># /usr/lib/tmpfiles.d/dnf.conf | |
735 | r! /var/cache/dnf/*/*/download_lock.pid | |
736 | r! /var/cache/dnf/*/*/metadata_lock.pid | |
737 | r! /var/lib/dnf/rpmdb_lock.pid | |
e80f1a79 | 738 | e /var/cache/dnf/ - - - 30d |
4b743d67 | 739 | </programlisting> |
302fbdf2 | 740 | |
df8dee85 | 741 | <para>The lock files will be removed during boot. Any files and directories in |
e80f1a79 | 742 | <filename>/var/cache/dnf/</filename> will be removed after they have not been |
df8dee85 | 743 | accessed in 30 days.</para> |
302fbdf2 | 744 | </example> |
ed7fd549 ZJS |
745 | |
746 | <example> | |
b719b26c | 747 | <title>Empty the contents of a cache directory on boot</title> |
ed7fd549 ZJS |
748 | |
749 | <programlisting># /usr/lib/tmpfiles.d/krb5rcache.conf | |
750 | e! /var/cache/krb5rcache - - - 0 | |
751 | </programlisting> | |
752 | ||
753 | <para>Any files and subdirectories in <filename>/var/cache/krb5rcache/</filename> | |
754 | will be removed on boot. The directory will not be created. | |
755 | </para> | |
756 | </example> | |
302fbdf2 ZJS |
757 | </refsect1> |
758 | ||
759 | <refsect1> | |
760 | <title>See Also</title> | |
761 | <para> | |
762 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
763 | <citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
764 | <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
f8eeeaf9 ZJS |
765 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
766 | <citerefentry project='man-pages'><refentrytitle>attr</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
767 | <citerefentry project='man-pages'><refentrytitle>getfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
768 | <citerefentry project='man-pages'><refentrytitle>setfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
769 | <citerefentry project='man-pages'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
fa3f5fd2 | 770 | <citerefentry project='man-pages'><refentrytitle>getfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
5fb13eb5 LP |
771 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
772 | <citerefentry project='die-net'><refentrytitle>btrfs-subvolume</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
773 | <citerefentry project='die-net'><refentrytitle>btrfs-qgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
302fbdf2 ZJS |
774 | </para> |
775 | </refsect1> | |
4149f86d BP |
776 | |
777 | </refentry> |