<?xml version='1.0'?> <!--*-nxml-*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-
-<!--
- SPDX-License-Identifier: LGPL-2.1+
-
- This file is part of systemd.
-
- Copyright 2010 Lennart Poettering
--->
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="systemd-tmpfiles"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-tmpfiles</title>
<productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>Developer</contrib>
- <firstname>Lennart</firstname>
- <surname>Poettering</surname>
- <email>lennart@poettering.net</email>
- </author>
- </authorgroup>
</refentryinfo>
<refmeta>
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
are searched for a matching file and the file found that has the highest priority is
executed.</para>
+
+ <para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
+ <filename>systemd-tmpfiles-setup-dev.service</filename>,
+ <filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
+ system files and to perform system wide cleanup. Those services read administrator-controlled
+ configuration files in <filename>tmpfiles.d/</filename> directories. User services
+ (<filename>systemd-tmpfiles-setup.service</filename>,
+ <filename>systemd-tmpfiles-clean.service</filename>) also invoke <command>systemd-tmpfiles</command>, but
+ it reads a separate set of files, which includes user-controlled files under
+ <filename>~/.config/user-tmpfiles.d/</filename> and <filename>~/.local/share/user-tmpfiles.d/</filename>,
+ and administrator-controller files under <filename>/usr/share/user-tmpfiles.d/</filename>. Users may use
+ this to create and clean up files under their control, but the system instance performs global cleanup
+ and is not influenced by user configuration. Note that this means a time-based cleanup configured in the
+ system instance, such as the one typically configured for <filename>/tmp</filename>, will thus also
+ affect files created by the user instance if they are placed in <filename>/tmp</filename>, even if the
+ user instance's time-based cleanup is turned off.</para>
</refsect1>
<refsect1>
the specified prefix. This option can be specified multiple
times.</para></listitem>
</varlistentry>
+
<varlistentry>
<term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
<listitem><para>Ignore rules with paths that start with the
times.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>-E</option></term>
+ <listitem><para>A shortcut for <literal>--exclude-prefix=/dev --exclude-prefix=/proc
+ --exclude-prefix=/run --exclude-prefix=/sys</literal>, i.e. exclude the hierarchies typically backed
+ by virtual or memory file systems. This is useful in combination with <option>--root=</option>, if
+ the specified directory tree contains an OS tree without these virtual/memory file systems mounted
+ in, as it is typically not desirable to create any files and directories below these subdirectories
+ if they are supposed to be overmounted during runtime.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--root=<replaceable>root</replaceable></option></term>
<listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate
<replaceable>root</replaceable> path, including config search paths.</para>
- <para>Note that this option does not alter how the users and groups specified in the configuration files are
- resolved. With or without this option, users and groups are always resolved according to the host's user and
- group databases, any such databases stored under the specified root directories are not
- consulted.</para></listitem>
+ <para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users
+ and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
+ inside the alternate root are read directly. This means that users/groups not listed in these files
+ will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para>
+
+ <para>Consider combining this with <option>-E</option> to ensure the invocation does not create files
+ or directories below mount points in the OS image operated on that are typically overmounted during
+ runtime.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--image=<replaceable>image</replaceable></option></term>
+
+ <listitem><para>Takes a path to a disk image file or block device node. If specified all operations
+ are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
+ but operates on file systems stored in disk images or block devices. The disk image should either
+ contain just a file system or a set of file systems within a GPT partition table, following the
+ <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions
+ Specification</ulink>. For further information on supported disk images, see
+ <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ switch of the same name.</para>
+
+ <para>Implies <option>-E</option>.</para></listitem>
</varlistentry>
<varlistentry>
</para></listitem>
</varlistentry>
+ <xi:include href="standard-options.xml" xpointer="cat-config" />
+ <xi:include href="standard-options.xml" xpointer="no-pager" />
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
</variablelist>
- <para>It is possible to combine <option>--create</option>,
- <option>--clean</option>, and <option>--remove</option> in one
- invocation. For example, during boot the following command line is
- executed to ensure that all temporary and volatile directories are
+ <para>It is possible to combine <option>--create</option>, <option>--clean</option>, and <option>--remove</option>
+ in one invocation (in which case removal and cleanup are executed before creation of new files). For example,
+ during boot the following command line is executed to ensure that all temporary and volatile directories are
removed and created according to the configuration file:</para>
<programlisting>systemd-tmpfiles --remove --create</programlisting>
-
</refsect1>
<refsect1>
<filename>/usr/include/sysexits.h</filename>). If the configuration was syntactically valid, but
could not be executed (lack of permissions, creation of files in missing directories, invalid
contents when writing to <filename>/sys/</filename> values, …), <constant>73</constant> is
- returned (<constant>EX_DATAERR</constant> from <filename>/usr/include/sysexits.h</filename>).
+ returned (<constant>EX_CANTCREAT</constant> from <filename>/usr/include/sysexits.h</filename>).
Otherwise, <constant>1</constant> is returned (<constant>EXIT_FAILURE</constant> from
<filename>/usr/include/stdlib.h</filename>).
</para>