1TMPFILES.D(5) tmpfiles.d TMPFILES.D(5)
2
3
4
6 tmpfiles.d - Configuration for creation, deletion and cleaning of
7 volatile and temporary files
8
10 /etc/tmpfiles.d/*.conf
11 /run/tmpfiles.d/*.conf
12 /usr/lib/tmpfiles.d/*.conf
13
14
15 ~/.config/user-tmpfiles.d/*.conf
16 $XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf
17 ~/.local/share/user-tmpfiles.d/*.conf
18 ...
19 /usr/share/user-tmpfiles.d/*.conf
20
21
22
23 #Type Path Mode User Group Age Argument
24 f /file/to/create mode user group - content
25 f+ /file/to/create-or-truncate mode user group - content
26 w /file/to/write-to - - - - content
27 w+ /file/to/append-to - - - - content
28 d /directory/to/create-and-cleanup mode user group cleanup-age -
29 D /directory/to/create-and-remove mode user group cleanup-age -
30 e /directory/to/cleanup mode user group cleanup-age -
31 v /subvolume-or-directory/to/create mode user group - -
32 q /subvolume-or-directory/to/create mode user group - -
33 Q /subvolume-or-directory/to/create mode user group - -
34 p /fifo/to/create mode user group - -
35 p+ /fifo/to/[re]create mode user group - -
36 L /symlink/to/create - - - - symlink/target/path
37 L+ /symlink/to/[re]create - - - - symlink/target/path
38 c /dev/char-device-to-create mode user group - major:minor
39 c+ /dev/char-device-to-[re]create mode user group - major:minor
40 b /dev/block-device-to-create mode user group - major:minor
41 b+ /dev/block-device-to-[re]create mode user group - major:minor
42 C /target/to/create - - - - /source/to/copy
43 x /path-or-glob/to/ignore - - - - -
44 X /path-or-glob/to/ignore/recursively - - - - -
45 r /empty/dir/to/remove - - - - -
46 R /dir/to/remove/recursively - - - - -
47 z /path-or-glob/to/adjust/mode mode user group - -
48 Z /path-or-glob/to/adjust/mode/recursively mode user group - -
49 t /path-or-glob/to/set/xattrs - - - - xattrs
50 T /path-or-glob/to/set/xattrs/recursively - - - - xattrs
51 h /path-or-glob/to/set/attrs - - - - file attrs
52 H /path-or-glob/to/set/attrs/recursively - - - - file attrs
53 a /path-or-glob/to/set/acls - - - - POSIX ACLs
54 a+ /path-or-glob/to/append/acls - - - - POSIX ACLs
55 A /path-or-glob/to/set/acls/recursively - - - - POSIX ACLs
56 A+ /path-or-glob/to/append/acls/recursively - - - - POSIX ACLs
57
58
60 tmpfiles.d configuration files provide a generic mechanism to define
61 the creation of regular files, directories, pipes, and device nodes,
62 adjustments to their access mode, ownership, attributes, quota
63 assignments, and contents, and finally their time-based removal. It is
64 mostly commonly used for volatile and temporary files and directories
65 (such as those located under /run, /tmp, /var/tmp, the API file systems
66 such as /sys or /proc, as well as some other directories below /var).
67
68 systemd-tmpfiles uses this configuration to create volatile files and
69 directories during boot and to do periodic cleanup afterwards. See
70 systemd-tmpfiles(5) for the description of
71 systemd-tmpfiles-setup.service, systemd-tmpfiles-cleanup.service, and
72 associated units.
73
74 System daemons frequently require private runtime directories below
75 /run to store communication sockets and similar. For these, it is
76 better to use RuntimeDirectory= in their unit files (see
77 systemd.exec(5) for details), if the flexibility provided by tmpfiles.d
78 is not required. The advantages are that the configuration required by
79 the unit is centralized in one place, and that the lifetime of the
80 directory is tied to the lifetime of the service itself. Similarly,
81 StateDirectory=, CacheDirectory=, LogsDirectory=, and
82 ConfigurationDirectory= should be used to create directories under
83 /var/lib/, /var/cache/, /var/log/, and /etc/. tmpfiles.d should be
84 used for files whose lifetime is independent of any service or requires
85 more complicated configuration.
86
88 Each configuration file shall be named in the style of package.conf or
89 package-part.conf. The second variant should be used when it is
90 desirable to make it easy to override just this part of configuration.
91
92 Files in /etc/tmpfiles.d override files with the same name in
93 /usr/lib/tmpfiles.d and /run/tmpfiles.d. Files in /run/tmpfiles.d
94 override files with the same name in /usr/lib/tmpfiles.d. Packages
95 should install their configuration files in /usr/lib/tmpfiles.d. Files
96 in /etc/tmpfiles.d are reserved for the local administrator, who may
97 use this logic to override the configuration files installed by vendor
98 packages. All configuration files are sorted by their filename in
99 lexicographic order, regardless of which of the directories they reside
100 in. If multiple files specify the same path, the entry in the file with
101 the lexicographically earliest name will be applied. All other
102 conflicting entries will be logged as errors. When two lines are prefix
103 path and suffix path of each other, then the prefix line is always
104 created first, the suffix later (and if removal applies to the line,
105 the order is reversed: the suffix is removed first, the prefix later).
106 Lines that take globs are applied after those accepting no globs. If
107 multiple operations shall be applied on the same file (such as ACL,
108 xattr, file attribute adjustments), these are always done in the same
109 fixed order. Except for those cases, the files/directories are
110 processed in the order they are listed.
111
112 If the administrator wants to disable a configuration file supplied by
113 the vendor, the recommended way is to place a symlink to /dev/null in
114 /etc/tmpfiles.d/ bearing the same filename.
115
117 The configuration format is one line per path containing type, path,
118 mode, ownership, age, and argument fields:
119
120 #Type Path Mode User Group Age Argument
121 d /run/user 0755 root root 10d -
122 L /tmp/foobar - - - - /dev/null
123
124 Fields may be enclosed within quotes and contain C-style escapes.
125
126 Type
127 The type consists of a single letter and optionally an exclamation mark
128 and/or minus sign.
129
130 The following line types are understood:
131
132 f, f+
133 f will create a file if it does not exist yet. If the argument
134 parameter is given and the file did not exist yet, it will be
135 written to the file. f+ will create or truncate the file. If the
136 argument parameter is given, it will be written to the file. Does
137 not follow symlinks.
138
139 w, w+
140 Write the argument parameter to a file, if the file exists. If
141 suffixed with +, the line will be appended to the file. If your
142 configuration writes multiple lines to the same file, use w+. Lines
143 of this type accept shell-style globs in place of normal path
144 names. The argument parameter will be written without a trailing
145 newline. C-style backslash escapes are interpreted. Follows
146 symlinks.
147
148 d
149 Create a directory. The mode and ownership will be adjusted if
150 specified. Contents of this directory are subject to time based
151 cleanup if the age argument is specified.
152
153 D
154 Similar to d, but in addition the contents of the directory will be
155 removed when --remove is used.
156
157 e
158 Adjust the mode and ownership of existing directories and remove
159 their contents based on age. Lines of this type accept shell-style
160 globs in place of normal path names. Contents of the directories
161 are subject to time based cleanup if the age argument is specified.
162 If the age argument is "0", contents will be unconditionally
163 deleted every time systemd-tmpfiles --clean is run.
164
165 For this entry to be useful, at least one of the mode, user, group,
166 or age arguments must be specified, since otherwise this entry has
167 no effect. As an exception, an entry with no effect may be useful
168 when combined with !, see the examples.
169
170 v
171 Create a subvolume if the path does not exist yet, the file system
172 supports subvolumes (btrfs), and the system itself is installed
173 into a subvolume (specifically: the root directory / is itself a
174 subvolume). Otherwise, create a normal directory, in the same way
175 as d.
176
177 A subvolume created with this line type is not assigned to any
178 higher-level quota group. For that, use q or Q, which allow
179 creating simple quota group hierarchies, see below.
180
181 q
182 Create a subvolume or directory the same as v, but assign the
183 subvolume to the same higher-level quota groups as the parent. This
184 ensures that higher-level limits and accounting applied to the
185 parent subvolume also include the specified subvolume. On non-btrfs
186 file systems, this line type is identical to d.
187
188 If the subvolume already exists, no change to the quota hierarchy
189 is made, regardless of whether the subvolume is already attached to
190 a quota group or not. Also see Q below. See btrfs-qgroup(8) for
191 details about the btrfs quota group concept.
192
193 Q
194 Create the subvolume or directory the same as v, but assign the new
195 subvolume to a new leaf quota group. Instead of copying the
196 higher-level quota group assignments from the parent as is done
197 with q, the lowest quota group of the parent subvolume is
198 determined that is not the leaf quota group. Then, an
199 "intermediary" quota group is inserted that is one level below this
200 level, and shares the same ID part as the specified subvolume. If
201 no higher-level quota group exists for the parent subvolume, a new
202 quota group at level 255 sharing the same ID as the specified
203 subvolume is inserted instead. This new intermediary quota group is
204 then assigned to the parent subvolume's higher-level quota groups,
205 and the specified subvolume's leaf quota group is assigned to it.
206
207 Effectively, this has a similar effect as q, however introduces a
208 new higher-level quota group for the specified subvolume that may
209 be used to enforce limits and accounting to the specified subvolume
210 and children subvolume created within it. Thus, by creating
211 subvolumes only via q and Q, a concept of "subtree quotas" is
212 implemented. Each subvolume for which Q is set will get a "subtree"
213 quota group created, and all child subvolumes created within it
214 will be assigned to it. Each subvolume for which q is set will not
215 get such a "subtree" quota group, but it is ensured that they are
216 added to the same "subtree" quota group as their immediate parents.
217
218 It is recommended to use Q for subvolumes that typically contain
219 further subvolumes, and where it is desirable to have accounting
220 and quota limits on all child subvolumes together. Examples for Q
221 are typically /home or /var/lib/machines. In contrast, q should be
222 used for subvolumes that either usually do not include further
223 subvolumes or where no accounting and quota limits are needed that
224 apply to all child subvolumes together. Examples for q are
225 typically /var or /var/tmp.
226
227 As with q, Q has no effect on the quota group hierarchy if the
228 subvolume already exists, regardless of whether the subvolume
229 already belong to a quota group or not.
230
231 p, p+
232 Create a named pipe (FIFO) if it does not exist yet. If suffixed
233 with + and a file already exists where the pipe is to be created,
234 it will be removed and be replaced by the pipe.
235
236 L, L+
237 Create a symlink if it does not exist yet. If suffixed with + and a
238 file or directory already exists where the symlink is to be
239 created, it will be removed and be replaced by the symlink. If the
240 argument is omitted, symlinks to files with the same name residing
241 in the directory /usr/share/factory/ are created. Note that
242 permissions and ownership on symlinks are ignored.
243
244 c, c+
245 Create a character device node if it does not exist yet. If
246 suffixed with + and a file already exists where the device node is
247 to be created, it will be removed and be replaced by the device
248 node. It is recommended to suffix this entry with an exclamation
249 mark to only create static device nodes at boot, as udev will not
250 manage static device nodes that are created at runtime.
251
252 b, b+
253 Create a block device node if it does not exist yet. If suffixed
254 with + and a file already exists where the device node is to be
255 created, it will be removed and be replaced by the device node. It
256 is recommended to suffix this entry with an exclamation mark to
257 only create static device nodes at boot, as udev will not manage
258 static device nodes that are created at runtime.
259
260 C
261 Recursively copy a file or directory, if the destination files or
262 directories do not exist yet or the destination directory is empty.
263 Note that this command will not descend into subdirectories if the
264 destination directory already exists and is not empty. Instead, the
265 entire copy operation is skipped. If the argument is omitted, files
266 from the source directory /usr/share/factory/ with the same name
267 are copied. Does not follow symlinks.
268
269 x
270 Ignore a path during cleaning. Use this type to exclude paths from
271 clean-up as controlled with the Age parameter. Note that lines of
272 this type do not influence the effect of r or R lines. Lines of
273 this type accept shell-style globs in place of normal path names.
274
275 X
276 Ignore a path during cleaning. Use this type to exclude paths from
277 clean-up as controlled with the Age parameter. Unlike x, this
278 parameter will not exclude the content if path is a directory, but
279 only directory itself. Note that lines of this type do not
280 influence the effect of r or R lines. Lines of this type accept
281 shell-style globs in place of normal path names.
282
283 r
284 Remove a file or directory if it exists. This may not be used to
285 remove non-empty directories, use R for that. Lines of this type
286 accept shell-style globs in place of normal path names. Does not
287 follow symlinks.
288
289 R
290 Recursively remove a path and all its subdirectories (if it is a
291 directory). Lines of this type accept shell-style globs in place of
292 normal path names. Does not follow symlinks.
293
294 z
295 Adjust the access mode, user and group ownership, and restore the
296 SELinux security context of a file or directory, if it exists.
297 Lines of this type accept shell-style globs in place of normal path
298 names. Does not follow symlinks.
299
300 Z
301 Recursively set the access mode, user and group ownership, and
302 restore the SELinux security context of a file or directory if it
303 exists, as well as of its subdirectories and the files contained
304 therein (if applicable). Lines of this type accept shell-style
305 globs in place of normal path names. Does not follow symlinks.
306
307 t
308 Set extended attributes, see attr(5) for details. The argument
309 field should take one or more assignment expressions in the form
310 namespace.attribute=value, for examples see below. Lines of this
311 type accept shell-style globs in place of normal path names. This
312 can be useful for setting SMACK labels. Does not follow symlinks.
313
314 Please note that extended attributes settable with this line type
315 are a different concept from the Linux file attributes settable
316 with h/H, see below.
317
318 T
319 Same as t, but operates recursively.
320
321 h
322 Set Linux file/directory attributes. Lines of this type accept
323 shell-style globs in place of normal path names.
324
325 The format of the argument field is [+-=][aAcCdDeijPsStTu]. The
326 prefix + (the default one) causes the attribute(s) to be added; -
327 causes the attribute(s) to be removed; = causes the attributes to
328 be set exactly as the following letters. The letters
329 "aAcCdDeijPsStTu" select the new attributes for the files, see
330 chattr(1) for further information.
331
332 Passing only = as argument resets all the file attributes listed
333 above. It has to be pointed out that the = prefix limits itself to
334 the attributes corresponding to the letters listed here. All other
335 attributes will be left untouched. Does not follow symlinks.
336
337 Please note that the Linux file attributes settable with this line
338 type are a different concept from the extended attributes settable
339 with t/T, see above.
340
341 H
342 Sames as h, but operates recursively.
343
344 a, a+
345 Set POSIX ACLs (access control lists), see acl(5). If suffixed with
346 +, the specified entries will be added to the existing set.
347 systemd-tmpfiles will automatically add the required base entries
348 for user and group based on the access mode of the file, unless
349 base entries already exist or are explicitly specified. The mask
350 will be added if not specified explicitly or already present. Lines
351 of this type accept shell-style globs in place of normal path
352 names. This can be useful for allowing additional access to certain
353 files. Does not follow symlinks.
354
355 A, A+
356 Same as a and a+, but recursive. Does not follow symlinks.
357
358 If the exclamation mark is used, this line is only safe to execute
359 during boot, and can break a running system. Lines without the
360 exclamation mark are presumed to be safe to execute at any time, e.g.
361 on package upgrades. systemd-tmpfiles will execute line with an
362 exclamation mark only if option --boot is given.
363
364 For example:
365
366 # Make sure these are created by default so that nobody else can
367 d /tmp/.X11-unix 1777 root root 10d
368
369 # Unlink the X11 lock files
370 r! /tmp/.X[0-9]*-lock
371
372 The second line in contrast to the first one would break a running
373 system, and will only be executed with --boot.
374
375 If the minus sign is used, this line failing to run successfully during
376 create (and only create) will not cause the execution of
377 systemd-tmpfiles to return an error.
378
379 For example:
380
381 # Modify sysfs but don't fail if we are in a container with a read-only /proc
382 w- /proc/sys/vm/swappiness - - - - 10
383
384 Note that for all line types that result in creation of any kind of
385 file node (i.e. f/F, d/D/v/q/Q, p, L, c/b and C) leading directories
386 are implicitly created if needed, owned by root with an access mode of
387 0755. In order to create them with different modes or ownership make
388 sure to add appropriate d lines.
389
390 Path
391 The file system path specification supports simple specifier expansion,
392 see below. The path (after expansion) must be absolute.
393
394 Mode
395 The file access mode to use when creating this file or directory. If
396 omitted or when set to "-", the default is used: 0755 for directories,
397 0644 for all other file objects. For z, Z lines, if omitted or when set
398 to "-", the file access mode will not be modified. This parameter is
399 ignored for x, r, R, L, t, and a lines.
400
401 Optionally, if prefixed with "~", the access mode is masked based on
402 the already set access bits for existing file or directories: if the
403 existing file has all executable bits unset, all executable bits are
404 removed from the new access mode, too. Similarly, if all read bits are
405 removed from the old access mode, they will be removed from the new
406 access mode too, and if all write bits are removed, they will be
407 removed from the new access mode too. In addition, the sticky/SUID/SGID
408 bit is removed unless applied to a directory. This functionality is
409 particularly useful in conjunction with Z.
410
411 User, Group
412 The user and group to use for this file or directory. This may either
413 be a numeric ID or a user/group name. If omitted or when set to "-",
414 the user and group of the user who invokes systemd-tmpfiles is used.
415 For z and Z lines, when omitted or when set to "-", the file ownership
416 will not be modified. These parameters are ignored for x, r, R, L, t,
417 and a lines.
418
419 This field should generally only reference system users/groups, i.e.
420 users/groups that are guaranteed to be resolvable during early boot. If
421 this field references users/groups that only become resolveable during
422 later boot (i.e. after NIS, LDAP or a similar networked directory
423 service become available), execution of the operations declared by the
424 line will likely fail. Also see Notes on Resolvability of User and
425 Group Names[1] for more information on requirements on system
426 user/group definitions.
427
428 Age
429 The date field, when set, is used to decide what files to delete when
430 cleaning. If a file or directory is older than the current time minus
431 the age field, it is deleted. The field format is a series of integers
432 each followed by one of the following suffixes for the respective time
433 units: s, m or min, h, d, w, ms, and us, meaning seconds, minutes,
434 hours, days, weeks, milliseconds, and microseconds, respectively. Full
435 names of the time units can be used too.
436
437 If multiple integers and units are specified, the time values are
438 summed. If an integer is given without a unit, s is assumed.
439
440 When the age is set to zero, the files are cleaned unconditionally.
441
442 The age field only applies to lines starting with d, D, e, v, q, Q, C,
443 x and X. If omitted or set to "-", no automatic clean-up is done.
444
445 If the age field starts with a tilde character "~", the clean-up is
446 only applied to files and directories one level inside the directory
447 specified, but not the files and directories immediately inside it.
448
449 The age of a file system entry is determined from its last modification
450 timestamp (mtime), its last access timestamp (atime), and (except for
451 directories) its last status change timestamp (ctime). Any of these
452 three (or two) values will prevent cleanup if it is more recent than
453 the current time minus the age field.
454
455 Note that while the aging algorithm is run a 'shared' BSD file lock
456 (see flock(2)) is taken on each directory the algorithm descends into
457 (and each directory below that, and so on). If the aging algorithm
458 finds a lock is already taken on some directory, it (and everything
459 below it) is skipped. Applications may use this to temporarily exclude
460 certain directory subtrees from the aging algorithm: the applications
461 can take a BSD file lock themselves, and as long as they keep it aging
462 of the directory and everything below it is disabled.
463
464 Argument
465 For L lines determines the destination path of the symlink. For c and
466 b, determines the major/minor of the device node, with major and minor
467 formatted as integers, separated by ":", e.g. "1:3". For f, F, and w,
468 the argument may be used to specify a short string that is written to
469 the file, suffixed by a newline. For C, specifies the source file or
470 directory. For t and T, determines extended attributes to be set. For a
471 and A, determines ACL attributes to be set. For h and H, determines the
472 file attributes to set. Ignored for all other lines.
473
474 This field can contain specifiers, see below.
475
477 Specifiers can be used in the "path" and "argument" fields. An unknown
478 or unresolvable specifier is treated as invalid configuration. The
479 following expansions are understood:
480
481 Table 1. Specifiers available
482 ┌──────────┬─────────────────────┬─────────────────────┐
483 │Specifier │ Meaning │ Details │
484 ├──────────┼─────────────────────┼─────────────────────┤
485 │"%b" │ Boot ID │ The boot ID of the │
486 │ │ │ running system, │
487 │ │ │ formatted as │
488 │ │ │ string. See │
489 │ │ │ random(4) for more │
490 │ │ │ information. │
491 ├──────────┼─────────────────────┼─────────────────────┤
492 │"%C" │ System or user │ In --user mode, │
493 │ │ cache directory │ this is the same as │
494 │ │ │ $XDG_CACHE_HOME, │
495 │ │ │ and /var/cache │
496 │ │ │ otherwise. │
497 ├──────────┼─────────────────────┼─────────────────────┤
498 │"%h" │ User home directory │ This is the home │
499 │ │ │ directory of the │
500 │ │ │ user running the │
501 │ │ │ command. In case of │
502 │ │ │ the system instance │
503 │ │ │ this resolves to │
504 │ │ │ "/root". │
505 ├──────────┼─────────────────────┼─────────────────────┤
506 │"%H" │ Host name │ The hostname of the │
507 │ │ │ running system. │
508 ├──────────┼─────────────────────┼─────────────────────┤
509 │"%L" │ System or user log │ In --user mode, │
510 │ │ directory │ this is the same as │
511 │ │ │ $XDG_CONFIG_HOME │
512 │ │ │ with /log appended, │
513 │ │ │ and /var/log │
514 │ │ │ otherwise. │
515 ├──────────┼─────────────────────┼─────────────────────┤
516 │"%m" │ Machine ID │ The machine ID of │
517 │ │ │ the running system, │
518 │ │ │ formatted as │
519 │ │ │ string. See │
520 │ │ │ machine-id(5) for │
521 │ │ │ more information. │
522 ├──────────┼─────────────────────┼─────────────────────┤
523 │"%S" │ System or user │ In --user mode, │
524 │ │ state directory │ this is the same as │
525 │ │ │ $XDG_CONFIG_HOME, │
526 │ │ │ and /var/lib │
527 │ │ │ otherwise. │
528 ├──────────┼─────────────────────┼─────────────────────┤
529 │"%t" │ System or user │ In --user mode, │
530 │ │ runtime directory │ this is the same │
531 │ │ │ $XDG_RUNTIME_DIR, │
532 │ │ │ and /run otherwise. │
533 ├──────────┼─────────────────────┼─────────────────────┤
534 │"%T" │ Directory for │ This is either /tmp │
535 │ │ temporary files │ or the path │
536 │ │ │ "$TMPDIR", "$TEMP" │
537 │ │ │ or "$TMP" are set │
538 │ │ │ to. │
539 ├──────────┼─────────────────────┼─────────────────────┤
540 │"%g" │ User group │ This is the name of │
541 │ │ │ the group running │
542 │ │ │ the command. In │
543 │ │ │ case of the system │
544 │ │ │ instance this │
545 │ │ │ resolves to "root". │
546 ├──────────┼─────────────────────┼─────────────────────┤
547 │"%G" │ User GID │ This is the numeric │
548 │ │ │ GID of the group │
549 │ │ │ running the │
550 │ │ │ command. In case of │
551 │ │ │ the system instance │
552 │ │ │ this resolves to 0. │
553 ├──────────┼─────────────────────┼─────────────────────┤
554 │"%u" │ User name │ This is the name of │
555 │ │ │ the user running │
556 │ │ │ the command. In │
557 │ │ │ case of the system │
558 │ │ │ instance this │
559 │ │ │ resolves to "root". │
560 ├──────────┼─────────────────────┼─────────────────────┤
561 │"%U" │ User UID │ This is the numeric │
562 │ │ │ UID of the user │
563 │ │ │ running the │
564 │ │ │ command. In case of │
565 │ │ │ the system instance │
566 │ │ │ this resolves to 0. │
567 ├──────────┼─────────────────────┼─────────────────────┤
568 │"%v" │ Kernel release │ Identical to uname │
569 │ │ │ -r output. │
570 ├──────────┼─────────────────────┼─────────────────────┤
571 │"%V" │ Directory for │ This is either │
572 │ │ larger and │ /var/tmp or the │
573 │ │ persistent │ path "$TMPDIR", │
574 │ │ temporary files │ "$TEMP" or "$TMP" │
575 │ │ │ are set to. │
576 ├──────────┼─────────────────────┼─────────────────────┤
577 │"%%" │ Escaped "%" │ Single percent │
578 │ │ │ sign. │
579 └──────────┴─────────────────────┴─────────────────────┘
580
582 Example 1. Create directories with specific mode and ownership
583
584 screen(1), needs two directories created at boot with specific modes
585 and ownership:
586
587 # /usr/lib/tmpfiles.d/screen.conf
588 d /run/screens 1777 root screen 10d
589 d /run/uscreens 0755 root screen 10d12h
590
591 Contents of /run/screens and /run/uscreens will be cleaned up after 10
592 and 10½ days, respectively.
593
594 Example 2. Create a directory with a SMACK attribute
595
596 D /run/cups - - - -
597 t /run/cups - - - - security.SMACK64=printing user.attr-with-spaces="foo bar"
598
599
600 The directory will be owned by root and have default mode. Its contents
601 are not subject to time based cleanup, but will be obliterated when
602 systemd-tmpfiles --remove runs.
603
604 Example 3. Create a directory and prevent its contents from cleanup
605
606 abrt(1), needs a directory created at boot with specific mode and
607 ownership and its content should be preserved from the automatic
608 cleanup applied to the contents of /var/tmp:
609
610 # /usr/lib/tmpfiles.d/tmp.conf
611 d /var/tmp 1777 root root 30d
612
613 # /usr/lib/tmpfiles.d/abrt.conf
614 d /var/tmp/abrt 0755 abrt abrt -
615
616 Example 4. Apply clean up during boot and based on time
617
618 # /usr/lib/tmpfiles.d/dnf.conf
619 r! /var/cache/dnf/*/*/download_lock.pid
620 r! /var/cache/dnf/*/*/metadata_lock.pid
621 r! /var/lib/dnf/rpmdb_lock.pid
622 e /var/cache/dnf/ - - - 30d
623
624 The lock files will be removed during boot. Any files and directories
625 in /var/cache/dnf/ will be removed after they have not been accessed in
626 30 days.
627
628 Example 5. Empty the contents of a cache directory on boot
629
630 # /usr/lib/tmpfiles.d/krb5rcache.conf
631 e! /var/cache/krb5rcache - - - 0
632
633 Any files and subdirectories in /var/cache/krb5rcache/ will be removed
634 on boot. The directory will not be created.
635
637 /var/run/ is a deprecated symlink to /run/, and applications should use
638 the latter. systemd-tmpfiles will warn if /var/run/ is used.
639
641 systemd(1), systemd-tmpfiles(8), systemd-delta(1), systemd.exec(5),
642 attr(5), getfattr(1), setfattr(1), setfacl(1), getfacl(1), chattr(1),
643 btrfs-subvolume(8), btrfs-qgroup(8)
644
646 1. Notes on Resolvability of User and Group Names
647 https://systemd.io/UIDS-GIDS/#notes-on-resolvability-of-user-and-group-names
648
649
650
651systemd 245 TMPFILES.D(5)