1TMPFILES.D(5) tmpfiles.d TMPFILES.D(5)
2
3
4
6 tmpfiles.d - Configuration for creation, deletion and cleaning of
7 volatile and temporary files
8
10 /etc/tmpfiles.d/*.conf
11 /run/tmpfiles.d/*.conf
12 /usr/lib/tmpfiles.d/*.conf
13
14
15 ~/.config/user-tmpfiles.d/*.conf
16 $XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf
17 ~/.local/share/user-tmpfiles.d/*.conf
18 ...
19 /usr/share/user-tmpfiles.d/*.conf
20
21
22
23 #Type Path Mode User Group Age Argument
24 f /file/to/create mode user group - content
25 f+ /file/to/create-or-truncate mode user group - content
26 w /file/to/write-to - - - - content
27 w+ /file/to/append-to - - - - content
28 d /directory/to/create-and-cleanup mode user group cleanup-age -
29 D /directory/to/create-and-remove mode user group cleanup-age -
30 e /directory/to/cleanup mode user group cleanup-age -
31 v /subvolume-or-directory/to/create mode user group - -
32 q /subvolume-or-directory/to/create mode user group - -
33 Q /subvolume-or-directory/to/create mode user group - -
34 p /fifo/to/create mode user group - -
35 p+ /fifo/to/[re]create mode user group - -
36 L /symlink/to/create - - - - symlink/target/path
37 L+ /symlink/to/[re]create - - - - symlink/target/path
38 c /dev/char-device-to-create mode user group - major:minor
39 c+ /dev/char-device-to-[re]create mode user group - major:minor
40 b /dev/block-device-to-create mode user group - major:minor
41 b+ /dev/block-device-to-[re]create mode user group - major:minor
42 C /target/to/create - - - - /source/to/copy
43 x /path-or-glob/to/ignore - - - - -
44 X /path-or-glob/to/ignore/recursively - - - - -
45 r /empty/dir/to/remove - - - - -
46 R /dir/to/remove/recursively - - - - -
47 z /path-or-glob/to/adjust/mode mode user group - -
48 Z /path-or-glob/to/adjust/mode/recursively mode user group - -
49 t /path-or-glob/to/set/xattrs - - - - xattrs
50 T /path-or-glob/to/set/xattrs/recursively - - - - xattrs
51 h /path-or-glob/to/set/attrs - - - - file attrs
52 H /path-or-glob/to/set/attrs/recursively - - - - file attrs
53 a /path-or-glob/to/set/acls - - - - POSIX ACLs
54 a+ /path-or-glob/to/append/acls - - - - POSIX ACLs
55 A /path-or-glob/to/set/acls/recursively - - - - POSIX ACLs
56 A+ /path-or-glob/to/append/acls/recursively - - - - POSIX ACLs
57
58
60 tmpfiles.d configuration files provide a generic mechanism to define
61 the creation of regular files, directories, pipes, and device nodes,
62 adjustments to their access mode, ownership, attributes, quota
63 assignments, and contents, and finally their time-based removal. It is
64 mostly commonly used for volatile and temporary files and directories
65 (such as those located under /run, /tmp, /var/tmp, the API file systems
66 such as /sys or /proc, as well as some other directories below /var).
67
68 systemd-tmpfiles uses this configuration to create volatile files and
69 directories during boot and to do periodic cleanup afterwards. See
70 systemd-tmpfiles(5) for the description of
71 systemd-tmpfiles-setup.service, systemd-tmpfiles-clean.service, and
72 associated units.
73
74 System daemons frequently require private runtime directories below
75 /run to store communication sockets and similar. For these, it is
76 better to use RuntimeDirectory= in their unit files (see
77 systemd.exec(5) for details), if the flexibility provided by tmpfiles.d
78 is not required. The advantages are that the configuration required by
79 the unit is centralized in one place, and that the lifetime of the
80 directory is tied to the lifetime of the service itself. Similarly,
81 StateDirectory=, CacheDirectory=, LogsDirectory=, and
82 ConfigurationDirectory= should be used to create directories under
83 /var/lib/, /var/cache/, /var/log/, and /etc/. tmpfiles.d should be
84 used for files whose lifetime is independent of any service or requires
85 more complicated configuration.
86
88 Each configuration file shall be named in the style of package.conf or
89 package-part.conf. The second variant should be used when it is
90 desirable to make it easy to override just this part of configuration.
91
92 Files in /etc/tmpfiles.d override files with the same name in
93 /usr/lib/tmpfiles.d and /run/tmpfiles.d. Files in /run/tmpfiles.d
94 override files with the same name in /usr/lib/tmpfiles.d. Packages
95 should install their configuration files in /usr/lib/tmpfiles.d. Files
96 in /etc/tmpfiles.d are reserved for the local administrator, who may
97 use this logic to override the configuration files installed by vendor
98 packages. All configuration files are sorted by their filename in
99 lexicographic order, regardless of which of the directories they reside
100 in. If multiple files specify the same path, the entry in the file with
101 the lexicographically earliest name will be applied (note that lines
102 suppressed due to the "!" are filtered before application, meaning
103 that if an early line carries the exclamation mark and is suppressed
104 because of that, a later line matching in path will be applied). All
105 other conflicting entries will be logged as errors. When two lines are
106 prefix path and suffix path of each other, then the prefix line is
107 always created first, the suffix later (and if removal applies to the
108 line, the order is reversed: the suffix is removed first, the prefix
109 later). Lines that take globs are applied after those accepting no
110 globs. If multiple operations shall be applied on the same file (such
111 as ACL, xattr, file attribute adjustments), these are always done in
112 the same fixed order. Except for those cases, the files/directories are
113 processed in the order they are listed.
114
115 If the administrator wants to disable a configuration file supplied by
116 the vendor, the recommended way is to place a symlink to /dev/null in
117 /etc/tmpfiles.d/ bearing the same filename.
118
120 The configuration format is one line per path containing type, path,
121 mode, ownership, age, and argument fields:
122
123 #Type Path Mode User Group Age Argument
124 d /run/user 0755 root root 10d -
125 L /tmp/foobar - - - - /dev/null
126
127 Fields may be enclosed within quotes and contain C-style escapes.
128
129 Type
130 The type consists of a single letter and optionally an exclamation mark
131 ("!") and/or minus sign ("-").
132
133 The following line types are understood:
134
135 f, f+
136 f will create a file if it does not exist yet. If the argument
137 parameter is given and the file did not exist yet, it will be
138 written to the file. f+ will create or truncate the file. If the
139 argument parameter is given, it will be written to the file. Does
140 not follow symlinks.
141
142 w, w+
143 Write the argument parameter to a file, if the file exists. If
144 suffixed with +, the line will be appended to the file. If your
145 configuration writes multiple lines to the same file, use w+. Lines
146 of this type accept shell-style globs in place of normal path
147 names. The argument parameter will be written without a trailing
148 newline. C-style backslash escapes are interpreted. Follows
149 symlinks.
150
151 d
152 Create a directory. The mode and ownership will be adjusted if
153 specified. Contents of this directory are subject to time based
154 cleanup if the age argument is specified.
155
156 D
157 Similar to d, but in addition the contents of the directory will be
158 removed when --remove is used.
159
160 e
161 Adjust the mode and ownership of existing directories and remove
162 their contents based on age. Lines of this type accept shell-style
163 globs in place of normal path names. Contents of the directories
164 are subject to time based cleanup if the age argument is specified.
165 If the age argument is "0", contents will be unconditionally
166 deleted every time systemd-tmpfiles --clean is run.
167
168 For this entry to be useful, at least one of the mode, user, group,
169 or age arguments must be specified, since otherwise this entry has
170 no effect. As an exception, an entry with no effect may be useful
171 when combined with !, see the examples.
172
173 v
174 Create a subvolume if the path does not exist yet, the file system
175 supports subvolumes (btrfs), and the system itself is installed
176 into a subvolume (specifically: the root directory / is itself a
177 subvolume). Otherwise, create a normal directory, in the same way
178 as d.
179
180 A subvolume created with this line type is not assigned to any
181 higher-level quota group. For that, use q or Q, which allow
182 creating simple quota group hierarchies, see below.
183
184 q
185 Create a subvolume or directory the same as v, but assign the
186 subvolume to the same higher-level quota groups as the parent. This
187 ensures that higher-level limits and accounting applied to the
188 parent subvolume also include the specified subvolume. On non-btrfs
189 file systems, this line type is identical to d.
190
191 If the subvolume already exists, no change to the quota hierarchy
192 is made, regardless of whether the subvolume is already attached to
193 a quota group or not. Also see Q below. See btrfs-qgroup(8) for
194 details about the btrfs quota group concept.
195
196 Q
197 Create the subvolume or directory the same as v, but assign the new
198 subvolume to a new leaf quota group. Instead of copying the
199 higher-level quota group assignments from the parent as is done
200 with q, the lowest quota group of the parent subvolume is
201 determined that is not the leaf quota group. Then, an
202 "intermediary" quota group is inserted that is one level below this
203 level, and shares the same ID part as the specified subvolume. If
204 no higher-level quota group exists for the parent subvolume, a new
205 quota group at level 255 sharing the same ID as the specified
206 subvolume is inserted instead. This new intermediary quota group is
207 then assigned to the parent subvolume's higher-level quota groups,
208 and the specified subvolume's leaf quota group is assigned to it.
209
210 Effectively, this has a similar effect as q, however introduces a
211 new higher-level quota group for the specified subvolume that may
212 be used to enforce limits and accounting to the specified subvolume
213 and children subvolume created within it. Thus, by creating
214 subvolumes only via q and Q, a concept of "subtree quotas" is
215 implemented. Each subvolume for which Q is set will get a "subtree"
216 quota group created, and all child subvolumes created within it
217 will be assigned to it. Each subvolume for which q is set will not
218 get such a "subtree" quota group, but it is ensured that they are
219 added to the same "subtree" quota group as their immediate parents.
220
221 It is recommended to use Q for subvolumes that typically contain
222 further subvolumes, and where it is desirable to have accounting
223 and quota limits on all child subvolumes together. Examples for Q
224 are typically /home or /var/lib/machines. In contrast, q should be
225 used for subvolumes that either usually do not include further
226 subvolumes or where no accounting and quota limits are needed that
227 apply to all child subvolumes together. Examples for q are
228 typically /var or /var/tmp.
229
230 As with q, Q has no effect on the quota group hierarchy if the
231 subvolume already exists, regardless of whether the subvolume
232 already belong to a quota group or not.
233
234 p, p+
235 Create a named pipe (FIFO) if it does not exist yet. If suffixed
236 with + and a file already exists where the pipe is to be created,
237 it will be removed and be replaced by the pipe.
238
239 L, L+
240 Create a symlink if it does not exist yet. If suffixed with + and a
241 file or directory already exists where the symlink is to be
242 created, it will be removed and be replaced by the symlink. If the
243 argument is omitted, symlinks to files with the same name residing
244 in the directory /usr/share/factory/ are created. Note that
245 permissions and ownership on symlinks are ignored.
246
247 c, c+
248 Create a character device node if it does not exist yet. If
249 suffixed with + and a file already exists where the device node is
250 to be created, it will be removed and be replaced by the device
251 node. It is recommended to suffix this entry with an exclamation
252 mark to only create static device nodes at boot, as udev will not
253 manage static device nodes that are created at runtime.
254
255 b, b+
256 Create a block device node if it does not exist yet. If suffixed
257 with + and a file already exists where the device node is to be
258 created, it will be removed and be replaced by the device node. It
259 is recommended to suffix this entry with an exclamation mark to
260 only create static device nodes at boot, as udev will not manage
261 static device nodes that are created at runtime.
262
263 C
264 Recursively copy a file or directory, if the destination files or
265 directories do not exist yet or the destination directory is empty.
266 Note that this command will not descend into subdirectories if the
267 destination directory already exists and is not empty. Instead, the
268 entire copy operation is skipped. If the argument is omitted, files
269 from the source directory /usr/share/factory/ with the same name
270 are copied. Does not follow symlinks.
271
272 x
273 Ignore a path during cleaning. Use this type to exclude paths from
274 clean-up as controlled with the Age parameter. Note that lines of
275 this type do not influence the effect of r or R lines. Lines of
276 this type accept shell-style globs in place of normal path names.
277
278 X
279 Ignore a path during cleaning. Use this type to exclude paths from
280 clean-up as controlled with the Age parameter. Unlike x, this
281 parameter will not exclude the content if path is a directory, but
282 only directory itself. Note that lines of this type do not
283 influence the effect of r or R lines. Lines of this type accept
284 shell-style globs in place of normal path names.
285
286 r
287 Remove a file or directory if it exists. This may not be used to
288 remove non-empty directories, use R for that. Lines of this type
289 accept shell-style globs in place of normal path names. Does not
290 follow symlinks.
291
292 R
293 Recursively remove a path and all its subdirectories (if it is a
294 directory). Lines of this type accept shell-style globs in place of
295 normal path names. Does not follow symlinks.
296
297 z
298 Adjust the access mode, user and group ownership, and restore the
299 SELinux security context of a file or directory, if it exists.
300 Lines of this type accept shell-style globs in place of normal path
301 names. Does not follow symlinks.
302
303 Z
304 Recursively set the access mode, user and group ownership, and
305 restore the SELinux security context of a file or directory if it
306 exists, as well as of its subdirectories and the files contained
307 therein (if applicable). Lines of this type accept shell-style
308 globs in place of normal path names. Does not follow symlinks.
309
310 t
311 Set extended attributes, see attr(5) for details. The argument
312 field should take one or more assignment expressions in the form
313 namespace.attribute=value, for examples see below. Lines of this
314 type accept shell-style globs in place of normal path names. This
315 can be useful for setting SMACK labels. Does not follow symlinks.
316
317 Please note that extended attributes settable with this line type
318 are a different concept from the Linux file attributes settable
319 with h/H, see below.
320
321 T
322 Same as t, but operates recursively.
323
324 h
325 Set Linux file/directory attributes. Lines of this type accept
326 shell-style globs in place of normal path names.
327
328 The format of the argument field is [+-=][aAcCdDeijPsStTu]. The
329 prefix + (the default one) causes the attribute(s) to be added; -
330 causes the attribute(s) to be removed; = causes the attributes to
331 be set exactly as the following letters. The letters
332 "aAcCdDeijPsStTu" select the new attributes for the files, see
333 chattr(1) for further information.
334
335 Passing only = as argument resets all the file attributes listed
336 above. It has to be pointed out that the = prefix limits itself to
337 the attributes corresponding to the letters listed here. All other
338 attributes will be left untouched. Does not follow symlinks.
339
340 Please note that the Linux file attributes settable with this line
341 type are a different concept from the extended attributes settable
342 with t/T, see above.
343
344 H
345 Sames as h, but operates recursively.
346
347 a, a+
348 Set POSIX ACLs (access control lists), see acl(5). If suffixed with
349 +, the specified entries will be added to the existing set.
350 systemd-tmpfiles will automatically add the required base entries
351 for user and group based on the access mode of the file, unless
352 base entries already exist or are explicitly specified. The mask
353 will be added if not specified explicitly or already present. Lines
354 of this type accept shell-style globs in place of normal path
355 names. This can be useful for allowing additional access to certain
356 files. Does not follow symlinks.
357
358 A, A+
359 Same as a and a+, but recursive. Does not follow symlinks.
360
361 If the exclamation mark ("!") is used, this line is only safe to
362 execute during boot, and can break a running system. Lines without the
363 exclamation mark are presumed to be safe to execute at any time, e.g.
364 on package upgrades. systemd-tmpfiles will take lines with an
365 exclamation mark only into consideration, if the --boot option is
366 given.
367
368 For example:
369
370 # Make sure these are created by default so that nobody else can
371 d /tmp/.X11-unix 1777 root root 10d
372
373 # Unlink the X11 lock files
374 r! /tmp/.X[0-9]*-lock
375
376 The second line in contrast to the first one would break a running
377 system, and will only be executed with --boot.
378
379 If the minus sign ("-") is used, this line failing to run successfully
380 during create (and only create) will not cause the execution of
381 systemd-tmpfiles to return an error.
382
383 For example:
384
385 # Modify sysfs but don't fail if we are in a container with a read-only /proc
386 w- /proc/sys/vm/swappiness - - - - 10
387
388 Note that for all line types that result in creation of any kind of
389 file node (i.e. f/F, d/D/v/q/Q, p, L, c/b and C) leading directories
390 are implicitly created if needed, owned by root with an access mode of
391 0755. In order to create them with different modes or ownership make
392 sure to add appropriate d lines.
393
394 Path
395 The file system path specification supports simple specifier expansion,
396 see below. The path (after expansion) must be absolute.
397
398 Mode
399 The file access mode to use when creating this file or directory. If
400 omitted or when set to "-", the default is used: 0755 for directories,
401 0644 for all other file objects. For z, Z lines, if omitted or when set
402 to "-", the file access mode will not be modified. This parameter is
403 ignored for x, r, R, L, t, and a lines.
404
405 Optionally, if prefixed with "~", the access mode is masked based on
406 the already set access bits for existing file or directories: if the
407 existing file has all executable bits unset, all executable bits are
408 removed from the new access mode, too. Similarly, if all read bits are
409 removed from the old access mode, they will be removed from the new
410 access mode too, and if all write bits are removed, they will be
411 removed from the new access mode too. In addition, the sticky/SUID/SGID
412 bit is removed unless applied to a directory. This functionality is
413 particularly useful in conjunction with Z.
414
415 User, Group
416 The user and group to use for this file or directory. This may either
417 be a numeric ID or a user/group name. If omitted or when set to "-",
418 the user and group of the user who invokes systemd-tmpfiles is used.
419 For z and Z lines, when omitted or when set to "-", the file ownership
420 will not be modified. These parameters are ignored for x, r, R, L, t,
421 and a lines.
422
423 This field should generally only reference system users/groups, i.e.
424 users/groups that are guaranteed to be resolvable during early boot. If
425 this field references users/groups that only become resolveable during
426 later boot (i.e. after NIS, LDAP or a similar networked directory
427 service become available), execution of the operations declared by the
428 line will likely fail. Also see Notes on Resolvability of User and
429 Group Names[1] for more information on requirements on system
430 user/group definitions.
431
432 Age
433 The date field, when set, is used to decide what files to delete when
434 cleaning. If a file or directory is older than the current time minus
435 the age field, it is deleted. The field format is a series of integers
436 each followed by one of the following suffixes for the respective time
437 units: s, m or min, h, d, w, ms, and us, meaning seconds, minutes,
438 hours, days, weeks, milliseconds, and microseconds, respectively. Full
439 names of the time units can be used too.
440
441 If multiple integers and units are specified, the time values are
442 summed. If an integer is given without a unit, s is assumed.
443
444 When the age is set to zero, the files are cleaned unconditionally.
445
446 The age field only applies to lines starting with d, D, e, v, q, Q, C,
447 x and X. If omitted or set to "-", no automatic clean-up is done.
448
449 If the age field starts with a tilde character "~", the clean-up is
450 only applied to files and directories one level inside the directory
451 specified, but not the files and directories immediately inside it.
452
453 The age of a file system entry is determined from its last modification
454 timestamp (mtime), its last access timestamp (atime), and (except for
455 directories) its last status change timestamp (ctime). Any of these
456 three (or two) values will prevent cleanup if it is more recent than
457 the current time minus the age field.
458
459 Note that while the aging algorithm is run a 'shared' BSD file lock
460 (see flock(2)) is taken on each directory the algorithm descends into
461 (and each directory below that, and so on). If the aging algorithm
462 finds a lock is already taken on some directory, it (and everything
463 below it) is skipped. Applications may use this to temporarily exclude
464 certain directory subtrees from the aging algorithm: the applications
465 can take a BSD file lock themselves, and as long as they keep it aging
466 of the directory and everything below it is disabled.
467
468 Argument
469 For L lines determines the destination path of the symlink. For c and
470 b, determines the major/minor of the device node, with major and minor
471 formatted as integers, separated by ":", e.g. "1:3". For f, F, and w,
472 the argument may be used to specify a short string that is written to
473 the file, suffixed by a newline. For C, specifies the source file or
474 directory. For t and T, determines extended attributes to be set. For a
475 and A, determines ACL attributes to be set. For h and H, determines the
476 file attributes to set. Ignored for all other lines.
477
478 This field can contain specifiers, see below.
479
481 Specifiers can be used in the "path" and "argument" fields. An unknown
482 or unresolvable specifier is treated as invalid configuration. The
483 following expansions are understood:
484
485 Table 1. Specifiers available
486 ┌──────────┬─────────────────────┬────────────────────────┐
487 │Specifier │ Meaning │ Details │
488 ├──────────┼─────────────────────┼────────────────────────┤
489 │"%a" │ Architecture │ A short string │
490 │ │ │ identifying the │
491 │ │ │ architecture of the │
492 │ │ │ local system. A │
493 │ │ │ string such as x86, │
494 │ │ │ x86-64 or arm64. │
495 │ │ │ See the │
496 │ │ │ architectures │
497 │ │ │ defined for │
498 │ │ │ ConditionArchitecture= │
499 │ │ │ in systemd.unit(5) │
500 │ │ │ for a full list. │
501 ├──────────┼─────────────────────┼────────────────────────┤
502 │"%b" │ Boot ID │ The boot ID of the │
503 │ │ │ running system, │
504 │ │ │ formatted as string. │
505 │ │ │ See random(4) for more │
506 │ │ │ information. │
507 ├──────────┼─────────────────────┼────────────────────────┤
508 │"%B" │ Operating system │ The operating system │
509 │ │ build ID │ build identifier of │
510 │ │ │ the running system, as │
511 │ │ │ read from the │
512 │ │ │ BUILD_ID= field of │
513 │ │ │ /etc/os-release. If │
514 │ │ │ not set, resolves to │
515 │ │ │ an empty string. See │
516 │ │ │ os-release(5) for more │
517 │ │ │ information. │
518 ├──────────┼─────────────────────┼────────────────────────┤
519 │"%C" │ System or user │ In --user mode, this │
520 │ │ cache directory │ is the same as │
521 │ │ │ $XDG_CACHE_HOME, and │
522 │ │ │ /var/cache otherwise. │
523 ├──────────┼─────────────────────┼────────────────────────┤
524 │"%h" │ User home directory │ This is the home │
525 │ │ │ directory of the user │
526 │ │ │ running the command. │
527 │ │ │ In case of the system │
528 │ │ │ instance this resolves │
529 │ │ │ to "/root". │
530 ├──────────┼─────────────────────┼────────────────────────┤
531 │"%H" │ Host name │ The hostname of the │
532 │ │ │ running system. │
533 ├──────────┼─────────────────────┼────────────────────────┤
534 │"%l" │ Short host name │ The hostname of the │
535 │ │ │ running system, │
536 │ │ │ truncated at the first │
537 │ │ │ dot to remove any │
538 │ │ │ domain component. │
539 ├──────────┼─────────────────────┼────────────────────────┤
540 │"%L" │ System or user log │ In --user mode, this │
541 │ │ directory │ is the same as │
542 │ │ │ $XDG_CONFIG_HOME with │
543 │ │ │ /log appended, and │
544 │ │ │ /var/log otherwise. │
545 ├──────────┼─────────────────────┼────────────────────────┤
546 │"%m" │ Machine ID │ The machine ID of the │
547 │ │ │ running system, │
548 │ │ │ formatted as string. │
549 │ │ │ See machine-id(5) for │
550 │ │ │ more information. │
551 ├──────────┼─────────────────────┼────────────────────────┤
552 │"%o" │ Operating system ID │ The operating system │
553 │ │ │ identifier of the │
554 │ │ │ running system, as │
555 │ │ │ read from the ID= │
556 │ │ │ field of │
557 │ │ │ /etc/os-release. See │
558 │ │ │ os-release(5) for more │
559 │ │ │ information. │
560 ├──────────┼─────────────────────┼────────────────────────┤
561 │"%S" │ System or user │ In --user mode, this │
562 │ │ state directory │ is the same as │
563 │ │ │ $XDG_CONFIG_HOME, and │
564 │ │ │ /var/lib otherwise. │
565 ├──────────┼─────────────────────┼────────────────────────┤
566 │"%t" │ System or user │ In --user mode, this │
567 │ │ runtime directory │ is the same │
568 │ │ │ $XDG_RUNTIME_DIR, and │
569 │ │ │ /run otherwise. │
570 ├──────────┼─────────────────────┼────────────────────────┤
571 │"%T" │ Directory for │ This is either /tmp or │
572 │ │ temporary files │ the path "$TMPDIR", │
573 │ │ │ "$TEMP" or "$TMP" are │
574 │ │ │ set to. │
575 ├──────────┼─────────────────────┼────────────────────────┤
576 │"%g" │ User group │ This is the name of │
577 │ │ │ the group running the │
578 │ │ │ command. In case of │
579 │ │ │ the system instance │
580 │ │ │ this resolves to │
581 │ │ │ "root". │
582 ├──────────┼─────────────────────┼────────────────────────┤
583 │"%G" │ User GID │ This is the numeric │
584 │ │ │ GID of the group │
585 │ │ │ running the command. │
586 │ │ │ In case of the system │
587 │ │ │ instance this resolves │
588 │ │ │ to 0. │
589 ├──────────┼─────────────────────┼────────────────────────┤
590 │"%u" │ User name │ This is the name of │
591 │ │ │ the user running the │
592 │ │ │ command. In case of │
593 │ │ │ the system instance │
594 │ │ │ this resolves to │
595 │ │ │ "root". │
596 ├──────────┼─────────────────────┼────────────────────────┤
597 │"%U" │ User UID │ This is the numeric │
598 │ │ │ UID of the user │
599 │ │ │ running the command. │
600 │ │ │ In case of the system │
601 │ │ │ instance this resolves │
602 │ │ │ to 0. │
603 ├──────────┼─────────────────────┼────────────────────────┤
604 │"%v" │ Kernel release │ Identical to uname -r │
605 │ │ │ output. │
606 ├──────────┼─────────────────────┼────────────────────────┤
607 │"%V" │ Directory for │ This is either │
608 │ │ larger and │ /var/tmp or the path │
609 │ │ persistent │ "$TMPDIR", "$TEMP" or │
610 │ │ temporary files │ "$TMP" are set to. │
611 ├──────────┼─────────────────────┼────────────────────────┤
612 │"%w" │ Operating system │ The operating system │
613 │ │ version ID │ version identifier of │
614 │ │ │ the running system, as │
615 │ │ │ read from the │
616 │ │ │ VERSION_ID= field of │
617 │ │ │ /etc/os-release. If │
618 │ │ │ not set, resolves to │
619 │ │ │ an empty string. See │
620 │ │ │ os-release(5) for more │
621 │ │ │ information. │
622 ├──────────┼─────────────────────┼────────────────────────┤
623 │"%W" │ Operating system │ The operating system │
624 │ │ variant ID │ variant identifier of │
625 │ │ │ the running system, as │
626 │ │ │ read from the │
627 │ │ │ VARIANT_ID= field of │
628 │ │ │ /etc/os-release. If │
629 │ │ │ not set, resolves to │
630 │ │ │ an empty string. See │
631 │ │ │ os-release(5) for more │
632 │ │ │ information. │
633 ├──────────┼─────────────────────┼────────────────────────┤
634 │"%%" │ Single percent sign │ Use "%%" in place of │
635 │ │ │ "%" to specify a │
636 │ │ │ single percent sign. │
637 └──────────┴─────────────────────┴────────────────────────┘
638
640 Example 1. Create directories with specific mode and ownership
641
642 screen(1), needs two directories created at boot with specific modes
643 and ownership:
644
645 # /usr/lib/tmpfiles.d/screen.conf
646 d /run/screens 1777 root screen 10d
647 d /run/uscreens 0755 root screen 10d12h
648
649 Contents of /run/screens and /run/uscreens will be cleaned up after 10
650 and 10½ days, respectively.
651
652 Example 2. Create a directory with a SMACK attribute
653
654 D /run/cups - - - -
655 t /run/cups - - - - security.SMACK64=printing user.attr-with-spaces="foo bar"
656
657
658 The directory will be owned by root and have default mode. Its contents
659 are not subject to time based cleanup, but will be obliterated when
660 systemd-tmpfiles --remove runs.
661
662 Example 3. Create a directory and prevent its contents from cleanup
663
664 abrt(1), needs a directory created at boot with specific mode and
665 ownership and its content should be preserved from the automatic
666 cleanup applied to the contents of /var/tmp:
667
668 # /usr/lib/tmpfiles.d/tmp.conf
669 d /var/tmp 1777 root root 30d
670
671 # /usr/lib/tmpfiles.d/abrt.conf
672 d /var/tmp/abrt 0755 abrt abrt -
673
674 Example 4. Apply clean up during boot and based on time
675
676 # /usr/lib/tmpfiles.d/dnf.conf
677 r! /var/cache/dnf/*/*/download_lock.pid
678 r! /var/cache/dnf/*/*/metadata_lock.pid
679 r! /var/lib/dnf/rpmdb_lock.pid
680 e /var/cache/dnf/ - - - 30d
681
682 The lock files will be removed during boot. Any files and directories
683 in /var/cache/dnf/ will be removed after they have not been accessed in
684 30 days.
685
686 Example 5. Empty the contents of a cache directory on boot
687
688 # /usr/lib/tmpfiles.d/krb5rcache.conf
689 e! /var/cache/krb5rcache - - - 0
690
691 Any files and subdirectories in /var/cache/krb5rcache/ will be removed
692 on boot. The directory will not be created.
693
695 /var/run/ is a deprecated symlink to /run/, and applications should use
696 the latter. systemd-tmpfiles will warn if /var/run/ is used.
697
699 systemd(1), systemd-tmpfiles(8), systemd-delta(1), systemd.exec(5),
700 attr(5), getfattr(1), setfattr(1), setfacl(1), getfacl(1), chattr(1),
701 btrfs-subvolume(8), btrfs-qgroup(8)
702
704 1. Notes on Resolvability of User and Group Names
705 https://systemd.io/UIDS-GIDS/#notes-on-resolvability-of-user-and-group-names
706
707
708
709systemd 246 TMPFILES.D(5)