1SYSTEMD-TMPFILES(8)            systemd-tmpfiles            SYSTEMD-TMPFILES(8)
2
3
4

NAME

6       systemd-tmpfiles, systemd-tmpfiles-setup.service, systemd-tmpfiles-
7       setup-dev.service, systemd-tmpfiles-clean.service, systemd-tmpfiles-
8       clean.timer - Creates, deletes and cleans up volatile and temporary
9       files and directories
10

SYNOPSIS

12       systemd-tmpfiles [OPTIONS...] [CONFIGFILE...]
13
14       System units:
15
16       systemd-tmpfiles-setup.service
17       systemd-tmpfiles-setup-dev.service
18       systemd-tmpfiles-clean.service
19       systemd-tmpfiles-clean.timer
20
21       User units:
22
23       systemd-tmpfiles-setup.service
24       systemd-tmpfiles-clean.service
25       systemd-tmpfiles-clean.timer
26

DESCRIPTION

28       systemd-tmpfiles creates, deletes, and cleans up volatile and temporary
29       files and directories, using the configuration file format and location
30       specified in tmpfiles.d(5). It must be invoked with one or more options
31       --create, --remove, and --clean, to select the respective subset of
32       operations.
33
34       By default, directives from all configuration files are applied. When
35       invoked with --replace=PATH, arguments specified on the command line
36       are used instead of the configuration file PATH. Otherwise, if one or
37       more absolute filenames are passed on the command line, only the
38       directives in these files are applied. If "-" is specified instead of a
39       filename, directives are read from standard input. If only the basename
40       of a configuration file is specified, all configuration directories as
41       specified in tmpfiles.d(5) are searched for a matching file and the
42       file found that has the highest priority is executed.
43
44       System services (systemd-tmpfiles-setup.service,
45       systemd-tmpfiles-setup-dev.service, systemd-tmpfiles-clean.service)
46       invoke systemd-tmpfiles to create system files and to perform system
47       wide cleanup. Those services read administrator-controlled
48       configuration files in tmpfiles.d/ directories. User services
49       (systemd-tmpfiles-setup.service, systemd-tmpfiles-clean.service) also
50       invoke systemd-tmpfiles, but it reads a separate set of files, which
51       includes user-controlled files under ~/.config/user-tmpfiles.d/ and
52       ~/.local/share/user-tmpfiles.d/, and administrator-controlled files
53       under /usr/share/user-tmpfiles.d/. Users may use this to create and
54       clean up files under their control, but the system instance performs
55       global cleanup and is not influenced by user configuration. Note that
56       this means a time-based cleanup configured in the system instance, such
57       as the one typically configured for /tmp/, will thus also affect files
58       created by the user instance if they are placed in /tmp/, even if the
59       user instance's time-based cleanup is turned off.
60
61       To re-apply settings after configuration has been modified, simply
62       restart systemd-tmpfiles-clean.service, which will apply any settings
63       which can be safely executed at runtime. To debug systemd-tmpfiles, it
64       may be useful to invoke it directly from the command line with
65       increased log level (see $SYSTEMD_LOG_LEVEL below).
66

OPTIONS

68       The following options are understood:
69
70       --create
71           If this option is passed, all files and directories marked with f,
72           F, w, d, D, v, p, L, c, b, m in the configuration files are created
73           or written to. Files and directories marked with z, Z, t, T, a, and
74           A have their ownership, access mode and security labels set.
75
76       --clean
77           If this option is passed, all files and directories with an age
78           parameter configured will be cleaned up.
79
80       --remove
81           If this option is passed, the contents of directories marked with D
82           or R, and files or directories themselves marked with r or R are
83           removed.
84
85       --user
86           Execute "user" configuration, i.e.  tmpfiles.d files in user
87           configuration directories.
88
89       --boot
90           Also execute lines with an exclamation mark. Lines that are not
91           safe to be executed on a running system may be marked in this way.
92           systemd-tmpfiles is executed in early boot with --boot specified
93           and will execute those lines. When invoked again later, it should
94           be called without --boot.
95
96       --prefix=path
97           Only apply rules with paths that start with the specified prefix.
98           This option can be specified multiple times.
99
100       --exclude-prefix=path
101           Ignore rules with paths that start with the specified prefix. This
102           option can be specified multiple times.
103
104       -E
105           A shortcut for "--exclude-prefix=/dev --exclude-prefix=/proc
106           --exclude-prefix=/run --exclude-prefix=/sys", i.e. exclude the
107           hierarchies typically backed by virtual or memory file systems.
108           This is useful in combination with --root=, if the specified
109           directory tree contains an OS tree without these virtual/memory
110           file systems mounted in, as it is typically not desirable to create
111           any files and directories below these subdirectories if they are
112           supposed to be overmounted during runtime.
113
114       --root=root
115           Takes a directory path as an argument. All paths will be prefixed
116           with the given alternate root path, including config search paths.
117
118           When this option is used, the libc Name Service Switch (NSS) is
119           bypassed for resolving users and groups. Instead the files
120           /etc/passwd and /etc/group inside the alternate root are read
121           directly. This means that users/groups not listed in these files
122           will not be resolved, i.e. LDAP NIS and other complex databases are
123           not considered.
124
125           Consider combining this with -E to ensure the invocation does not
126           create files or directories below mount points in the OS image
127           operated on that are typically overmounted during runtime.
128
129       --image=image
130           Takes a path to a disk image file or block device node. If
131           specified all operations are applied to file system in the
132           indicated disk image. This is similar to --root= but operates on
133           file systems stored in disk images or block devices. The disk image
134           should either contain just a file system or a set of file systems
135           within a GPT partition table, following the Discoverable Partitions
136           Specification[1]. For further information on supported disk images,
137           see systemd-nspawn(1)'s switch of the same name.
138
139           Implies -E.
140
141       --replace=PATH
142           When this option is given, one or more positional arguments must be
143           specified. All configuration files found in the directories listed
144           in tmpfiles.d(5) will be read, and the configuration given on the
145           command line will be handled instead of and with the same priority
146           as the configuration file PATH.
147
148           This option is intended to be used when package installation
149           scripts are running and files belonging to that package are not yet
150           available on disk, so their contents must be given on the command
151           line, but the admin configuration might already exist and should be
152           given higher priority.
153
154       --cat-config
155           Copy the contents of config files to standard output. Before each
156           file, the filename is printed as a comment.
157
158       --no-pager
159           Do not pipe output into a pager.
160
161       -h, --help
162           Print a short help text and exit.
163
164       --version
165           Print a short version string and exit.
166
167       It is possible to combine --create, --clean, and --remove in one
168       invocation (in which case removal and cleanup are executed before
169       creation of new files). For example, during boot the following command
170       line is executed to ensure that all temporary and volatile directories
171       are removed and created according to the configuration file:
172
173           systemd-tmpfiles --remove --create
174

CREDENTIALS

176       systemd-tmpfiles supports the service credentials logic as implemented
177       by LoadCredential=/SetCredential= (see systemd.exec(1) for details).
178       The following credentials are used when passed in:
179
180       "tmpfiles.extra"
181           The contents of this credential may contain additional lines to
182           operate on. The credential contents should follow the same format
183           as any other tmpfiles.d/ drop-in configuration file. If this
184           credential is passed it is processed after all of the drop-in files
185           read from the file system. The lines in the credential can hence
186           augment existing lines of the OS, but not override them.
187
188       Note that by default the systemd-tmpfiles-setup.service unit file (and
189       related unit files) is set up to inherit the "tmpfiles.extra"
190       credential from the service manager.
191

ENVIRONMENT

193       $SYSTEMD_LOG_LEVEL
194           The maximum log level of emitted messages (messages with a higher
195           log level, i.e. less important ones, will be suppressed). Either
196           one of (in order of decreasing importance) emerg, alert, crit, err,
197           warning, notice, info, debug, or an integer in the range 0...7. See
198           syslog(3) for more information.
199
200       $SYSTEMD_LOG_COLOR
201           A boolean. If true, messages written to the tty will be colored
202           according to priority.
203
204           This setting is only useful when messages are written directly to
205           the terminal, because journalctl(1) and other tools that display
206           logs will color messages based on the log level on their own.
207
208       $SYSTEMD_LOG_TIME
209           A boolean. If true, console log messages will be prefixed with a
210           timestamp.
211
212           This setting is only useful when messages are written directly to
213           the terminal or a file, because journalctl(1) and other tools that
214           display logs will attach timestamps based on the entry metadata on
215           their own.
216
217       $SYSTEMD_LOG_LOCATION
218           A boolean. If true, messages will be prefixed with a filename and
219           line number in the source code where the message originates.
220
221           Note that the log location is often attached as metadata to journal
222           entries anyway. Including it directly in the message text can
223           nevertheless be convenient when debugging programs.
224
225       $SYSTEMD_LOG_TARGET
226           The destination for log messages. One of console (log to the
227           attached tty), console-prefixed (log to the attached tty but with
228           prefixes encoding the log level and "facility", see syslog(3), kmsg
229           (log to the kernel circular log buffer), journal (log to the
230           journal), journal-or-kmsg (log to the journal if available, and to
231           kmsg otherwise), auto (determine the appropriate log target
232           automatically, the default), null (disable log output).
233
234       $SYSTEMD_PAGER
235           Pager to use when --no-pager is not given; overrides $PAGER. If
236           neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known
237           pager implementations are tried in turn, including less(1) and
238           more(1), until one is found. If no pager implementation is
239           discovered no pager is invoked. Setting this environment variable
240           to an empty string or the value "cat" is equivalent to passing
241           --no-pager.
242
243           Note: if $SYSTEMD_PAGERSECURE is not set, $SYSTEMD_PAGER (as well
244           as $PAGER) will be silently ignored.
245
246       $SYSTEMD_LESS
247           Override the options passed to less (by default "FRSXMK").
248
249           Users might want to change two options in particular:
250
251           K
252               This option instructs the pager to exit immediately when Ctrl+C
253               is pressed. To allow less to handle Ctrl+C itself to switch
254               back to the pager command prompt, unset this option.
255
256               If the value of $SYSTEMD_LESS does not include "K", and the
257               pager that is invoked is less, Ctrl+C will be ignored by the
258               executable, and needs to be handled by the pager.
259
260           X
261               This option instructs the pager to not send termcap
262               initialization and deinitialization strings to the terminal. It
263               is set by default to allow command output to remain visible in
264               the terminal even after the pager exits. Nevertheless, this
265               prevents some pager functionality from working, in particular
266               paged output cannot be scrolled with the mouse.
267
268           See less(1) for more discussion.
269
270       $SYSTEMD_LESSCHARSET
271           Override the charset passed to less (by default "utf-8", if the
272           invoking terminal is determined to be UTF-8 compatible).
273
274       $SYSTEMD_PAGERSECURE
275           Takes a boolean argument. When true, the "secure" mode of the pager
276           is enabled; if false, disabled. If $SYSTEMD_PAGERSECURE is not set
277           at all, secure mode is enabled if the effective UID is not the same
278           as the owner of the login session, see geteuid(2) and
279           sd_pid_get_owner_uid(3). In secure mode, LESSSECURE=1 will be set
280           when invoking the pager, and the pager shall disable commands that
281           open or create new files or start new subprocesses. When
282           $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known
283           to implement secure mode will not be used. (Currently only less(1)
284           implements secure mode.)
285
286           Note: when commands are invoked with elevated privileges, for
287           example under sudo(8) or pkexec(1), care must be taken to ensure
288           that unintended interactive features are not enabled. "Secure" mode
289           for the pager may be enabled automatically as describe above.
290           Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited
291           environment allows the user to invoke arbitrary commands. Note that
292           if the $SYSTEMD_PAGER or $PAGER variables are to be honoured,
293           $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to
294           completely disable the pager using --no-pager instead.
295
296       $SYSTEMD_COLORS
297           Takes a boolean argument. When true, systemd and related utilities
298           will use colors in their output, otherwise the output will be
299           monochrome. Additionally, the variable can take one of the
300           following special values: "16", "256" to restrict the use of colors
301           to the base 16 or 256 ANSI colors, respectively. This can be
302           specified to override the automatic decision based on $TERM and
303           what the console is connected to.
304
305       $SYSTEMD_URLIFY
306           The value must be a boolean. Controls whether clickable links
307           should be generated in the output for terminal emulators supporting
308           this. This can be specified to override the decision that systemd
309           makes based on $TERM and other conditions.
310

UNPRIVILEGED --CLEANUP OPERATION

312       systemd-tmpfiles tries to avoid changing the access and modification
313       times on the directories it accesses, which requires CAP_FOWNER
314       privileges. When running as non-root, directories which are checked for
315       files to clean up will have their access time bumped, which might
316       prevent their cleanup.
317

EXIT STATUS

319       On success, 0 is returned. If the configuration was syntactically
320       invalid (syntax errors, missing arguments, ...), so some lines had to
321       be ignored, but no other errors occurred, 65 is returned (EX_DATAERR
322       from /usr/include/sysexits.h). If the configuration was syntactically
323       valid, but could not be executed (lack of permissions, creation of
324       files in missing directories, invalid contents when writing to /sys/
325       values, ...), 73 is returned (EX_CANTCREAT from
326       /usr/include/sysexits.h). Otherwise, 1 is returned (EXIT_FAILURE from
327       /usr/include/stdlib.h).
328
329       Note: when creating items, if the target already exists, but is of the
330       wrong type or otherwise does not match the requested state, and forced
331       operation has not been requested with "+", a message is emitted, but
332       the failure is otherwise ignored.
333

SEE ALSO

335       systemd(1), tmpfiles.d(5)
336

NOTES

338        1. Discoverable Partitions Specification
339           https://uapi-group.org/specifications/specs/discoverable_partitions_specification
340
341
342
343systemd 253                                                SYSTEMD-TMPFILES(8)
Impressum