1SYSTEMD-TMPFILES(8)            systemd-tmpfiles            SYSTEMD-TMPFILES(8)
2
3
4

NAME

6       systemd-tmpfiles, systemd-tmpfiles-setup.service, systemd-tmpfiles-
7       setup-dev-early.service, systemd-tmpfiles-setup-dev.service, systemd-
8       tmpfiles-clean.service, systemd-tmpfiles-clean.timer - Creates, deletes
9       and cleans up volatile and temporary files and directories
10

SYNOPSIS

12       systemd-tmpfiles [OPTIONS...] [CONFIGFILE...]
13
14       System units:
15
16       systemd-tmpfiles-setup.service
17       systemd-tmpfiles-setup-dev-early.service
18       systemd-tmpfiles-setup-dev.service
19       systemd-tmpfiles-clean.service
20       systemd-tmpfiles-clean.timer
21
22       User units:
23
24       systemd-tmpfiles-setup.service
25       systemd-tmpfiles-clean.service
26       systemd-tmpfiles-clean.timer
27

DESCRIPTION

29       systemd-tmpfiles creates, deletes, and cleans up volatile and temporary
30       files and directories, using the configuration file format and location
31       specified in tmpfiles.d(5). It must be invoked with one or more options
32       --create, --remove, and --clean, to select the respective subset of
33       operations.
34
35       By default, directives from all configuration files are applied. When
36       invoked with --replace=PATH, arguments specified on the command line
37       are used instead of the configuration file PATH. Otherwise, if one or
38       more absolute filenames are passed on the command line, only the
39       directives in these files are applied. If "-" is specified instead of a
40       filename, directives are read from standard input. If only the basename
41       of a configuration file is specified, all configuration directories as
42       specified in tmpfiles.d(5) are searched for a matching file and the
43       file found that has the highest priority is executed.
44
45       System services (systemd-tmpfiles-setup.service,
46       systemd-tmpfiles-setup-dev-early.service,
47       systemd-tmpfiles-setup-dev.service, systemd-tmpfiles-clean.service)
48       invoke systemd-tmpfiles to create system files and to perform system
49       wide cleanup. Those services read administrator-controlled
50       configuration files in tmpfiles.d/ directories. User services
51       (systemd-tmpfiles-setup.service, systemd-tmpfiles-clean.service) also
52       invoke systemd-tmpfiles, but it reads a separate set of files, which
53       includes user-controlled files under ~/.config/user-tmpfiles.d/ and
54       ~/.local/share/user-tmpfiles.d/, and administrator-controlled files
55       under /usr/share/user-tmpfiles.d/. Users may use this to create and
56       clean up files under their control, but the system instance performs
57       global cleanup and is not influenced by user configuration. Note that
58       this means a time-based cleanup configured in the system instance, such
59       as the one typically configured for /tmp/, will thus also affect files
60       created by the user instance if they are placed in /tmp/, even if the
61       user instance's time-based cleanup is turned off.
62
63       To re-apply settings after configuration has been modified, simply
64       restart systemd-tmpfiles-clean.service, which will apply any settings
65       which can be safely executed at runtime. To debug systemd-tmpfiles, it
66       may be useful to invoke it directly from the command line with
67       increased log level (see $SYSTEMD_LOG_LEVEL below).
68

OPTIONS

70       The following options are understood:
71
72       --create
73           If this option is passed, all files and directories marked with f,
74           F, w, d, D, v, p, L, c, b, m in the configuration files are created
75           or written to. Files and directories marked with z, Z, t, T, a, and
76           A have their ownership, access mode and security labels set.
77
78       --clean
79           If this option is passed, all files and directories with an age
80           parameter configured will be cleaned up.
81
82       --remove
83           If this option is passed, the contents of directories marked with D
84           or R, and files or directories themselves marked with r or R are
85           removed unless an exclusive or shared BSD lock is taken on them
86           (see flock(2)).
87
88       --user
89           Execute "user" configuration, i.e.  tmpfiles.d files in user
90           configuration directories.
91
92       --boot
93           Also execute lines with an exclamation mark. Lines that are not
94           safe to be executed on a running system may be marked in this way.
95           systemd-tmpfiles is executed in early boot with --boot specified
96           and will execute those lines. When invoked again later, it should
97           be called without --boot.
98
99       --graceful
100           Ignore configuration lines pertaining to unknown users or groups.
101           This option is intended to be used in early boot before all users
102           or groups have been created.
103
104       --prefix=path
105           Only apply rules with paths that start with the specified prefix.
106           This option can be specified multiple times.
107
108       --exclude-prefix=path
109           Ignore rules with paths that start with the specified prefix. This
110           option can be specified multiple times.
111
112       -E
113           A shortcut for "--exclude-prefix=/dev --exclude-prefix=/proc
114           --exclude-prefix=/run --exclude-prefix=/sys", i.e. exclude the
115           hierarchies typically backed by virtual or memory file systems.
116           This is useful in combination with --root=, if the specified
117           directory tree contains an OS tree without these virtual/memory
118           file systems mounted in, as it is typically not desirable to create
119           any files and directories below these subdirectories if they are
120           supposed to be overmounted during runtime.
121
122       --root=root
123           Takes a directory path as an argument. All paths will be prefixed
124           with the given alternate root path, including config search paths.
125
126           When this option is used, the libc Name Service Switch (NSS) is
127           bypassed for resolving users and groups. Instead the files
128           /etc/passwd and /etc/group inside the alternate root are read
129           directly. This means that users/groups not listed in these files
130           will not be resolved, i.e. LDAP NIS and other complex databases are
131           not considered.
132
133           Consider combining this with -E to ensure the invocation does not
134           create files or directories below mount points in the OS image
135           operated on that are typically overmounted during runtime.
136
137       --image=image
138           Takes a path to a disk image file or block device node. If
139           specified all operations are applied to file system in the
140           indicated disk image. This is similar to --root= but operates on
141           file systems stored in disk images or block devices. The disk image
142           should either contain just a file system or a set of file systems
143           within a GPT partition table, following the Discoverable Partitions
144           Specification[1]. For further information on supported disk images,
145           see systemd-nspawn(1)'s switch of the same name.
146
147           Implies -E.
148
149       --image-policy=policy
150           Takes an image policy string as argument, as per systemd.image-
151           policy(7). The policy is enforced when operating on the disk image
152           specified via --image=, see above. If not specified defaults to the
153           "*" policy, i.e. all recognized file systems in the image are used.
154
155       --replace=PATH
156           When this option is given, one or more positional arguments must be
157           specified. All configuration files found in the directories listed
158           in tmpfiles.d(5) will be read, and the configuration given on the
159           command line will be handled instead of and with the same priority
160           as the configuration file PATH.
161
162           This option is intended to be used when package installation
163           scripts are running and files belonging to that package are not yet
164           available on disk, so their contents must be given on the command
165           line, but the admin configuration might already exist and should be
166           given higher priority.
167
168       --cat-config
169           Copy the contents of config files to standard output. Before each
170           file, the filename is printed as a comment.
171
172       --no-pager
173           Do not pipe output into a pager.
174
175       -h, --help
176           Print a short help text and exit.
177
178       --version
179           Print a short version string and exit.
180
181       It is possible to combine --create, --clean, and --remove in one
182       invocation (in which case removal and cleanup are executed before
183       creation of new files). For example, during boot the following command
184       line is executed to ensure that all temporary and volatile directories
185       are removed and created according to the configuration file:
186
187           systemd-tmpfiles --remove --create
188

CREDENTIALS

190       systemd-tmpfiles supports the service credentials logic as implemented
191       by ImportCredential=/LoadCredential=/SetCredential= (see
192       systemd.exec(1) for details). The following credentials are used when
193       passed in:
194
195       tmpfiles.extra
196           The contents of this credential may contain additional lines to
197           operate on. The credential contents should follow the same format
198           as any other tmpfiles.d/ drop-in configuration file. If this
199           credential is passed it is processed after all of the drop-in files
200           read from the file system. The lines in the credential can hence
201           augment existing lines of the OS, but not override them.
202
203       Note that by default the systemd-tmpfiles-setup.service unit file (and
204       related unit files) is set up to inherit the "tmpfiles.extra"
205       credential from the service manager.
206

ENVIRONMENT

208       $SYSTEMD_LOG_LEVEL
209           The maximum log level of emitted messages (messages with a higher
210           log level, i.e. less important ones, will be suppressed). Either
211           one of (in order of decreasing importance) emerg, alert, crit, err,
212           warning, notice, info, debug, or an integer in the range 0...7. See
213           syslog(3) for more information.
214
215       $SYSTEMD_LOG_COLOR
216           A boolean. If true, messages written to the tty will be colored
217           according to priority.
218
219           This setting is only useful when messages are written directly to
220           the terminal, because journalctl(1) and other tools that display
221           logs will color messages based on the log level on their own.
222
223       $SYSTEMD_LOG_TIME
224           A boolean. If true, console log messages will be prefixed with a
225           timestamp.
226
227           This setting is only useful when messages are written directly to
228           the terminal or a file, because journalctl(1) and other tools that
229           display logs will attach timestamps based on the entry metadata on
230           their own.
231
232       $SYSTEMD_LOG_LOCATION
233           A boolean. If true, messages will be prefixed with a filename and
234           line number in the source code where the message originates.
235
236           Note that the log location is often attached as metadata to journal
237           entries anyway. Including it directly in the message text can
238           nevertheless be convenient when debugging programs.
239
240       $SYSTEMD_LOG_TARGET
241           The destination for log messages. One of console (log to the
242           attached tty), console-prefixed (log to the attached tty but with
243           prefixes encoding the log level and "facility", see syslog(3), kmsg
244           (log to the kernel circular log buffer), journal (log to the
245           journal), journal-or-kmsg (log to the journal if available, and to
246           kmsg otherwise), auto (determine the appropriate log target
247           automatically, the default), null (disable log output).
248
249       $SYSTEMD_PAGER
250           Pager to use when --no-pager is not given; overrides $PAGER. If
251           neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known
252           pager implementations are tried in turn, including less(1) and
253           more(1), until one is found. If no pager implementation is
254           discovered no pager is invoked. Setting this environment variable
255           to an empty string or the value "cat" is equivalent to passing
256           --no-pager.
257
258           Note: if $SYSTEMD_PAGERSECURE is not set, $SYSTEMD_PAGER (as well
259           as $PAGER) will be silently ignored.
260
261       $SYSTEMD_LESS
262           Override the options passed to less (by default "FRSXMK").
263
264           Users might want to change two options in particular:
265
266           K
267               This option instructs the pager to exit immediately when Ctrl+C
268               is pressed. To allow less to handle Ctrl+C itself to switch
269               back to the pager command prompt, unset this option.
270
271               If the value of $SYSTEMD_LESS does not include "K", and the
272               pager that is invoked is less, Ctrl+C will be ignored by the
273               executable, and needs to be handled by the pager.
274
275           X
276               This option instructs the pager to not send termcap
277               initialization and deinitialization strings to the terminal. It
278               is set by default to allow command output to remain visible in
279               the terminal even after the pager exits. Nevertheless, this
280               prevents some pager functionality from working, in particular
281               paged output cannot be scrolled with the mouse.
282
283           See less(1) for more discussion.
284
285       $SYSTEMD_LESSCHARSET
286           Override the charset passed to less (by default "utf-8", if the
287           invoking terminal is determined to be UTF-8 compatible).
288
289       $SYSTEMD_PAGERSECURE
290           Takes a boolean argument. When true, the "secure" mode of the pager
291           is enabled; if false, disabled. If $SYSTEMD_PAGERSECURE is not set
292           at all, secure mode is enabled if the effective UID is not the same
293           as the owner of the login session, see geteuid(2) and
294           sd_pid_get_owner_uid(3). In secure mode, LESSSECURE=1 will be set
295           when invoking the pager, and the pager shall disable commands that
296           open or create new files or start new subprocesses. When
297           $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known
298           to implement secure mode will not be used. (Currently only less(1)
299           implements secure mode.)
300
301           Note: when commands are invoked with elevated privileges, for
302           example under sudo(8) or pkexec(1), care must be taken to ensure
303           that unintended interactive features are not enabled. "Secure" mode
304           for the pager may be enabled automatically as describe above.
305           Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited
306           environment allows the user to invoke arbitrary commands. Note that
307           if the $SYSTEMD_PAGER or $PAGER variables are to be honoured,
308           $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to
309           completely disable the pager using --no-pager instead.
310
311       $SYSTEMD_COLORS
312           Takes a boolean argument. When true, systemd and related utilities
313           will use colors in their output, otherwise the output will be
314           monochrome. Additionally, the variable can take one of the
315           following special values: "16", "256" to restrict the use of colors
316           to the base 16 or 256 ANSI colors, respectively. This can be
317           specified to override the automatic decision based on $TERM and
318           what the console is connected to.
319
320       $SYSTEMD_URLIFY
321           The value must be a boolean. Controls whether clickable links
322           should be generated in the output for terminal emulators supporting
323           this. This can be specified to override the decision that systemd
324           makes based on $TERM and other conditions.
325

UNPRIVILEGED --CLEANUP OPERATION

327       systemd-tmpfiles tries to avoid changing the access and modification
328       times on the directories it accesses, which requires CAP_FOWNER
329       privileges. When running as non-root, directories which are checked for
330       files to clean up will have their access time bumped, which might
331       prevent their cleanup.
332

EXIT STATUS

334       On success, 0 is returned. If the configuration was syntactically
335       invalid (syntax errors, missing arguments, ...), so some lines had to
336       be ignored, but no other errors occurred, 65 is returned (EX_DATAERR
337       from /usr/include/sysexits.h). If the configuration was syntactically
338       valid, but could not be executed (lack of permissions, creation of
339       files in missing directories, invalid contents when writing to /sys/
340       values, ...), 73 is returned (EX_CANTCREAT from
341       /usr/include/sysexits.h). Otherwise, 1 is returned (EXIT_FAILURE from
342       /usr/include/stdlib.h).
343
344       Note: when creating items, if the target already exists, but is of the
345       wrong type or otherwise does not match the requested state, and forced
346       operation has not been requested with "+", a message is emitted, but
347       the failure is otherwise ignored.
348

SEE ALSO

350       systemd(1), tmpfiles.d(5)
351

NOTES

353        1. Discoverable Partitions Specification
354           https://uapi-group.org/specifications/specs/discoverable_partitions_specification
355
356
357
358systemd 254                                                SYSTEMD-TMPFILES(8)
Impressum