root. Usually writable, but this is
not required. Possibly a temporary
file system (<literal>tmpfs</literal>). Not shared with
- other hosts (unless read-only). The
- administrator may create additional
- top-level subdirectories in this tree,
- if required and the name does not
- conflict with any of the directories
- listed below.</para></listitem>
+ other hosts (unless read-only).
+ </para></listitem>
</varlistentry>
<varlistentry>
System Partition, also see
<citerefentry><refentrytitle>systemd-boot-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>. This
directory is usually strictly local
- the host, and should be considered
+ to the host, and should be considered
read-only, except when a new kernel or
boot loader is installed. This
directory only exists on systems that
system users. This directory and
possibly the directories contained
within it might only become available
- or writable in late boot or even on
- user login only. This directory might
- be placed on limited-functionality
+ or writable in late boot or even only
+ after user authentication. This directory
+ might be placed on limited-functionality
network file systems, hence
applications should not assume the
full set of file API is available on
<listitem><para>The place for small
temporary files. This directory is
usually mounted as
- <literal>tmpfs</literal> instance, and
+ a <literal>tmpfs</literal> instance, and
should hence not be used for larger
files. (Use
<filename>/var/tmp</filename> for
certain time are usually automatically
deleted. If applications find the
environment variable
- <varname>$TMP</varname> set they
+ <varname>$TMPDIR</varname> set they
should prefer using the directory
specified in it over directly
referencing
- <filename>/tmp</filename>.</para></listitem>
+ <filename>/tmp</filename> (see <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details).</para></listitem>
</varlistentry>
</variablelist>
or similar calls should be used to
make use of this directory. If
applications find the environment
- variable <varname>$TMP</varname> set
- they should prefer using the directory
- specified in it over directly
- referencing
- <filename>/var/tmp</filename>.
+ variable <varname>$TMPDIR</varname>
+ set they should prefer using the
+ directory specified in it over
+ directly referencing
+ <filename>/var/tmp</filename> (see <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details).
</para></listitem>
</varlistentry>
<term><filename>/dev</filename></term>
<listitem><para>The root directory for
device nodes. Usually this directory
- is mounted as
+ is mounted as a
<literal>devtmpfs</literal> instance,
but might be of a different type in
sandboxed/containerized setups. This
programs) or
<varname>$XDG_RUNTIME_DIR</varname>
(for user programs) instead of POSIX
- shared memory segments, since they
+ shared memory segments, since those
directories are not world-writable and
hence not vulnerable to
security-sensitive name
</variablelist>
</refsect1>
+ <refsect1>
+ <title>Unpriviliged Write Access</title>
+
+ <para>Unpriviliged processes generally lack
+ write access to most of the hierarchy.</para>
+
+ <para>The exceptions for normal users are
+ <filename>/tmp</filename>,
+ <filename>/var/tmp</filename>,
+ <filename>/dev/shm</filename>, as well as the home
+ directory <varname>$HOME</varname> (usually found
+ below <filename>/home</filename>) and the runtime
+ directory <varname>$XDG_RUNTIME_DIR</varname> (found
+ below <filename>/run/user</filename>) of the
+ user, which are all writable.</para>
+
+ <para>For unpriviliged system processes only
+ <filename>/tmp</filename>,
+ <filename>/var/tmp</filename> and
+ <filename>/dev/shm</filename> are writable. If an
+ unpriviliged system process needs a private, writable
+ directory in <filename>/var</filename> or
+ <filename>/run</filename>, it is recommended to either
+ create it before dropping priviliges in the daemon
+ code, to create it via
+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ fragments during boot, or via the
+ <varname>RuntimeDirectory=</varname> directive of
+ service units (see
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details).</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Node Types</title>
+
+ <para>Unix file systems support different types of file
+ nodes, including regular files, directories, symlinks,
+ character and block device nodes, sockets and FIFOs.</para>
+
+ <para>It is strongly recommended that
+ <filename>/dev</filename> is the only location below
+ which device nodes shall be placed. Similar,
+ <filename>/run</filename> shall be the only location
+ to place sockets and FIFOs. Regular files,
+ directories and symlinks may be used in all
+ directories.</para>
+ </refsect1>
+
<refsect1>
<title>System Packages</title>