temporary files and directories which usually reside
in directories such as <filename>/run</filename>
or <filename>/tmp</filename>.</para>
+
+ <para>Volatile and temporary files and directories are
+ those located in <filename>/run</filename> (and its
+ alias <filename>/var/run</filename>),
+ <filename>/tmp</filename>,
+ <filename>/var/tmp</filename>, the API file systems
+ such as <filename>/sys</filename> or
+ <filename>/proc</filename>, as well as some other
+ directories below <filename>/var</filename>.</para>
+
+ <para>System daemons frequently require private
+ runtime directories below <filename>/run</filename> to
+ place communication sockets and similar in. For these,
+ consider declaring them in their unit files using
+ <varname>RuntimeDirectory=</varname>
+ (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details),
+ if this is feasible.</para>
</refsect1>
<refsect1>
of the directories they reside in. If multiple files
specify the same path, the entry in the file with the
lexicographically earliest name will be applied, all
- all other conflicting entries logged as errors.</para>
+ all other conflicting entries will be logged as
+ errors. When two lines are prefix and suffix of each
+ other, then the prefix is always processed first, the
+ suffix later. Otherwise, the files/directories are
+ processed in the order they are listed.</para>
<para>If the administrator wants to disable a
configuration file supplied by the vendor, the
d /run/user 0755 root root 10d -
L /tmp/foobar - - - - /dev/null</programlisting>
-
<refsect2>
<title>Type</title>
<varlistentry>
<term><varname>p</varname></term>
- <listitem><para>Create a named pipe (FIFO) if it does not exist yet.</para></listitem>
+ <term><varname>p+</varname></term>
+ <listitem><para>Create a named
+ pipe (FIFO) if it does not
+ exist yet. If suffixed with
+ <varname>+</varname> and a
+ file already exists where the
+ pipe is to be created, it will
+ be removed and be replaced by
+ the pipe.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>L</varname></term>
- <listitem><para>Create a symlink if it does not exist yet.</para></listitem>
+ <term><varname>L+</varname></term>
+ <listitem><para>Create a
+ symlink if it does not exist
+ yet. If suffixed with
+ <varname>+</varname> and a
+ file already exists where the
+ symlink is to be created, it
+ will be removed and be
+ replaced by the
+ symlink. If the argument is omitted,
+ symlinks to files with the same name
+ residing in the directory
+ <filename>/usr/share/factory/</filename>
+ are created.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>c</varname></term>
- <listitem><para>Create a character device node if it does not exist yet.</para></listitem>
+ <term><varname>c+</varname></term>
+ <listitem><para>Create a
+ character device node if it
+ does not exist yet. If
+ suffixed with
+ <varname>+</varname> and a
+ file already exists where the
+ device node is to be created,
+ it will be removed and be
+ replaced by the device
+ node.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>b</varname></term>
- <listitem><para>Create a block device node if it does not exist yet.</para></listitem>
+ <term><varname>b+</varname></term>
+ <listitem><para>Create a block
+ device node if it does not
+ exist yet. If suffixed with
+ <varname>+</varname> and a
+ file already exists where the
+ device node is to be created,
+ it will be removed and be
+ replaced by the device
+ node.</para></listitem>
</varlistentry>
<varlistentry>
- <term><varname>m</varname></term>
- <listitem><para>If the
- specified file path exists,
- adjust its access mode, group
- and user to the specified
- values and reset the SELinux
- security context. If it does not exist, do
- nothing.</para></listitem>
+ <term><varname>C</varname></term>
+ <listitem><para>Recursively
+ copy a file or directory, if
+ the destination files or
+ directories do not exist
+ yet. Note that this command
+ will not descend into
+ subdirectories if the
+ destination directory already
+ exists. Instead, the entire
+ copy operation is
+ skipped. If the argument is omitted,
+ files from the source directory
+ <filename>/usr/share/factory/</filename>
+ with the same name are copied.</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>z</varname></term>
- <listitem><para>Restore
- SELinux security context
- and set ownership and access
- mode of a file or directory if
- it exists. Lines of this type
- accept shell-style globs in
- place of normal path names.
+ <listitem><para>Adjust the
+ access mode, group and user,
+ and restore the SELinux security
+ context of a file or directory,
+ if it exists. Lines of this
+ type accept shell-style globs
+ in place of normal path names.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>Z</varname></term>
<listitem><para>Recursively
- restore SELinux security
- context and set
- ownership and access mode of a
- path and all its
- subdirectories (if it is a
- directory). Lines of this type
- accept shell-style globs in
- place of normal path
+ set the access mode, group and
+ user, and restore the SELinux
+ security context of a file or
+ directory if it exists, as
+ well as of its subdirectories
+ and the files contained
+ therein (if applicable). Lines
+ of this type accept
+ shell-style globs in place of
+ normal path
names.</para></listitem>
</varlistentry>
</variablelist>
</para>
<para>For example:
- <programlisting>
-# Make sure these are created by default so that nobody else can
+ <programlisting># Make sure these are created by default so that nobody else can
d /tmp/.X11-unix 1777 root root 10d
# Unlink the X11 lock files
-r! /tmp/.X[0-9]*-lock
- </programlisting>
+r! /tmp/.X[0-9]*-lock</programlisting>
The second line in contrast to the first one
would break a running system, and will only be
executed with <option>--boot</option>.</para>
ignored for <varname>x</varname>,
<varname>r</varname>, <varname>R</varname>,
<varname>L</varname> lines.</para>
+
+ <para>Optionally, if prefixed with
+ <literal>~</literal>, the access mode is masked
+ based on the already set access bits for
+ existing file or directories: if the existing
+ file has all executable bits unset, all
+ executable bits are removed from the new
+ access mode, too. Similarly, if all read bits
+ are removed from the old access mode, they will
+ be removed from the new access mode too, and
+ if all write bits are removed, they will be
+ removed from the new access mode too. In
+ addition, the sticky/SUID/SGID bit is removed unless
+ applied to a directory. This
+ functionality is particularly useful in
+ conjunction with <varname>Z</varname>.</para>
</refsect2>
<refsect2>
<varname>f</varname>, <varname>F</varname>,
and <varname>w</varname> may be used to
specify a short string that is written to the
- file, suffixed by a newline. Ignored for all
- other lines.</para>
+ file, suffixed by a newline. For
+ <varname>C</varname>, specifies the source file
+ or directory. Ignored for all other
+ lines.</para>
</refsect2>
</refsect1>
<title>/etc/tmpfiles.d/screen.conf example</title>
<para><command>screen</command> needs two directories created at boot with specific modes and ownership.</para>
- <programlisting>d /var/run/screens 1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h</programlisting>
+ <programlisting>d /run/screens 1777 root root 10d
+d /run/uscreens 0755 root root 10d12h</programlisting>
</example>
<example>
<title>/etc/tmpfiles.d/abrt.conf example</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para>
</refsect1>