man: add h/H to tmpfiles.d(5)

[elogind.git] / man / tmpfiles.d.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
  This file is part of systemd.

  Copyright 2010 Brandon Philips

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="tmpfiles.d">

  <refentryinfo>
    <title>tmpfiles.d</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Documentation</contrib>
        <firstname>Brandon</firstname>
        <surname>Philips</surname>
        <email>brandon@ifup.org</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>tmpfiles.d</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>tmpfiles.d</refname>
    <refpurpose>Configuration for creation, deletion and cleaning of
    volatile and temporary files</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/etc/tmpfiles.d/*.conf</filename></para>
    <para><filename>/run/tmpfiles.d/*.conf</filename></para>
    <para><filename>/usr/lib/tmpfiles.d/*.conf</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-tmpfiles</command> uses the configuration
    files from the above directories to describe the creation,
    cleaning and removal of volatile and temporary files and
    directories which usually reside in directories such as
    <filename>/run</filename> or <filename>/tmp</filename>.</para>

    <para>Volatile and temporary files and directories are those
    located in <filename>/run</filename> (and its alias
    <filename>/var/run</filename>), <filename>/tmp</filename>,
    <filename>/var/tmp</filename>, the API file systems such as
    <filename>/sys</filename> or <filename>/proc</filename>, as well
    as some other directories below <filename>/var</filename>.</para>

    <para>System daemons frequently require private runtime
    directories below <filename>/run</filename> to place communication
    sockets and similar in. For these, consider declaring them in
    their unit files using <varname>RuntimeDirectory=</varname> (see
    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for details), if this is feasible.</para>
  </refsect1>

  <refsect1>
    <title>Configuration Format</title>

    <para>Each configuration file shall be named in the style of
    <filename><replaceable>package</replaceable>.conf</filename> or
    <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
    The second variant should be used when it is desirable to make it
    easy to override just this part of configuration.</para>

    <para>Files in <filename>/etc/tmpfiles.d</filename> override files
    with the same name in <filename>/usr/lib/tmpfiles.d</filename> and
    <filename>/run/tmpfiles.d</filename>. Files in
    <filename>/run/tmpfiles.d</filename> override files with the same
    name in <filename>/usr/lib/tmpfiles.d</filename>. Packages should
    install their configuration files in
    <filename>/usr/lib/tmpfiles.d</filename>. Files in
    <filename>/etc/tmpfiles.d</filename> are reserved for the local
    administrator, who may use this logic to override the
    configuration files installed by vendor packages. All
    configuration files are sorted by their filename in lexicographic
    order, regardless of which of the directories they reside in. If
    multiple files specify the same path, the entry in the file with
    the lexicographically earliest name will be applied.  All other
    conflicting entries will be logged as errors. When two lines are
    prefix and suffix of each other, then the prefix is always
    processed first, the suffix later. Otherwise, the
    files/directories are processed in the order they are
    listed.</para>

    <para>If the administrator wants to disable a configuration file
    supplied by the vendor, the recommended way is to place a symlink
    to <filename>/dev/null</filename> in
    <filename>/etc/tmpfiles.d/</filename> bearing the same filename.
    </para>

    <para>The configuration format is one line per path containing
    type, path, mode, ownership, age, and argument fields:</para>

    <programlisting>#Type Path        Mode UID  GID  Age Argument
    d    /run/user   0755 root root 10d -
    L    /tmp/foobar -    -    -    -   /dev/null</programlisting>

    <para>Fields may be enclosed within quotes and contain C-style escapes.</para>

    <refsect2>
      <title>Type</title>

      <para>The type consists of a single letter and optionally an
      exclamation mark.</para>

      <para>The following line types are understood:</para>

      <variablelist>
        <varlistentry>
          <term><varname>f</varname></term>
          <listitem><para>Create a file if it does not exist yet. If
          the argument parameter is given, it will be written to the
          file.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>F</varname></term>
          <listitem><para>Create or truncate a file. If the argument
          parameter is given, it will be written to the file.</para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>w</varname></term>
          <listitem><para>Write the argument parameter to a file, if
          the file exists.  Lines of this type accept shell-style
          globs in place of normal path names. The argument parameter
          will be written without a trailing newline. C-style
          backslash escapes are interpreted.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>d</varname></term>
          <listitem><para>Create a directory if it does not exist yet.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>D</varname></term>
          <listitem><para>Create or empty a directory.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>v</varname></term>
          <listitem><para>Create a subvolume if the path does not
          exist yet and the file system supports this
          (btrfs). Otherwise create a normal directory, in the same
          way as <varname>d</varname>.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>p</varname></term>
          <term><varname>p+</varname></term>
          <listitem><para>Create a named pipe (FIFO) if it does not
          exist yet. If suffixed with <varname>+</varname> and a file
          already exists where the pipe is to be created, it will be
          removed and be replaced by the pipe.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>L</varname></term>
          <term><varname>L+</varname></term>
          <listitem><para>Create a symlink if it does not exist
          yet. If suffixed with <varname>+</varname> and a file
          already exists where the symlink is to be created, it will
          be removed and be replaced by the symlink. If the argument
          is omitted, symlinks to files with the same name residing in
          the directory <filename>/usr/share/factory/</filename> are
          created.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>c</varname></term>
          <term><varname>c+</varname></term>
          <listitem><para>Create a character device node if it does
          not exist yet. If suffixed with <varname>+</varname> and a
          file already exists where the device node is to be created,
          it will be removed and be replaced by the device node. It is
          recommended to suffix this entry with an exclamation mark to
          only create static device nodes at boot, as udev will not
          manage static device nodes that are created at runtime.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>b</varname></term>
          <term><varname>b+</varname></term>
          <listitem><para>Create a block device node if it does not
          exist yet. If suffixed with <varname>+</varname> and a file
          already exists where the device node is to be created, it
          will be removed and be replaced by the device node. It is
          recommended to suffix this entry with an exclamation mark to
          only create static device nodes at boot, as udev will not
          manage static device nodes that are created at runtime.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>C</varname></term>
          <listitem><para>Recursively copy a file or directory, if the
          destination files or directories do not exist yet. Note that
          this command will not descend into subdirectories if the
          destination directory already exists. Instead, the entire
          copy operation is skipped. If the argument is omitted, files
          from the source directory
          <filename>/usr/share/factory/</filename> with the same name
          are copied.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>x</varname></term>
          <listitem><para>Ignore a path during cleaning. Use this type
          to exclude paths from clean-up as controlled with the Age
          parameter. Note that lines of this type do not influence the
          effect of <varname>r</varname> or <varname>R</varname>
          lines. Lines of this type accept shell-style globs in place
          of normal path names.  </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>X</varname></term>
          <listitem><para>Ignore a path during cleaning. Use this type
          to exclude paths from clean-up as controlled with the Age
          parameter. Unlike <varname>x</varname>, this parameter will
          not exclude the content if path is a directory, but only
          directory itself. Note that lines of this type do not
          influence the effect of <varname>r</varname> or
          <varname>R</varname> lines. Lines of this type accept
          shell-style globs in place of normal path names.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>r</varname></term>
          <listitem><para>Remove a file or directory if it exists.
          This may not be used to remove non-empty directories, use
          <varname>R</varname> for that.  Lines of this type accept
          shell-style globs in place of normal path
          names.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>R</varname></term>
          <listitem><para>Recursively remove a path and all its
          subdirectories (if it is a directory). Lines of this type
          accept shell-style globs in place of normal path
          names.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>z</varname></term>
          <listitem><para>Adjust the access mode, group and user, and
          restore the SELinux security context of a file or directory,
          if it exists. Lines of this type accept shell-style globs in
          place of normal path names.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>Z</varname></term>
          <listitem><para>Recursively set the access mode, group and
          user, and restore the SELinux security context of a file or
          directory if it exists, as well as of its subdirectories and
          the files contained therein (if applicable). Lines of this
          type accept shell-style globs in place of normal path names.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>t</varname></term>
          <listitem><para>Set extended attributes. Lines of this type
          accept shell-style globs in place of normal path names.
          This can be useful for setting SMACK labels.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>T</varname></term>
          <listitem><para>Recursively set extended attributes. Lines
          of this type accept shell-style globs in place of normal
          path names.  This can be useful for setting SMACK labels.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>h</varname></term>
          <listitem><para>Set file/directory attributes. Lines of this type
          accept shell-style globs in place of normal path names.</para>

          <para>The format of the argument field is <varname>[+-=][aAcCdDeijsStTu]
          </varname></para>

          <para>The prefix <varname>+</varname> (the default one) causes the
          attribute(s) to be added; <varname>-</varname> causes the
          attribute(s) to be removed; <varname>=</varname>
          causes the attributes to set exactly as the following letters.</para>
          <para>The letters <literal>aAcCdDeijsStTu</literal> select the new
          attributes for the files, see
          <citerefentry><refentrytitle>chattr</refentrytitle>
          <manvolnum>1</manvolnum></citerefentry> for further information.
          </para>
          <para>Passing only <varname>=</varname> as argument,
          resets all the file attributes listed above. It has to be pointed
          out that the <varname>=</varname> prefix, limits itself to the
          attributes corresponding to the letters listed here. All other
          attributes will be left untouched.
          </para>

          </listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>H</varname></term>
          <listitem><para>Recursively set file/directory attributes. Lines
          of this type accept shell-style globs in place of normal
          path names.
          </para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>a</varname></term>
          <term><varname>a+</varname></term>
          <listitem><para>Set POSIX ACLs (access control lists). If
          suffixed with <varname>+</varname>, specified entries will
          be added to the existing set.
          <command>systemd-tmpfiles</command> will automatically add
          the required base entries for user and group based on the
          access mode of the file, unless base entries already exist
          or are explictly specified. The mask will be added if not
          specified explicitly or already present. Lines of this type
          accept shell-style globs in place of normal path names. This
          can be useful for allowing additional access to certain
          files.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><varname>A</varname></term>
          <term><varname>A+</varname></term>
          <listitem><para>Same as <varname>a</varname> and
          <varname>a+</varname>, but recursive.</para></listitem>
        </varlistentry>
      </variablelist>

      <para>If the exclamation mark is used, this line is only safe of
      execute during boot, and can break a running system. Lines
      without the exclamation mark are presumed to be safe to execute
      at any time, e.g. on package upgrades.
      <command>systemd-tmpfiles</command> will execute line with an
      exclamation mark only if option <option>--boot</option> is
      given.</para>

      <para>For example:
      <programlisting># Make sure these are created by default so that nobody else can
      d /tmp/.X11-unix 1777 root root 10d

      # Unlink the X11 lock files
      r! /tmp/.X[0-9]*-lock</programlisting>
      The second line in contrast to the first one would break a
      running system, and will only be executed with
      <option>--boot</option>.</para>
    </refsect2>

    <refsect2>
      <title>Path</title>

      <para>The file system path specification supports simple
      specifier expansion. The following expansions are
      understood:</para>

      <table>
        <title>Specifiers available</title>
        <tgroup cols='3' align='left' colsep='1' rowsep='1'>
          <colspec colname="spec" />
          <colspec colname="mean" />
          <colspec colname="detail" />
          <thead>
            <row>
              <entry>Specifier</entry>
              <entry>Meaning</entry>
              <entry>Details</entry>
            </row>
          </thead>
          <tbody>
            <row>
              <entry><literal>%m</literal></entry>
              <entry>Machine ID</entry>
              <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry>
            </row>
            <row>
              <entry><literal>%b</literal></entry>
              <entry>Boot ID</entry>
              <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry>
            </row>
            <row>
              <entry><literal>%H</literal></entry>
              <entry>Host name</entry>
              <entry>The hostname of the running system.</entry>
            </row>
            <row>
              <entry><literal>%v</literal></entry>
              <entry>Kernel release</entry>
              <entry>Identical to <command>uname -r</command> output.</entry>
            </row>
            <row>
              <entry><literal>%%</literal></entry>
              <entry>Escaped %</entry>
              <entry>Single percent sign.</entry>
            </row>
          </tbody>
        </tgroup>
      </table>
    </refsect2>

    <refsect2>
      <title>Mode</title>

      <para>The file access mode to use when creating this file or
      directory. If omitted or when set to <literal>-</literal>, the
      default is used: 0755 for directories, 0644 for all other file
      objects.  For <varname>z</varname>, <varname>Z</varname> lines,
      if omitted or when set to <literal>-</literal>, the file access
      mode will not be modified. This parameter is ignored for
      <varname>x</varname>, <varname>r</varname>,
      <varname>R</varname>, <varname>L</varname>, <varname>t</varname>,
      and <varname>a</varname> lines.</para>

      <para>Optionally, if prefixed with <literal>~</literal>, the
      access mode is masked based on the already set access bits for
      existing file or directories: if the existing file has all
      executable bits unset, all executable bits are removed from the
      new access mode, too. Similarly, if all read bits are removed
      from the old access mode, they will be removed from the new
      access mode too, and if all write bits are removed, they will be
      removed from the new access mode too. In addition, the
      sticky/SUID/SGID bit is removed unless applied to a
      directory. This functionality is particularly useful in
      conjunction with <varname>Z</varname>.</para>
    </refsect2>

    <refsect2>
      <title>UID, GID</title>

      <para>The user and group to use for this file or directory. This
      may either be a numeric user/group ID or a user or group
      name. If omitted or when set to <literal>-</literal>, the
      default 0 (root) is used. For <varname>z</varname>,
      <varname>Z</varname> lines, when omitted or when set to
      <literal>-</literal>, the file ownership will not be
      modified. These parameters are ignored for <varname>x</varname>,
      <varname>r</varname>, <varname>R</varname>,
      <varname>L</varname>, <varname>t</varname>, and
      <varname>a</varname> lines.</para>
    </refsect2>

    <refsect2>
      <title>Age</title>
      <para>The date field, when set, is used to decide what files to
      delete when cleaning. If a file or directory is older than the
      current time minus the age field, it is deleted. The field
      format is a series of integers each followed by one of the
      following postfixes for the respective time units:
      <constant>s</constant>,
      <constant>m</constant> or <constant>min</constant>,
      <constant>h</constant>,
      <constant>d</constant>,
      <constant>w</constant>,
      <constant>ms</constant>,
      <constant>us</constant>,
      respectively meaning seconds, minutes, hours, days, weeks,
      milliseconds, and microseconds. Full names of the time units can
      be used too.
      </para>

      <para>If multiple integers and units are specified, the time
      values are summed. If an integer is given without a unit,
      <constant>s</constant> is assumed.
      </para>

      <para>When the age is set to zero, the files are cleaned
      unconditionally.</para>

      <para>The age field only applies to lines
      starting with <varname>d</varname>,
      <varname>D</varname>, and
      <varname>x</varname>. If omitted or set to
      <literal>-</literal>, no automatic clean-up is
      done.</para>

      <para>If the age field starts with a tilde character
      <literal>~</literal>, the clean-up is only applied to files and
      directories one level inside the directory specified, but not
      the files and directories immediately inside it.</para>
    </refsect2>

    <refsect2>
      <title>Argument</title>

      <para>For <varname>L</varname> lines determines the destination
      path of the symlink. For <varname>c</varname>,
      <varname>b</varname> determines the major/minor of the device
      node, with major and minor formatted as integers, separated by
      <literal>:</literal>, e.g.  <literal>1:3</literal>. For
      <varname>f</varname>, <varname>F</varname>, and
      <varname>w</varname> may be used to specify a short string that
      is written to the file, suffixed by a newline. For
      <varname>C</varname>, specifies the source file or
      directory. For <varname>t</varname> determines extended
      attributes to be set. For <varname>a</varname> determines
      ACL attributes to be set. Ignored for all other lines.</para>
    </refsect2>

  </refsect1>

  <refsect1>
    <title>Example</title>
    <example>
      <title>/etc/tmpfiles.d/screen.conf example</title>
      <para><command>screen</command> needs two directories created at
      boot with specific modes and ownership.</para>

      <programlisting>d /run/screens  1777 root root 10d
      d /run/uscreens 0755 root root 10d12h
      t /run/screen - - - - user.name="John Smith" security.SMACK64=screen</programlisting>
    </example>
    <example>
      <title>/etc/tmpfiles.d/abrt.conf example</title>
      <para><command>abrt</command> needs a directory created at boot with specific mode and ownership and its content should be preserved.</para>

      <programlisting>d /var/tmp/abrt 0755 abrt abrt
      x /var/tmp/abrt/*</programlisting>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>attr</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>getfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>setfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>getfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>