X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Ftmpfiles.d.xml;h=1b14d69a91dfceee88c0fdd74b50686f653f3cfa;hp=331fd1b4721ddedb68446decc60de1d3f0e14e3a;hb=80877656a557231f8187f7bc371fd4cb3b70de5a;hpb=ef72c1f06e2bc696a799cd31a1e0ed25cc999ea4 diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 331fd1b47..1b14d69a9 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -61,6 +61,23 @@ temporary files and directories which usually reside in directories such as /run or /tmp. + + Volatile and temporary files and directories are + those located in /run (and its + alias /var/run), + /tmp, + /var/tmp, the API file systems + such as /sys or + /proc, as well as some other + directories below /var. + + System daemons frequently require private + runtime directories below /run to + place communication sockets and similar in. For these, + consider declaring them in their unit files using + RuntimeDirectory= + (see systemd.exec5 for details), + if this is feasible. @@ -88,11 +105,15 @@ the local administrator, who may use this logic to override the configuration files installed by vendor packages. All configuration files are sorted by their - filename in lexicographic order, regardless in which - of the directories they reside. If multiple files + filename in lexicographic order, regardless of which + of the directories they reside in. If multiple files specify the same path, the entry in the file with the - lexicographically earliest name will be applied, all - all other conflicting entries logged as errors. + lexicographically earliest name will be applied. + All other conflicting entries will be logged as + errors. When two lines are prefix and suffix of each + other, then the prefix is always processed first, the + suffix later. Otherwise, the files/directories are + processed in the order they are listed. If the administrator wants to disable a configuration file supplied by the vendor, the @@ -109,10 +130,12 @@ d /run/user 0755 root root 10d - L /tmp/foobar - - - - /dev/null - Type + The type consists of a single letter and + optionally an exclamation mark. + The following line types are understood: @@ -146,33 +169,90 @@ L /tmp/foobar - - - - /dev/null p - Create a named pipe (FIFO) if it does not exist yet. + p+ + Create a named + pipe (FIFO) if it does not + exist yet. If suffixed with + + and a + file already exists where the + pipe is to be created, it will + be removed and be replaced by + the pipe. L - Create a symlink if it does not exist yet. + L+ + Create a + symlink if it does not exist + yet. If suffixed with + + and a + file already exists where the + symlink is to be created, it + will be removed and be + replaced by the + symlink. If the argument is omitted, + symlinks to files with the same name + residing in the directory + /usr/share/factory/ + are created. c - Create a character device node if it does not exist yet. + c+ + Create a + character device node if it + does not exist yet. If + suffixed with + + and a + file already exists where the + device node is to be created, + it will be removed and be + replaced by the device + node. It is recommended to suffix this + entry with an exclamation mark to only + create static device nodes at boot, + as udev will not manage static device + nodes that are created at runtime. + b - Create a block device node if it does not exist yet. + b+ + Create a block + device node if it does not + exist yet. If suffixed with + + and a + file already exists where the + device node is to be created, + it will be removed and be + replaced by the device + node. It is recommended to suffix this + entry with an exclamation mark to only + create static device nodes at boot, + as udev will not manage static device + nodes that are created at runtime. + - m - If the - specified file path exists, - adjust its access mode, group - and user to the specified - values and reset the SELinux - label. If it does not exist, do - nothing. + C + Recursively + copy a file or directory, if + the destination files or + directories do not exist + yet. Note that this command + will not descend into + subdirectories if the + destination directory already + exists. Instead, the entire + copy operation is + skipped. If the argument is omitted, + files from the source directory + /usr/share/factory/ + with the same name are copied. @@ -238,30 +318,52 @@ L /tmp/foobar - - - - /dev/null z - Restore - SELinux security context label - and set ownership and access - mode of a file or directory if - it exists. Lines of this type - accept shell-style globs in - place of normal path names. + Adjust the + access mode, group and user, + and restore the SELinux security + context of a file or directory, + if it exists. Lines of this + type accept shell-style globs + in place of normal path names. Z Recursively - restore SELinux security - context label and set - ownership and access mode of a - path and all its - subdirectories (if it is a - directory). Lines of this type - accept shell-style globs in - place of normal path + set the access mode, group and + user, and restore the SELinux + security context of a file or + directory if it exists, as + well as of its subdirectories + and the files contained + therein (if applicable). Lines + of this type accept + shell-style globs in place of + normal path names. + + If the exclamation mark is used, this + line is only safe of execute during boot, and + can break a running system. Lines without the + exclamation mark are presumed to be safe to + execute at any time, e.g. on package upgrades. + systemd-tmpfiles will + execute line with an exclamation mark only if + option is given. + + + For example: + # Make sure these are created by default so that nobody else can +d /tmp/.X11-unix 1777 root root 10d + +# Unlink the X11 lock files +r! /tmp/.X[0-9]*-lock + The second line in contrast to the first one + would break a running system, and will only be + executed with . @@ -329,6 +431,22 @@ L /tmp/foobar - - - - /dev/null ignored for x, r, R, L lines. + + Optionally, if prefixed with + ~, the access mode is masked + based on the already set access bits for + existing file or directories: if the existing + file has all executable bits unset, all + executable bits are removed from the new + access mode, too. Similarly, if all read bits + are removed from the old access mode, they will + be removed from the new access mode too, and + if all write bits are removed, they will be + removed from the new access mode too. In + addition, the sticky/SUID/SGID bit is removed unless + applied to a directory. This + functionality is particularly useful in + conjunction with Z. @@ -407,8 +525,10 @@ L /tmp/foobar - - - - /dev/null f, F, and w may be used to specify a short string that is written to the - file, suffixed by a newline. Ignored for all - other lines. + file, suffixed by a newline. For + C, specifies the source file + or directory. Ignored for all other + lines. @@ -419,8 +539,8 @@ L /tmp/foobar - - - - /dev/null /etc/tmpfiles.d/screen.conf example screen needs two directories created at boot with specific modes and ownership. - d /var/run/screens 1777 root root 10d -d /var/run/uscreens 0755 root root 10d12h + d /run/screens 1777 root root 10d +d /run/uscreens 0755 root root 10d12h /etc/tmpfiles.d/abrt.conf example @@ -436,7 +556,8 @@ x /var/tmp/abrt/* systemd1, systemd-tmpfiles8, - systemd-delta1 + systemd-delta1, + systemd.exec5