X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Ftmpfiles.d.xml;h=1b14d69a91dfceee88c0fdd74b50686f653f3cfa;hb=6dfcc64bb5c67ec2e026715146c19acf93dab31a;hp=0da52aedadf32b0f7665cde07d7c51cc9862fa9b;hpb=c4708f132381e4bbc864d5241381b5cde4f54878;p=elogind.git
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 0da52aeda..1b14d69a9 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -61,6 +61,23 @@
temporary files and directories which usually reside
in directories such as /run
or /tmp.
+
+ Volatile and temporary files and directories are
+ those located in /run (and its
+ alias /var/run),
+ /tmp,
+ /var/tmp, the API file systems
+ such as /sys or
+ /proc, as well as some other
+ directories below /var.
+
+ System daemons frequently require private
+ runtime directories below /run to
+ place communication sockets and similar in. For these,
+ consider declaring them in their unit files using
+ RuntimeDirectory=
+ (see systemd.exec5 for details),
+ if this is feasible.
@@ -88,11 +105,15 @@
the local administrator, who may use this logic to
override the configuration files installed by vendor
packages. All configuration files are sorted by their
- filename in lexicographic order, regardless in which
- of the directories they reside. If multiple files
+ filename in lexicographic order, regardless of which
+ of the directories they reside in. If multiple files
specify the same path, the entry in the file with the
- lexicographically earliest name will be applied, all
- all other conflicting entries logged as errors.
+ lexicographically earliest name will be applied.
+ All other conflicting entries will be logged as
+ errors. When two lines are prefix and suffix of each
+ other, then the prefix is always processed first, the
+ suffix later. Otherwise, the files/directories are
+ processed in the order they are listed.
If the administrator wants to disable a
configuration file supplied by the vendor, the
@@ -109,7 +130,6 @@
d /run/user 0755 root root 10d -
L /tmp/foobar - - - - /dev/null
-
Type
@@ -149,33 +169,90 @@ L /tmp/foobar - - - - /dev/null
p
- Create a named pipe (FIFO) if it does not exist yet.
+ p+
+ Create a named
+ pipe (FIFO) if it does not
+ exist yet. If suffixed with
+ + and a
+ file already exists where the
+ pipe is to be created, it will
+ be removed and be replaced by
+ the pipe.L
- Create a symlink if it does not exist yet.
+ L+
+ Create a
+ symlink if it does not exist
+ yet. If suffixed with
+ + and a
+ file already exists where the
+ symlink is to be created, it
+ will be removed and be
+ replaced by the
+ symlink. If the argument is omitted,
+ symlinks to files with the same name
+ residing in the directory
+ /usr/share/factory/
+ are created.c
- Create a character device node if it does not exist yet.
+ c+
+ Create a
+ character device node if it
+ does not exist yet. If
+ suffixed with
+ + and a
+ file already exists where the
+ device node is to be created,
+ it will be removed and be
+ replaced by the device
+ node. It is recommended to suffix this
+ entry with an exclamation mark to only
+ create static device nodes at boot,
+ as udev will not manage static device
+ nodes that are created at runtime.
+ b
- Create a block device node if it does not exist yet.
+ b+
+ Create a block
+ device node if it does not
+ exist yet. If suffixed with
+ + and a
+ file already exists where the
+ device node is to be created,
+ it will be removed and be
+ replaced by the device
+ node. It is recommended to suffix this
+ entry with an exclamation mark to only
+ create static device nodes at boot,
+ as udev will not manage static device
+ nodes that are created at runtime.
+
- m
- If the
- specified file path exists,
- adjust its access mode, group
- and user to the specified
- values and reset the SELinux
- label. If it does not exist, do
- nothing.
+ C
+ Recursively
+ copy a file or directory, if
+ the destination files or
+ directories do not exist
+ yet. Note that this command
+ will not descend into
+ subdirectories if the
+ destination directory already
+ exists. Instead, the entire
+ copy operation is
+ skipped. If the argument is omitted,
+ files from the source directory
+ /usr/share/factory/
+ with the same name are copied.
@@ -241,27 +318,29 @@ L /tmp/foobar - - - - /dev/null
z
- Restore
- SELinux security context label
- and set ownership and access
- mode of a file or directory if
- it exists. Lines of this type
- accept shell-style globs in
- place of normal path names.
+ Adjust the
+ access mode, group and user,
+ and restore the SELinux security
+ context of a file or directory,
+ if it exists. Lines of this
+ type accept shell-style globs
+ in place of normal path names.
ZRecursively
- restore SELinux security
- context label and set
- ownership and access mode of a
- path and all its
- subdirectories (if it is a
- directory). Lines of this type
- accept shell-style globs in
- place of normal path
+ set the access mode, group and
+ user, and restore the SELinux
+ security context of a file or
+ directory if it exists, as
+ well as of its subdirectories
+ and the files contained
+ therein (if applicable). Lines
+ of this type accept
+ shell-style globs in place of
+ normal path
names.
@@ -273,20 +352,18 @@ L /tmp/foobar - - - - /dev/null
execute at any time, e.g. on package upgrades.
systemd-tmpfiles will
execute line with an exclamation mark only if
- option is given.
+ option is given.
For example:
-
-# Make sure these are created by default so that nobody else can
+ # Make sure these are created by default so that nobody else can
d /tmp/.X11-unix 1777 root root 10d
# Unlink the X11 lock files
-r! /tmp/.X[0-9]*-lock
-
+r! /tmp/.X[0-9]*-lock
The second line in contrast to the first one
would break a running system, and will only be
- executed with .
+ executed with .
@@ -354,6 +431,22 @@ r! /tmp/.X[0-9]*-lock
ignored for x,
r, R,
L lines.
+
+ Optionally, if prefixed with
+ ~, the access mode is masked
+ based on the already set access bits for
+ existing file or directories: if the existing
+ file has all executable bits unset, all
+ executable bits are removed from the new
+ access mode, too. Similarly, if all read bits
+ are removed from the old access mode, they will
+ be removed from the new access mode too, and
+ if all write bits are removed, they will be
+ removed from the new access mode too. In
+ addition, the sticky/SUID/SGID bit is removed unless
+ applied to a directory. This
+ functionality is particularly useful in
+ conjunction with Z.
@@ -432,8 +525,10 @@ r! /tmp/.X[0-9]*-lock
f, F,
and w may be used to
specify a short string that is written to the
- file, suffixed by a newline. Ignored for all
- other lines.
+ file, suffixed by a newline. For
+ C, specifies the source file
+ or directory. Ignored for all other
+ lines.
@@ -444,8 +539,8 @@ r! /tmp/.X[0-9]*-lock
/etc/tmpfiles.d/screen.conf examplescreen needs two directories created at boot with specific modes and ownership.
- d /var/run/screens 1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h
+ d /run/screens 1777 root root 10d
+d /run/uscreens 0755 root root 10d12h/etc/tmpfiles.d/abrt.conf example
@@ -461,7 +556,8 @@ x /var/tmp/abrt/*
systemd1,
systemd-tmpfiles8,
- systemd-delta1
+ systemd-delta1,
+ systemd.exec5