RH134 - ch04s07

systemd-tmpfiles is used to manage temporary files and volatile storage.
Called during boot from systemd-tmpfiles-setup.service.
Called at regular intervals from systemd-tmpfiles-clean.timer.
Configured from /usr/lib/tmpfiles.d/*.conf and /etc/tmpfiles.d/*conf.
Files in /etc/tmpfiles.d/ take precedence over similarly named files in /usr/lib/tmpfiles.d/.

Objectives

After completing this section, students should be able to manage temporary files using systemd-tmpfiles.

Managing temporary files with systemd-tmpfiles

A modern system requires a large number of temporary files and directories. Not just the highly user-visible ones such as /tmp that get used and abused by regular users, but also more task-specific ones such as daemon and user-specific volatile directories under /run. In this context, volatile means that the file system storing these files only exists in memory. When the system reboots or loses power, all the contents of volatile storage will be gone.

To keep a system running cleanly, it is necessary for these directories and files to be created when they do not exist, since daemons and scripts might rely on them being there, and for old files to be purged so that they do not fill up disk space or provide faulty information.

In the past, system administrators relied on RPM packages and SystemV init-scripts to create these directories, and a tool called tmpwatch to remove old, unused files from configured directories.

In Red Hat Enterprise Linux 7 systemd provides a more structured, and configurable, method to manage temporary directories and files: systemd-tmpfiles.

When systemd starts a system, one of the first service units launched is systemd-tmpfiles-setup. This service runs the command systemd-tmpfiles --create --remove. This command reads configuration files from /usr/lib/tmpfiles.d/*.conf, /run/tmpfiles.d/*.conf, and /etc/tmpfiles.d/*.conf. Any files and directories marked for deletion in those configuration files will be removed, and any files and directories marked for creation (or permission fixes) will be created with the correct permissions if necessary.

Regular cleaning

To make sure that long-running systems do not fill up their disks with stale data, there is also systemd timer unit that calls systemd-tmpfiles --clean on a regular interval.

systemd timer units are a special type of systemd service that have a [Timer] block indicating how often the service with the same name should be started.

On a Red Hat Enterprise Linux 7 system, the configuration for the systemd-tmpfiles-clean.timer unit looks like this:

[Timer]
OnBootSec=15min
OnUnitActiveSec=1d

This indicates that the service with the same name (systemd-tmpfiles-clean.service) will be started 15 minutes after systemd has started, and then once every 24 hours afterwards.

The command systemd-tmpfiles --clean parses the same configuration files as the systemd-tmpfiles --create, but instead of creating files and directories, it will purge all files which have not been accessed, changed, or modified more recently than the maximum age defined in the configuration file.

Important

The man page tmpfiles.d(5) claims that files "older than" the age in the date field of the configuration file are removed. This is not exactly true.

Files on a Linux file system following the POSIX standard have three timestamps: atime, the last time the file was accessed, mtime, the last time the file's contents were modified, and ctime, the last time the file's status was changed (by chown, chmod, and so on). Most Linux file systems do not have a creation time stamp. This is common among Unix-like file systems.

Files will be considered unused if all three timestamps are older than the systemd-tmpfiles age configuration. If any of the three timestamps are newer than the age configuration, the file will not be removed due to age by systemd-tmpfiles.

The stat command can be run on a file to see the values of all three of its time stamps. The ls -l command normally displays mtime.

systemd-tmpfiles configuration files

The format of the configuration files for systemd-tmpfiles is detailed in the tmpfiles.d(5) manual page.

The basic syntax consists of seven columns: Type, Path, Mode, UID, GID, Age, and Argument. Type refers to the action that systemd-tmpfiles should take; for example, d to create a directory if it does not yet exist, or Z to recursively restore SELinux contexts and file permissions and ownership.

Some examples with explanations:

d /run/systemd/seats 0755 root root -

When creating files and directories, create the directory /run/systemd/seats if it does not yet exist, owned by the user root and the group root, with permissions set to rwxr-xr-x. This directory will not be automatically purged.

D /home/student 0700 student student 1d

Create the directory /home/student if it does not yet exist. If it does exist, empty it of all contents. When systemd-tmpfiles --clean is run, remove all files which have not been accessed, changed, or modified in more than one day.

L /run/fstablink - root root - /etc/fstab

Create the symbolic link /run/fstablink pointing to /etc/fstab. Never automatically purge this line.

Configuration file precedence

Configuration files can live in three places:

/etc/tmpfiles.d/*.conf
/run/tmpfiles.d/*.conf
/usr/lib/tmpfiles.d/*.conf

The files in /usr/lib/tmpfiles.d/ are provided by the relevant RPM packages, and should not be edited by system administrators. The files under /run/tmpfiles.d/ are themselves volatile files, normally used by daemons to manage their own runtime temporary files, and the files under /etc/tmpfiles.d/ are meant for administrators to configure custom temporary locations, and to override vendor-provided defaults.

If a file in /run/tmpfiles.d/ has the same file name as a file in /usr/lib/tmpfiles.d/, then the file in /run/tmpfiles.d/ will be used. If a file in /etc/tmpfiles.d/ has the same file name as a file in either /run/tmpfiles.d/ or /usr/lib/tmpfiles.d/, then the file in /etc/tmpfiles.d/ will be used.

Given these precedence rules, an administrator can easily override vendor-provided settings by copying the relevant file to /etc/tmpfiles.d/, and then editing it. Working in this fashion ensures that administrator-provided settings can be easily managed from a central configuration management system, and not be overwritten by an update to a package.

Note

When testing new or modified configurations, it can be useful to only apply the commands out of one configuration file. This can be achieved by specifying the name of the configuration file on the command line.

References

systemd-tmpfiles(8), tmpfiles.d(5), stat(1), stat(2), and systemd.timer(5) man pages

Discuss Red Hat System Administration II

Go to community

Is It possible to reset root password when the system is on multi-user.target?

jennifer1987

27 lip 2023

Hi thereWell, i have a question, Is It possible to reset root password when the system is on multi-user.target? I was not be able to found a foro o some information related with this and another question that I have, If the grub menu dont show up, is it posible to reset the root password?

991

Red Hat System Administration II (RH134)

Haley_Ruccio

21 lip 2023

Build the skills to perform the key tasks needed to become a full-time Linux administratorRed Hat System Administration II (RH134) is the second part of the RHCSA training track for IT professionals who have already attended Red Hat System Administration I. The course goes deeper into core Linux system administration skills in storage configuration and management, installation and deployment of Red Hat Enterprise Linux, management of security features such as SELinux, control of recurring system tasks, management of the boot process and troubleshooting, basic system tuning, and command-line automation and productivity. This course assumes that students have attended Red Hat System Administration I (RH124).Experienced Linux administrators who seek rapid preparation for the RHCSA certification should instead start with RHCSA Rapid Track (RH199).This course is based on Red Hat Enterprise Linux 9.0.Course summaryInstall Red Hat Enterprise Linux using scalable methodsAccess security files, file systems, and networksExecute shell scripting and automation techniquesManage storage devices, logical volumes, and file systemsManage security and system accessControl the boot process and system servicesRun containersAudience for this courseThis course is geared toward Windows system administrators, network administrators, and other system administrators who are interested in supplementing current skills or backstopping other team members, in addition to Linux system administrators who are responsible for these tasks:Configuring, installing, upgrading, and maintaining Linux systems using established standards and proceduresProviding operational supportManaging systems for monitoring system performance and availabilityWriting and deploying scripts for task automation and system administrationRecommended trainingSuccessful completion of Red Hat System Administration I (RH124) is recommended.Experienced Linux administrators seeking to accelerate their path toward becoming a Red Hat Certified System Administrator should start with the RHCSA Rapid Track course (RH199).Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technology requirements.This course is not designed for bring your own device (BYOD).Internet access is not required, but is recommended to allow students to research and access Red Hat online resources.

Welcome to the Red Hat System Administration II (RH134) group in the Red Hat Learning Community!

Deanna

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat System Administration II! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH134.Read more about Red Hat System Administration II here.

417

Revision: rh134-7-c643331