diff --git a/docs/TEMPORARY_DIRECTORIES.md b/docs/TEMPORARY_DIRECTORIES.md index 5bb24fa3ee..c0f945c885 100644 --- a/docs/TEMPORARY_DIRECTORIES.md +++ b/docs/TEMPORARY_DIRECTORIES.md @@ -1,10 +1,10 @@ --- -title: Using /tmp/ And /var/tmp/ Safely +title: Using /tmp/ and /var/tmp/ Safely category: Interfaces layout: default --- -# Using `/tmp/` And `/var/tmp/` Safely +# Using `/tmp/` and `/var/tmp/` Safely `/tmp/` and `/var/tmp/` are two world-writable directories Linux systems provide for temporary files. The former is typically on `tmpfs` and thus diff --git a/man/bootup.xml b/man/bootup.xml index 26f762bf81..0c2edfc8a5 100644 --- a/man/bootup.xml +++ b/man/bootup.xml @@ -227,7 +227,7 @@ emergency.service | | | initrd-root-fs.target is reached. The service initrd-parse-etc.service scans /sysroot/etc/fstab for a possible - /usr mount point and additional entries + /usr/ mount point and additional entries marked with the x-initrd.mount option. All entries found are mounted below /sysroot, and initrd-fs.target is reached. The service diff --git a/man/busctl.xml b/man/busctl.xml index eebc42105d..06d17b201a 100644 --- a/man/busctl.xml +++ b/man/busctl.xml @@ -357,9 +357,9 @@ Controls whether credential data reported by list or status shall be augmented with data from - /proc. When this is turned on, the data + /proc/. When this is turned on, the data shown is possibly inconsistent, as the data read from - /proc might be more recent than the rest of + /proc/ might be more recent than the rest of the credential information. Defaults to yes. diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 48114394c4..996876f48a 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -127,20 +127,23 @@ /tmp/ The place for small temporary files. This directory is usually mounted as a tmpfs instance, and should hence not be used for larger files. (Use - /var/tmp/ for larger files.) Since the directory is accessible to other users of - the system, it is essential that this directory is only written to with the mkstemp3, - mkdtemp3 and - related calls. This directory is usually flushed at boot-up. Also, files that are not accessed within - a certain time are usually automatically deleted. If applications find the environment variable - $TMPDIR set, they should prefer using the directory specified in it over directly - referencing /tmp/ (see /var/tmp/ for larger files.) This directory is usually flushed at boot-up. Also, + files that are not accessed within a certain time may be automatically deleted. + + If applications find the environment variable $TMPDIR set, they should use + the directory specified in it instead of /tmp/ (see environ7 and IEEE - Std 1003.1 for details). For further details about this directory, see Using /tmp/ And /var/tmp/ - Safely. + Std 1003.1 for details). + + Since /tmp/ is accessible to other users of the system, it is essential + that files and subdirectories under this directory are only created with mkstemp3, + mkdtemp3, + and similar calls. For more details, see Using + /tmp/ and /var/tmp/ Safely. + @@ -334,20 +337,22 @@ /var/tmp/ The place for larger and persistent temporary files. In contrast to /tmp/, this directory is usually mounted from a persistent physical file system - and can thus accept larger files. (Use /tmp/ for smaller files.) This directory - is generally not flushed at boot-up, but time-based cleanup of files that have not been accessed for - a certain time is applied. The same security restrictions as with /tmp/ apply, - and hence only /tmp/ for small ephemeral files.) This + directory is generally not flushed at boot-up, but time-based cleanup of files that have not been + accessed for a certain time is applied. + + If applications find the environment variable $TMPDIR set, they should use + the directory specified in it instead of /var/tmp/ (see environ7 for + details). + + The same security restrictions as with /tmp/ apply: mkstemp3, mkdtemp3 or - similar calls should be used to make use of this directory. If applications find the environment - variable $TMPDIR set, they should prefer using the directory specified in it over - directly referencing /var/tmp/ (see environ7 for - details). For further details about this directory, see Using /tmp/ And /var/tmp/ - Safely. + project='man-pages'>mkdtemp3, + and similar calls should be used. For further details about this directory, see Using /tmp/ and /var/tmp/ Safely. + @@ -584,6 +589,19 @@ directives of service units (see systemd.unit5 for details). + + /tmp/, /var/tmp/ and /dev/shm/ + should be mounted and , which means that set-user-id mode + and character or block special devices are not interpreted on those file systems. In general it is not + possible to mount them , because various programs use those directories for + dynamically generated or optimized code, and with that flag those use cases would break. Using this flag + is OK on special-purpose installations or systems where all software that may be installed is known and + doesn't require such functionality. See the discussion of + // in mount8 and + PROT_EXEC in mmap2. + diff --git a/man/hwdb.xml b/man/hwdb.xml index 7ba523602a..4e3bfbaace 100644 --- a/man/hwdb.xml +++ b/man/hwdb.xml @@ -31,12 +31,12 @@ the local administration directory /etc/udev/hwdb.d. All hwdb files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with - identical filenames replace each other. Files in /etc + identical filenames replace each other. Files in /etc/ have the highest priority and take precedence over files with the same - name in /usr/lib. This can be used to override a + name in /usr/lib/. This can be used to override a system-supplied hwdb file with a local file if needed; - a symlink in /etc with the same name as a hwdb file in - /usr/lib, pointing to /dev/null, + a symlink in /etc/ with the same name as a hwdb file in + /usr/lib/, pointing to /dev/null, disables that hwdb file entirely. hwdb files must have the extension .hwdb; other extensions are ignored. diff --git a/man/journald.conf.xml b/man/journald.conf.xml index d792ef7220..2281e069d5 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -216,7 +216,7 @@ with Runtime apply to the journal files when stored on a volatile in-memory file system, more specifically /run/log/journal. The former - is used only when /var is mounted, + is used only when /var/ is mounted, writable, and the directory /var/log/journal exists. Otherwise, only the latter applies. Note that this means that during early diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index b0b45f4c62..8f61188a63 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -131,15 +131,15 @@ This parameter controls whether the system shall boot up in volatile mode. Takes a boolean argument, or the special value state. If false (the default), normal boot mode is selected, the root - directory and /var are mounted as specified on the kernel command line or + directory and /var/ are mounted as specified on the kernel command line or /etc/fstab, or otherwise configured. If true, full state-less boot mode is selected. In this case the root directory is mounted as volatile memory file system (tmpfs), and only - /usr is mounted from the file system configured as root device, in read-only mode. This + /usr/ is mounted from the file system configured as root device, in read-only mode. This enables fully state-less boots were the vendor-supplied OS is used as shipped, with only default - configuration and no stored state in effect, as /etc and /var (as + configuration and no stored state in effect, as /etc/ and /var/ (as well as all other resources shipped in the root file system) are reset at boot and lost on shutdown. If this setting is set to state the root file system is mounted read-only, however - /var is mounted as a volatile memory file system (tmpfs), so that the + /var/ is mounted as a volatile memory file system (tmpfs), so that the system boots up with the normal configuration applied, but all state reset at boot and lost at shutdown. If this setting is set to overlay the root file system is set up as overlayfs mount combining the read-only root directory with a writable diff --git a/man/loginctl.xml b/man/loginctl.xml index 05a4c75c79..acc5aa9a6f 100644 --- a/man/loginctl.xml +++ b/man/loginctl.xml @@ -238,7 +238,7 @@ Persistently attach one or more devices to a seat. The devices should be specified via device paths in the - /sys file system. To create a new seat, + /sys/ file system. To create a new seat, attach at least one graphics card to a previously unused seat name. Seat names may consist only of a–z, A–Z, 0–9, - and _ and must be diff --git a/man/machine-id.xml b/man/machine-id.xml index bd55366ac8..cf759f2a0e 100644 --- a/man/machine-id.xml +++ b/man/machine-id.xml @@ -111,7 +111,7 @@ systemd-machine-id-commit.service8 will attempt to write the machine ID to the file system if - /etc/machine-id or /etc are read-only during + /etc/machine-id or /etc/ are read-only during early boot but become writable later on. diff --git a/man/machinectl.xml b/man/machinectl.xml index 37e51f90cf..5f94045984 100644 --- a/man/machinectl.xml +++ b/man/machinectl.xml @@ -64,8 +64,8 @@ Directory trees containing an OS, including the - top-level directories /usr, - /etc, and so on. + top-level directories /usr/, + /etc/, and so on. btrfs subvolumes containing OS trees, similar to regular directory trees. @@ -440,11 +440,11 @@ clean Remove hidden VM or container images (or all). This command removes all hidden machine images - from /var/lib/machines, i.e. those whose name begins with a dot. Use machinectl + from /var/lib/machines/, i.e. those whose name begins with a dot. Use machinectl list-images --all to see a list of all machine images, including the hidden ones. When combined with the switch removes all images, not just hidden ones. This - command effectively empties /var/lib/machines. + command effectively empties /var/lib/machines/. Note that commands such as machinectl pull-tar or machinectl pull-raw usually create hidden, read-only, unmodified machine images from the downloaded image first, @@ -562,7 +562,7 @@ import-tar is used, the file specified as the first argument should be a tar archive, possibly compressed with xz, gzip or bzip2. It will then be unpacked into its own - subvolume in /var/lib/machines. When + subvolume in /var/lib/machines/. When import-raw is used, the file should be a qcow2 or raw disk image, possibly compressed with xz, gzip or bzip2. If the second argument (the resulting image name) is @@ -890,7 +890,7 @@ /usr/lib/machines/. For compatibility reasons, the directory /var/lib/container/ is searched, too. Note that images stored below - /usr are always considered read-only. It is + /usr/ are always considered read-only. It is possible to symlink machines images from other directories into /var/lib/machines/ to make them available for control with machinectl. diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml index b424f1fbd2..e12d9bf5b2 100644 --- a/man/nss-myhostname.xml +++ b/man/nss-myhostname.xml @@ -57,7 +57,7 @@ hostname. When using dynamic hostnames, this is traditionally achieved by patching /etc/hosts at the same time as changing the hostname. This is problematic since it - requires a writable /etc file system and is + requires a writable /etc/ file system and is fragile because the file might be edited by the administrator at the same time. With nss-myhostname enabled, changing /etc/hosts is unnecessary, and on diff --git a/man/org.freedesktop.import1.xml b/man/org.freedesktop.import1.xml index 56ce9f0b45..472b9f999e 100644 --- a/man/org.freedesktop.import1.xml +++ b/man/org.freedesktop.import1.xml @@ -156,7 +156,7 @@ node /org/freedesktop/import1 { operation (as in that case we know the total size on disk). If a socket or pipe is specified, progress information is not available. The file descriptor argument is followed by a local name for the image. This should be a name suitable as a hostname and will be used to name the imported image below - /var/lib/machines. A tar import is placed as a directory tree or a + /var/lib/machines/. A tar import is placed as a directory tree or a btrfs8 subvolume below /var/lib/machines/ under the specified name with no suffix appended. A raw import is placed as a file in /var/lib/machines/ with the diff --git a/man/org.freedesktop.login1.xml b/man/org.freedesktop.login1.xml index 7e127ef18c..03f0107c72 100644 --- a/man/org.freedesktop.login1.xml +++ b/man/org.freedesktop.login1.xml @@ -504,7 +504,7 @@ node /org/freedesktop/login1 { stored on disk. AttachDevice() may be used to assign a specific device to a specific - seat. The device is identified by its /sys path and must be eligible for seat + seat. The device is identified by its /sys/ path and must be eligible for seat assignments. AttachDevice() takes three arguments: the seat id, the sysfs path, and a boolean for controlling polkit interactivity (see below). Device assignments are persistently stored on disk. To create a new seat, simply specify a previously unused seat id. For more information diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 8e326617bf..02f7293288 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1288,11 +1288,11 @@ node /org/freedesktop/systemd1 { file. EnableUnitFiles() may be used to enable one or more units in the system (by - creating symlinks to them in /etc or /run). It takes a list + creating symlinks to them in /etc/ or /run/). It takes a list of unit files to enable (either just file names or full absolute paths if the unit files are residing outside the usual unit search paths) and two booleans: the first controls whether the unit shall be - enabled for runtime only (true, /run), or persistently (false, - /etc). The second one controls whether symlinks pointing to other units shall be + enabled for runtime only (true, /run/), or persistently (false, + /etc/). The second one controls whether symlinks pointing to other units shall be replaced if necessary. This method returns one boolean and an array of the changes made. The boolean signals whether the unit files contained any enablement information (i.e. an [Install]) section. The changes array consists of structures with three strings: the type of the change (one of @@ -1301,7 +1301,7 @@ node /org/freedesktop/systemd1 { format. Similarly, DisableUnitFiles() disables one or more units in the system, - i.e. removes all symlinks to them in /etc and /run. + i.e. removes all symlinks to them in /etc/ and /run/. The EnableUnitFilesWithFlags() and DisableUnitFilesWithFlags() take in options as flags instead of booleans to allow for extendability, defined as follows: @@ -1425,7 +1425,7 @@ node /org/freedesktop/systemd1 { flag. Taints may be used to lower the chance of bogus bug reports. The following taints are currently known: split-usr, mtab-not-symlink, cgroups-missing, local-hwclock. split-usr is - set if /usr is not pre-mounted when systemd is first invoked. See + set if /usr/ is not pre-mounted when systemd is first invoked. See Booting Without /usr is Broken for details why this is bad. mtab-not-symlink indicates that @@ -2094,11 +2094,11 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { disabled, and invalid. enabled indicates that a unit file is permanently enabled. enable-runtime indicates the unit file is only temporarily enabled and will no longer be enabled after a reboot (that means, it is enabled via - /run symlinks, rather than /etc). linked - indicates that a unit is linked into /etc permanently. linked-runtime - indicates that a unit is linked into /run temporarily (until the next + /run/ symlinks, rather than /etc/). linked + indicates that a unit is linked into /etc/ permanently. linked-runtime + indicates that a unit is linked into /run/ temporarily (until the next reboot). masked indicates that the unit file is masked permanently. - masked-runtime indicates that it is masked in /run temporarily + masked-runtime indicates that it is masked in /run/ temporarily (until the next reboot). static indicates that the unit is statically enabled, i.e. always enabled and doesn't need to be enabled explicitly. invalid indicates that it could not be determined whether the unit file is enabled. diff --git a/man/os-release.xml b/man/os-release.xml index a2164436c3..cd5b5bf158 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -59,7 +59,7 @@ /etc/os-release should be a relative symlink to /usr/lib/os-release, to provide compatibility with applications only looking at - /etc. A relative symlink instead of an + /etc/. A relative symlink instead of an absolute symlink is necessary to avoid breaking the link in a chroot or initrd environment such as dracut. diff --git a/man/sd-login.xml b/man/sd-login.xml index ecc6e28a84..8c6c973a4d 100644 --- a/man/sd-login.xml +++ b/man/sd-login.xml @@ -46,8 +46,8 @@ systemd-logind, instead. These functions synchronously access data in - /proc, /sys/fs/cgroup - and /run. All of these are virtual file + /proc/, /sys/fs/cgroup/ + and /run/. All of these are virtual file systems, hence the runtime cost of the accesses is relatively cheap. diff --git a/man/sd_bus_creds_new_from_pid.xml b/man/sd_bus_creds_new_from_pid.xml index f5ee01ca35..d1a168a23b 100644 --- a/man/sd_bus_creds_new_from_pid.xml +++ b/man/sd_bus_creds_new_from_pid.xml @@ -183,7 +183,7 @@ for the credential fields that could not be determined atomically at peer connection time, and which were later added by reading augmenting credential data from - /proc. Similarly, for credential objects + /proc/. Similarly, for credential objects retrieved via sd_bus_get_owner_creds(), the mask is set for the fields that could not be determined atomically at bus creation time, but have been augmented. Similarly, for @@ -243,7 +243,7 @@ sd_bus_creds_get_augmented_mask() returns the mask of fields that have been augmented from data in - /proc, and are thus not suitable for + /proc/, and are thus not suitable for authorization decisions. sd_bus_creds_ref() always returns the diff --git a/man/sd_is_fifo.xml b/man/sd_is_fifo.xml index 26a0db1205..339bb32707 100644 --- a/man/sd_is_fifo.xml +++ b/man/sd_is_fifo.xml @@ -158,7 +158,7 @@ NULL, it is checked whether the file descriptor is bound to the specified filename. Special files in this context are character device nodes and files in - /proc or /sys. + /proc/ or /sys/. diff --git a/man/sd_notify.xml b/man/sd_notify.xml index 87b12c4bdf..3721ed91ef 100644 --- a/man/sd_notify.xml +++ b/man/sd_notify.xml @@ -222,7 +222,7 @@ sd_listen_fds3. This is useful for implementing services that can restart after an explicit request or a crash without losing state. Any open sockets and other file descriptors which should not be closed during the restart may be stored - this way. Application state can either be serialized to a file in /run, or better, stored + this way. Application state can either be serialized to a file in /run/, or better, stored in a memfd_create2 memory file descriptor. Note that the service manager will accept messages for a service only if its FileDescriptorStoreMax= setting is non-zero (defaults to zero, see diff --git a/man/sd_pid_get_owner_uid.xml b/man/sd_pid_get_owner_uid.xml index 9c16d5bc9c..f684c03aeb 100644 --- a/man/sd_pid_get_owner_uid.xml +++ b/man/sd_pid_get_owner_uid.xml @@ -232,7 +232,7 @@ sd_peer_get_cgroup() calls operate similar to their PID counterparts, but operate on a connected AF_UNIX socket and retrieve information about the connected peer process. Note - that these fields are retrieved via /proc, + that these fields are retrieved via /proc/, and hence are not suitable for authorization purposes, as they are subject to races. diff --git a/man/standard-specifiers.xml b/man/standard-specifiers.xml index 3efbb6db00..5b73043ce2 100644 --- a/man/standard-specifiers.xml +++ b/man/standard-specifiers.xml @@ -39,11 +39,21 @@ Operating system ID The operating system identifier of the running system, as read from the ID= field of /etc/os-release. See os-release5 for more information. + + %T + Directory for temporary files + This is either /tmp or the path $TMPDIR, $TEMP or $TMP are set to. (Note that the directory may be specified without a trailing slash.) + %v Kernel release Identical to uname -r output. + + %V + Directory for larger and persistent temporary files + This is either /var/tmp or the path $TMPDIR, $TEMP or $TMP are set to. (Note that the directory may be specified without a trailing slash.) + %w Operating system version ID diff --git a/man/systemctl.xml b/man/systemctl.xml index dc02fdcb86..7c2d43441e 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -663,7 +663,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err directories, an additional symlink is created, linking it into the unit configuration path, thus ensuring it is found when requested by commands such as start. The file system where the linked unit files are located must be accessible when systemd is started (e.g. anything underneath - /home or /var is not allowed, unless those directories are + /home/ or /var/ is not allowed, unless those directories are located on the root file system). This command will print the file system operations executed. This output may be suppressed by passing @@ -901,7 +901,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err disable. The effect of this command is that a unit file is made available for commands such as start, even though it is not installed directly in the unit search path. The file system where the linked unit files are located must be accessible when systemd is started - (e.g. anything underneath /home or /var is not allowed, unless + (e.g. anything underneath /home/ or /var/ is not allowed, unless those directories are located on the root file system). @@ -916,10 +916,10 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err foo.service.d/ with all their contained files are removed, both below the persistent and runtime configuration directories (i.e. below /etc/systemd/system and /run/systemd/system); if the unit file has a vendor-supplied version (i.e. a unit file - located below /usr) any matching persistent or runtime unit file that overrides it is + located below /usr/) any matching persistent or runtime unit file that overrides it is removed, too. Note that if a unit file has no vendor-supplied version (i.e. is only defined below /etc/systemd/system or /run/systemd/system, but not in a unit - file stored below /usr), then it is not removed. Also, if a unit is masked, it is + file stored below /usr/), then it is not removed. Also, if a unit is masked, it is unmasked. Effectively, this command may be used to undo all changes made with systemctl @@ -970,7 +970,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err not already exist, new unit files will be opened for editing. If is specified, the changes will - be made temporarily in /run and they will be + be made temporarily in /run/ and they will be lost on the next reboot. If the temporary file is empty upon exit, the modification of @@ -982,8 +982,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Note that this command cannot be used to remotely edit units and that you cannot temporarily edit units which are in - /etc, since they take precedence over - /run. + /etc/, since they take precedence over + /run/. @@ -2100,7 +2100,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err (and related commands), make changes only temporarily, so that they are lost on the next reboot. This will have the effect that changes are not made in subdirectories of - /etc but in /run, + /etc/ but in /run/, with identical immediate effects, however, since the latter is lost on reboot, the changes are lost too. diff --git a/man/systemd-cgls.xml b/man/systemd-cgls.xml index 6181cdf836..2d209ab323 100644 --- a/man/systemd-cgls.xml +++ b/man/systemd-cgls.xml @@ -46,7 +46,7 @@ file paths or are assumed in the systemd control group hierarchy. If no argument is specified and the current working directory is beneath the control group mount point - /sys/fs/cgroup, shows the contents of the + /sys/fs/cgroup/, shows the contents of the control group the working directory refers to. Otherwise, the full systemd control group hierarchy is shown. diff --git a/man/systemd-delta.xml b/man/systemd-delta.xml index 02d7b88510..381add7f0c 100644 --- a/man/systemd-delta.xml +++ b/man/systemd-delta.xml @@ -34,9 +34,9 @@ systemd-delta may be used to identify and compare configuration files that override other configuration - files. Files in /etc have highest priority, - files in /run have the second highest - priority, …, files in /usr/lib have lowest + files. Files in /etc/ have highest priority, + files in /run/ have the second highest + priority, …, files in /usr/lib/ have lowest priority. Files in a directory with higher priority override files with the same name in directories of lower priority. In addition, certain configuration files can have .d @@ -54,8 +54,8 @@ The command line argument will be split into a prefix and a suffix. Either is optional. The prefix must be one of the directories containing configuration files - (/etc, /run, - /usr/lib, …). If it is given, only + (/etc/, /run/, + /usr/lib/, …). If it is given, only overriding files contained in this directory will be shown. Otherwise, all overriding files will be shown. The suffix must be a name of a subdirectory containing configuration files like diff --git a/man/systemd-firstboot.xml b/man/systemd-firstboot.xml index 48d1c89a47..e60bfa0eb0 100644 --- a/man/systemd-firstboot.xml +++ b/man/systemd-firstboot.xml @@ -38,7 +38,7 @@ basic system settings interactively on the first boot, or optionally non-interactively when a system image is created. The service is started if ConditionFirstBoot=yes - is satisfied. This essentially means that /etc + is satisfied. This essentially means that /etc/ is empty, see systemd.unit5 for details. diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml index 59f1896860..e842f3f9bc 100644 --- a/man/systemd-fstab-generator.xml +++ b/man/systemd-fstab-generator.xml @@ -110,7 +110,7 @@ mount.usr= - Takes the /usr filesystem + Takes the /usr/ filesystem to be mounted by the initrd. If mount.usrfstype= or mount.usrflags= is set, then @@ -118,7 +118,7 @@ root=. Otherwise, this parameter defaults to the - /usr entry found in + /usr/ entry found in /etc/fstab on the root filesystem. mount.usr= is honored by the initrd. @@ -128,7 +128,7 @@ mount.usrfstype= - Takes the /usr filesystem + Takes the /usr/ filesystem type that will be passed to the mount command. If mount.usr= or mount.usrflags= is set, then @@ -136,7 +136,7 @@ set in rootfstype=. Otherwise, this value will be read from the - /usr entry in + /usr/ entry in /etc/fstab on the root filesystem. mount.usrfstype= is honored by the @@ -146,14 +146,14 @@ mount.usrflags= - Takes the /usr filesystem + Takes the /usr/ filesystem mount options to use. If mount.usr= or mount.usrfstype= is set, then mount.usrflags= will default to the value set in rootflags=. Otherwise, this value will be read from the - /usr entry in + /usr/ entry in /etc/fstab on the root filesystem. mount.usrflags= is honored by the @@ -173,15 +173,15 @@ systemd-volatile-root.service8 is run as part of the initial RAM disk ("initrd"). This service changes the mount table before transitioning to the host system, so that a volatile memory file system (tmpfs) is used as root directory, - with only /usr mounted into it from the configured root file system, in read-only + with only /usr/ mounted into it from the configured root file system, in read-only mode. This way the system operates in fully stateless mode, with all configuration and state reset at boot and - lost at shutdown, as /etc and /var will be served from the (initially + lost at shutdown, as /etc/ and /var/ will be served from the (initially unpopulated) volatile memory file system. If set to the generator will leave the root directory mount point unaltered, - however will mount a tmpfs file system to /var. In this mode the normal - system configuration (i.e. the contents of /etc) is in effect (and may be modified during - system runtime), however the system state (i.e. the contents of /var) is reset at boot and + however will mount a tmpfs file system to /var/. In this mode the normal + system configuration (i.e. the contents of /etc/) is in effect (and may be modified during + system runtime), however the system state (i.e. the contents of /var/) is reset at boot and lost at shutdown. If this setting is set to overlay the root file system is set up as @@ -189,13 +189,13 @@ tmpfs, so that no modifications are made to disk, but the file system may be modified nonetheless with all changes being lost at reboot. - Note that in none of these modes the root directory, /etc, /var + Note that in none of these modes the root directory, /etc/, /var/ or any other resources stored in the root file system are physically removed. It's thus safe to boot a system that is normally operated in non-volatile mode temporarily into volatile mode, without losing data. Note that with the exception of overlay mode, enabling this setting will only work - correctly on operating systems that can boot up with only /usr mounted, and are able to - automatically populate /etc, and also /var in case of + correctly on operating systems that can boot up with only /usr/ mounted, and are able to + automatically populate /etc/, and also /var/ in case of systemd.volatile=yes. diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml index 6b7a0bc4b9..1ed36dace9 100644 --- a/man/systemd-journald.service.xml +++ b/man/systemd-journald.service.xml @@ -179,8 +179,8 @@ systemd-tmpfiles --create --prefix /var/log/journal Request that journal data from /run/ is flushed to /var/ in order to make it persistent (if this is enabled). This must be used - after /var/ is mounted, as otherwise log data from /run is - never flushed to /var regardless of the configuration. Use the + after /var/ is mounted, as otherwise log data from /run/ is + never flushed to /var/ regardless of the configuration. Use the journalctl --flush command to request flushing of the journal files, and wait for the operation to complete. See journalctl1 for @@ -292,7 +292,7 @@ systemd-tmpfiles --create --prefix /var/log/journal stopped uncleanly, or if the files are found to be corrupted, they are renamed using the .journal~ suffix, and systemd-journald starts writing - to a new file. /run is used when + to a new file. /run/ is used when /var/log/journal is not available, or when is set in the journald.conf5 diff --git a/man/systemd-machine-id-commit.service.xml b/man/systemd-machine-id-commit.service.xml index 781a9845fb..40c9f436cf 100644 --- a/man/systemd-machine-id-commit.service.xml +++ b/man/systemd-machine-id-commit.service.xml @@ -57,7 +57,7 @@ transient machine ID file on a memory file system, and mount it over /etc/machine-id, during the early boot phase. This service is then invoked in a later boot phase, as soon - as /etc has been remounted writable and the + as /etc/ has been remounted writable and the ID may thus be committed to disk to make it permanent. diff --git a/man/systemd-machine-id-setup.xml b/man/systemd-machine-id-setup.xml index 7caf35f8e8..0454c11c8c 100644 --- a/man/systemd-machine-id-setup.xml +++ b/man/systemd-machine-id-setup.xml @@ -98,12 +98,12 @@ tmpfs) to /etc/machine-id during the early phase of the boot process. This may happen because - /etc is initially read-only and was + /etc/ is initially read-only and was missing a valid machine ID file at that point. This command will execute no operation if /etc/machine-id is not mounted from a - memory file system, or if /etc is + memory file system, or if /etc/ is read-only. The command will write the current transient machine ID to disk and unmount the /etc/machine-id mount point in a diff --git a/man/systemd-modules-load.service.xml b/man/systemd-modules-load.service.xml index e960609c6c..b849b81939 100644 --- a/man/systemd-modules-load.service.xml +++ b/man/systemd-modules-load.service.xml @@ -30,8 +30,8 @@ Description systemd-modules-load.service is an early boot service that loads kernel - modules. It reads static configuration from files in /usr and - /etc, but also runtime configuration from /run and the kernel + modules. It reads static configuration from files in /usr/ and + /etc/, but also runtime configuration from /run/ and the kernel command line (see below). See diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 854559cb61..8152cf0f13 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -52,7 +52,7 @@ systemd-nspawn may be invoked on any directory tree containing an operating system tree, using the command line option. By using the option an OS tree is automatically searched for in a couple of locations, most importantly in - /var/lib/machines, the suggested directory to place OS container images installed on the + /var/lib/machines/, the suggested directory to place OS container images installed on the system. In contrast to systemd-nspawn limits access to various kernel interfaces in the container to read-only, - such as /sys, /proc/sys or /sys/fs/selinux. The + such as /sys/, /proc/sys/ or /sys/fs/selinux/. The host's network interfaces and the system clock may not be changed from within the container. Device nodes may not be created. The host system cannot be rebooted and kernel modules may not be loaded from within the container. @@ -100,7 +100,7 @@ template unit file, making it usually unnecessary to alter this template file directly. Note that systemd-nspawn will mount file systems private to the container to - /dev, /run and similar. These will not be visible outside of the + /dev/, /run/ and similar. These will not be visible outside of the container, and their contents will be lost when the container exits. Note that running two systemd-nspawn containers from the same directory tree will not make @@ -358,7 +358,7 @@ exists in the container image operated on, and even if is used the hypothetical file /etc/foobar is potentially writable if if used to mount it from outside the read-only container - /etc directory. + /etc/ directory. The option is closely related to this setting, and provides similar behaviour by making a temporary, ephemeral copy of the whole OS image and executing that. For further details, @@ -1269,7 +1269,7 @@ and mount options. The source path may optionally be prefixed with a + character. If so, the source path is taken relative to the image's root directory. This permits setting up bind mounts within the container image. The source path may be specified as empty string, in which case a temporary directory below - the host's /var/tmp directory is used. It is automatically removed when the container is + the host's /var/tmp/ directory is used. It is automatically removed when the container is shut down. Mount options are comma-separated and currently, only and are allowed, controlling whether to create a recursive or a regular bind mount. Defaults to "rbind". Backslash escapes are interpreted, so \: may be used to embed @@ -1340,13 +1340,13 @@ point for the overlay file system in the container. At least two paths have to be specified. - The source paths may optionally be prefixed with + character. If so they are taken - relative to the image's root directory. The uppermost source path may also be specified as empty string, in - which case a temporary directory below the host's /var/tmp is used. The directory is - removed automatically when the container is shut down. This behaviour is useful in order to make read-only - container directories writable while the container is running. For example, use the - --overlay=+/var::/var option in order to automatically overlay a writable temporary - directory on a read-only /var directory. + The source paths may optionally be prefixed with + character. If so they are + taken relative to the image's root directory. The uppermost source path may also be specified as an + empty string, in which case a temporary directory below the host's /var/tmp/ is + used. The directory is removed automatically when the container is shut down. This behaviour is + useful in order to make read-only container directories writable while the container is running. For + example, use --overlay=+/var::/var in order to automatically overlay a writable + temporary directory on a read-only /var/ directory. For details about overlay file systems, see overlayfs.txt. Note diff --git a/man/systemd-remount-fs.service.xml b/man/systemd-remount-fs.service.xml index a744df751b..4f89156264 100644 --- a/man/systemd-remount-fs.service.xml +++ b/man/systemd-remount-fs.service.xml @@ -34,13 +34,13 @@ project='man-pages'>fstab5, or gathered from the partition table (when systemd-gpt-auto-generator8 - is active) to the root file system, the /usr file system, and the kernel API file + is active) to the root file system, the /usr/ file system, and the kernel API file systems. This is required so that the mount options of these file systems — which are pre-mounted by the kernel, the initial RAM disk, container environments or system manager code — are updated to those configured in /etc/fstab and the other sources. This service ignores normal file - systems and only changes the root file system (i.e. /), /usr, - and the virtual kernel API file systems such as /proc, /sys or - /dev. This service executes no operation if no configuration is found + systems and only changes the root file system (i.e. /), /usr/, + and the virtual kernel API file systems such as /proc/, /sys/ or + /dev/. This service executes no operation if no configuration is found (/etc/fstab does not exist or lists no entries for the mentioned file systems, or the partition table does not contain relevant entries). diff --git a/man/systemd-sysctl.service.xml b/man/systemd-sysctl.service.xml index 7b04f4b70b..fa1cbef586 100644 --- a/man/systemd-sysctl.service.xml +++ b/man/systemd-sysctl.service.xml @@ -51,7 +51,7 @@ See sysctl.d5 for information about the configuration of sysctl settings. After sysctl configuration is - changed on disk, it must be written to the files in /proc/sys before it + changed on disk, it must be written to the files in /proc/sys/ before it takes effect. It is possible to update specific settings, or simply to reload all configuration, see Examples below. diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index ec7d12b9ca..b6011c344a 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -78,8 +78,8 @@ and administrator-controlled files under /usr/share/user-tmpfiles.d/. Users may use this to create and clean up files under their control, but the system instance performs global cleanup and is not influenced by user configuration. Note that this means a time-based cleanup configured in the - system instance, such as the one typically configured for /tmp, will thus also - affect files created by the user instance if they are placed in /tmp, even if the + system instance, such as the one typically configured for /tmp/, will thus also + affect files created by the user instance if they are placed in /tmp/, even if the user instance's time-based cleanup is turned off. diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml index 91196dff30..f26da5102a 100644 --- a/man/systemd-update-done.service.xml +++ b/man/systemd-update-done.service.xml @@ -18,7 +18,7 @@ systemd-update-done.service systemd-update-done - Mark /etc and /var fully updated + Mark /etc/ and /var/ fully updated @@ -31,30 +31,30 @@ systemd-update-done.service is a service that is invoked as part of the first boot after the vendor - operating system resources in /usr have been + operating system resources in /usr/ have been updated. This is useful to implement offline updates of - /usr which might require updates to - /etc or /var on the + /usr/ which might require updates to + /etc/ or /var/ on the following boot. systemd-update-done.service updates the file modification time (mtime) of the stamp files /etc/.updated and /var/.updated to the modification time of the - /usr directory, unless the stamp files are + /usr/ directory, unless the stamp files are already newer. Services that shall run after offline upgrades of - /usr should order themselves before + /usr/ should order themselves before systemd-update-done.service, and use the ConditionNeedsUpdate= (see systemd.unit5) - condition to make sure to run when /etc or - /var are older than /usr + condition to make sure to run when /etc/ or + /var/ are older than /usr/ according to the modification times of the files described above. - This requires that updates to /usr are always + This requires that updates to /usr/ are always followed by an update of the modification time of - /usr, for example by invoking + /usr/, for example by invoking touch1 on it. diff --git a/man/systemd-volatile-root.service.xml b/man/systemd-volatile-root.service.xml index 440e9eac7a..0b1f39e34d 100644 --- a/man/systemd-volatile-root.service.xml +++ b/man/systemd-volatile-root.service.xml @@ -31,8 +31,8 @@ systemd-volatile-root.service is a service that replaces the root directory with a volatile memory file system (tmpfs), mounting the original (non-volatile) - /usr inside it read-only. This way, vendor data from /usr is available as - usual, but all configuration data in /etc, all state data in /var and all + /usr/ inside it read-only. This way, vendor data from /usr/ is available as + usual, but all configuration data in /etc/, all state data in /var/ and all other resources stored directly under the root directory are reset on boot and lost at shutdown, enabling fully stateless systems. diff --git a/man/systemd.device.xml b/man/systemd.device.xml index 085fd62bce..49b59ebf13 100644 --- a/man/systemd.device.xml +++ b/man/systemd.device.xml @@ -49,8 +49,8 @@ udev7 for details. - Device units are named after the /sys - and /dev paths they control. Example: the + Device units are named after the /sys/ + and /dev/ paths they control. Example: the device /dev/sda5 is exposed in systemd as dev-sda5.device. For details about the escaping logic used to convert a file system path to a unit diff --git a/man/systemd.dnssd.xml b/man/systemd.dnssd.xml index d7e6caddf1..c4f7ef6e6b 100644 --- a/man/systemd.dnssd.xml +++ b/man/systemd.dnssd.xml @@ -42,9 +42,9 @@ /run/systemd/dnssd and the local administration network directory /etc/systemd/dnssd. All configuration files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with identical filenames - replace each other. Files in /etc have the highest priority, files in - /run take precedence over files with the same name in - /usr/lib. This can be used to override a system-supplied configuration file with a + replace each other. Files in /etc/ have the highest priority, files in + /run/ take precedence over files with the same name in + /usr/lib/. This can be used to override a system-supplied configuration file with a local file if needed. Along with the network service file foo.dnssd, a "drop-in" directory @@ -55,8 +55,8 @@ In addition to /etc/systemd/dnssd, drop-in .d directories can be placed in /usr/lib/systemd/dnssd or /run/systemd/dnssd - directories. Drop-in files in /etc take precedence over those in - /run which in turn take precedence over those in /usr/lib or + directories. Drop-in files in /etc/ take precedence over those in + /run/ which in turn take precedence over those in /usr/lib/ or /usr/local/lib. Drop-in files under any of these directories take precedence over the main network service file wherever located. diff --git a/man/systemd.environment-generator.xml b/man/systemd.environment-generator.xml index a806f7bcf3..4ffe89065d 100644 --- a/man/systemd.environment-generator.xml +++ b/man/systemd.environment-generator.xml @@ -65,7 +65,7 @@ to /dev/null or an empty file can be used to mask a generator, thereby preventing it from running. Please note that the order of the two directories with the highest priority is reversed with respect to the unit load path, and generators in - /run overwrite those in /etc. + /run/ overwrite those in /etc/. After installing new generators or updating the configuration, systemctl daemon-reload may be executed. This will re-run all generators, updating environment diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 175658c76c..9da919c379 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -61,10 +61,12 @@ paths. This is equivalent to having them listed explicitly in RequiresMountsFor=. - Similar, units with PrivateTmp= enabled automatically get mount unit - dependencies for all mounts required to access /tmp and /var/tmp. They - will also gain an automatic After= dependency on - systemd-tmpfiles-setup.service8. + Similarly, units with PrivateTmp= enabled automatically get mount + unit dependencies for all mounts required to access /tmp/ and + /var/tmp/. They will also gain an automatic After= dependency + on + systemd-tmpfiles-setup.service8. + Units whose standard output or error output is connected to or (or their combinations with console output, see below) automatically acquire @@ -273,11 +275,11 @@ MountAPIVFS= Takes a boolean argument. If on, a private mount namespace for the unit's processes is created - and the API file systems /proc, /sys, and /dev + and the API file systems /proc/, /sys/, and /dev/ are mounted inside of it, unless they are already mounted. Note that this option has no effect unless used in conjunction with RootDirectory=/RootImage= as these three mounts are generally mounted in the host anyway, and unless the root directory is changed, the private mount namespace - will be a 1:1 copy of the host's, and include these three mounts. Note that the /dev file + will be a 1:1 copy of the host's, and include these three mounts. Note that the /dev/ file system of the host is bind mounted if this option is used without PrivateDevices=. To run the service with a private, minimal version of /dev/, combine this option with PrivateDevices=. @@ -1121,12 +1123,12 @@ CapabilityBoundingSet=~CAP_B CAP_C ProtectSystem= Takes a boolean argument or the special values full or - strict. If true, mounts the /usr and the boot loader + strict. If true, mounts the /usr/ and the boot loader directories (/boot and /efi) read-only for processes - invoked by this unit. If set to full, the /etc directory is + invoked by this unit. If set to full, the /etc/ directory is mounted read-only, too. If set to strict the entire file system hierarchy is - mounted read-only, except for the API file system subtrees /dev, - /proc and /sys (protect these directories using + mounted read-only, except for the API file system subtrees /dev/, + /proc/ and /sys/ (protect these directories using PrivateDevices=, ProtectKernelTunables=, ProtectControlGroups=). This setting ensures that any modification of the vendor-supplied operating system (and optionally its configuration, and local mounts) is prohibited for the service. It is @@ -1142,7 +1144,7 @@ CapabilityBoundingSet=~CAP_B CAP_C ProtectHome= Takes a boolean argument or the special values read-only or - tmpfs. If true, the directories /home, + tmpfs. If true, the directories /home/, /root, and /run/user are made inaccessible and empty for processes invoked by this unit. If set to read-only, the three directories are made read-only instead. If set to tmpfs, temporary file systems are mounted on the @@ -1259,13 +1261,13 @@ CapabilityBoundingSet=~CAP_B CAP_C Use RuntimeDirectory= to manage one or more runtime directories for the unit and bind their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create - runtime directories in /run due to lack of privileges, and to make sure the runtime + runtime directories in /run/ due to lack of privileges, and to make sure the runtime directory is cleaned up automatically after use. For runtime directories that require more complex or different configuration or lifetime guarantees, please consider using tmpfiles.d5. The directories defined by these options are always created under the standard paths used by systemd - (/var, /run, /etc, …). If the service needs + (/var/, /run/, /etc/, …). If the service needs directories in a different location, a different mechanism has to be used to create them. tmpfiles.d5 provides @@ -1319,7 +1321,7 @@ StateDirectory=aaa/bbb ccc and manually restarted. Here, the automatic restart means the operation specified in Restart=, and manual restart means the one triggered by systemctl restart foo.service. If set to , then the directories are not removed when the service is - stopped. Note that since the runtime directory /run is a mount point of + stopped. Note that since the runtime directory /run/ is a mount point of tmpfs, then for system services the directories specified in RuntimeDirectory= are removed when the system is rebooted. @@ -1409,7 +1411,7 @@ StateDirectory=aaa/bbb ccc Example: if a unit has the following, TemporaryFileSystem=/var:ro BindReadOnlyPaths=/var/lib/systemd - then the invoked processes by the unit cannot see any files or directories under /var except for + then the invoked processes by the unit cannot see any files or directories under /var/ except for /var/lib/systemd or its contents. @@ -1418,20 +1420,22 @@ BindReadOnlyPaths=/var/lib/systemd PrivateTmp= - Takes a boolean argument. If true, sets up a new file system namespace for the executed - processes and mounts private /tmp/ and /var/tmp/ directories inside it - that are not shared by processes outside of the namespace. This is useful to secure access to temporary files of - the process, but makes sharing between processes via /tmp or /var/tmp - impossible. If this is enabled, all temporary files created by a service in these directories will be removed - after the service is stopped. Defaults to false. It is possible to run two or more units within the same - private /tmp and /var/tmp namespace by using the + Takes a boolean argument. If true, sets up a new file system namespace for the + executed processes and mounts private /tmp/ and /var/tmp/ + directories inside it that are not shared by processes outside of the namespace. This is useful to + secure access to temporary files of the process, but makes sharing between processes via + /tmp/ or /var/tmp/ impossible. If this is enabled, all + temporary files created by a service in these directories will be removed after the service is + stopped. Defaults to false. It is possible to run two or more units within the same private + /tmp/ and /var/tmp/ namespace by using the JoinsNamespaceOf= directive, see systemd.unit5 for details. This setting is implied if DynamicUser= is set. For this setting the same - restrictions regarding mount propagation and privileges apply as for ReadOnlyPaths= and - related calls, see above. Enabling this setting has the side effect of adding Requires= and - After= dependencies on all mount units necessary to access /tmp and - /var/tmp. Moreover an implicitly After= ordering on + restrictions regarding mount propagation and privileges apply as for + ReadOnlyPaths= and related calls, see above. Enabling this setting has the side + effect of adding Requires= and After= dependencies on all mount + units necessary to access /tmp/ and /var/tmp/. Moreover an + implicitly After= ordering on systemd-tmpfiles-setup.service8 is added. @@ -1445,7 +1449,7 @@ BindReadOnlyPaths=/var/lib/systemd PrivateDevices= - Takes a boolean argument. If true, sets up a new /dev mount for the + Takes a boolean argument. If true, sets up a new /dev/ mount for the executed processes and only adds API pseudo devices such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it, but no physical devices such as /dev/sda, system memory /dev/mem, @@ -1458,7 +1462,7 @@ BindReadOnlyPaths=/var/lib/systemd for details). Note that using this setting will disconnect propagation of mounts from the service to the host (propagation in the opposite direction continues to work). This means that this setting may not be used for services which shall be able to install mount points in the main mount namespace. The new - /dev will be mounted read-only and 'noexec'. The latter may break old programs which try + /dev/ will be mounted read-only and 'noexec'. The latter may break old programs which try to set up executable memory by using mmap2 of /dev/zero instead of using MAP_ANON. For this setting the same @@ -1591,7 +1595,7 @@ BindReadOnlyPaths=/var/lib/systemd ProtectKernelTunables= Takes a boolean argument. If true, kernel variables accessible through - /proc/sys, /sys, /proc/sysrq-trigger, + /proc/sys/, /sys/, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at @@ -1652,7 +1656,7 @@ BindReadOnlyPaths=/var/lib/systemd Takes a boolean argument. If true, the Linux Control Groups (cgroups7) hierarchies - accessible through /sys/fs/cgroup will be made read-only to all processes of the + accessible through /sys/fs/cgroup/ will be made read-only to all processes of the unit. Except for container managers no services should require write access to the control groups hierarchies; it is hence recommended to turn this on for most services. For this setting the same restrictions regarding mount propagation and privileges apply as for ReadOnlyPaths= and related calls, see diff --git a/man/systemd.generator.xml b/man/systemd.generator.xml index babbe14e04..b8d0cd578a 100644 --- a/man/systemd.generator.xml +++ b/man/systemd.generator.xml @@ -66,10 +66,10 @@ Directory paths for generator output differ by priority: …/generator.early has priority higher than the admin - configuration in /etc, while + configuration in /etc/, while …/generator has lower priority than - /etc but higher than vendor configuration in - /usr, and …/generator.late has priority + /etc/ but higher than vendor configuration in + /usr/, and …/generator.late has priority lower than all other configuration. See the next section and the discussion of unit load paths and unit overriding in systemd.unit5. @@ -86,8 +86,8 @@ mask a generator, thereby preventing it from running. Please note that the order of the two directories with the highest priority is reversed with respect to the unit load path, and generators in - /run overwrite those in - /etc. + /run/ overwrite those in + /etc/. After installing new generators or updating the configuration, systemctl daemon-reload may be @@ -125,8 +125,8 @@ in case of the system generators and $XDG_RUNTIME_DIR/generator.early in case of the user generators. Unit files placed in this directory override unit files in - /usr, /run and - /etc. This means that unit files placed in this + /usr/, /run/ and + /etc/. This means that unit files placed in this directory take precedence over all normal configuration, both vendor and user/administrator. @@ -161,11 +161,11 @@ syslog3, or systemd itself (this means: no systemctl1)! - Non-essential file systems like /var and - /home are mounted after generators have run. Generators + Non-essential file systems like /var/ and + /home/ are mounted after generators have run. Generators can however rely on the most basic kernel functionality to be available, - including a mounted /sys, /proc, - /dev, /usr. + including a mounted /sys/, /proc/, + /dev/, /usr/. @@ -208,7 +208,7 @@ Generators may write out dynamic unit files or just hook unit files into other units with the usual .wants/ or .requires/ symlinks. Often, it is nicer to simply - instantiate a template unit file from /usr with a + instantiate a template unit file from /usr/ with a generator instead of writing out entirely dynamic unit files. Of course, this works only if a single parameter is to be used. @@ -226,8 +226,8 @@ User configuration should override vendor configuration. This - (mostly) means that stuff from /etc should override - stuff from /usr. + (mostly) means that stuff from /etc/ should override + stuff from /usr/. @@ -262,7 +262,7 @@ argv[1] as location to place the generated unit files in order to allow the user to override /etc/fstab with their own native unit files, but also to ensure that /etc/fstab overrides any - vendor default from /usr. + vendor default from /usr/. After editing /etc/fstab, the user should invoke systemctl daemon-reload. This will re-run all generators and diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index a343e5697b..73e3039d6e 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -414,21 +414,21 @@ _UDEV_SYSNAME= The kernel device name as it shows up in the device - tree below /sys. + tree below /sys/. _UDEV_DEVNODE= The device node path of this device in - /dev. + /dev/. _UDEV_DEVLINK= Additional symlink names pointing to the device node - in /dev. This field is frequently set + in /dev/. This field is frequently set more than once per entry. diff --git a/man/systemd.link.xml b/man/systemd.link.xml index af69c48383..9a9ff6bd3b 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -42,9 +42,9 @@ ignored. All link files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with identical filenames replace each other. Files - in /etc have the highest priority, files in - /run take precedence over files with the same - name in /usr/lib. This can be used to + in /etc/ have the highest priority, files in + /run/ take precedence over files with the same + name in /usr/lib/. This can be used to override a system-supplied link file with a local file if needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to /dev/null disables the diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index 9e1f5d40fd..e9e2f68408 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -430,13 +430,13 @@ If a mount point is configured in both /etc/fstab and a unit file that is stored - below /usr, the former will take precedence. - If the unit file is stored below /etc, it + below /usr/, the former will take precedence. + If the unit file is stored below /etc/, it will take precedence. This means: native unit files take precedence over traditional configuration files, but this is superseded by the rule that configuration in - /etc will always take precedence over - configuration in /usr. + /etc/ will always take precedence over + configuration in /usr/. diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 2bb99a1885..a95beb6f9f 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -43,9 +43,9 @@ directory /run/systemd/network and the local administration network directory /etc/systemd/network. All configuration files are collectively sorted and processed in lexical order, regardless of the directories in which they live. - However, files with identical filenames replace each other. Files in /etc - have the highest priority, files in /run take precedence over files with - the same name in /usr/lib. This can be used to override a system-supplied + However, files with identical filenames replace each other. Files in /etc/ + have the highest priority, files in /run/ take precedence over files with + the same name in /usr/lib/. This can be used to override a system-supplied configuration file with a local file if needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to /dev/null disables the configuration file entirely (it is "masked"). @@ -59,10 +59,10 @@ In addition to /etc/systemd/network, drop-in .d directories can be placed in /usr/lib/systemd/network or /run/systemd/network directories. Drop-in files in - /etc take precedence over those in /run which in turn - take precedence over those in /usr/lib. Drop-in files under any of these + /etc/ take precedence over those in /run/ which in turn + take precedence over those in /usr/lib/. Drop-in files under any of these directories take precedence over the main netdev file wherever located. (Of course, since - /run is temporary and /usr/lib is for vendors, it is + /run/ is temporary and /usr/lib/ is for vendors, it is unlikely drop-ins should be used in either of those places.) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 1527208e45..b8610b3786 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -43,9 +43,9 @@ /run/systemd/network and the local administration network directory /etc/systemd/network. All configuration files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with identical - filenames replace each other. Files in /etc have the highest priority, files in - /run take precedence over files with the same name under - /usr. This can be used to override a system-supplied configuration file with a local + filenames replace each other. Files in /etc/ have the highest priority, files in + /run/ take precedence over files with the same name under + /usr/. This can be used to override a system-supplied configuration file with a local file if needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to /dev/null disables the configuration file entirely (it is "masked"). @@ -58,8 +58,8 @@ In addition to /etc/systemd/network, drop-in .d directories can be placed in /usr/lib/systemd/network or /run/systemd/network directories. Drop-in files in - /etc take precedence over those in /run which in turn - take precedence over those in /usr/lib. Drop-in files under any of these + /etc/ take precedence over those in /run/ which in turn + take precedence over those in /usr/lib/. Drop-in files under any of these directories take precedence over the main network file wherever located. Note that an interface without any static IPv6 addresses configured, and neither DHCPv6 diff --git a/man/systemd.offline-updates.xml b/man/systemd.offline-updates.xml index 49d98d496a..242448aa04 100644 --- a/man/systemd.offline-updates.xml +++ b/man/systemd.offline-updates.xml @@ -44,7 +44,7 @@ created that points to /var/lib/system-update (or wherever the directory with the upgrade files is located) and the system is rebooted. This symlink is in the root directory, since we need to check for it very early at boot, at a - time where /var is not available yet. + time where /var/ is not available yet. diff --git a/man/systemd.service.xml b/man/systemd.service.xml index d8690f08db..a020214ac6 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -1035,7 +1035,7 @@ FDSTORE=1 messages. This is useful for implementing services that can restart after an explicit request or a crash without losing state. Any open sockets and other file descriptors which should not be closed during the restart may be stored this way. Application state - can either be serialized to a file in /run, or better, stored in a + can either be serialized to a file in /run/, or better, stored in a memfd_create2 memory file descriptor. Defaults to 0, i.e. no file descriptors may be stored in the service manager. All file descriptors passed to the service manager from a specific service are passed back diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 74e0007c88..079cdf0052 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -267,8 +267,8 @@ argument. Behavior otherwise is very similar to the ListenFIFO= directive above. Use this to open character device nodes as well as special files in - /proc and - /sys. + /proc/ and + /sys/. diff --git a/man/systemd.special.xml b/man/systemd.special.xml index d99a2183a2..e43d765c9f 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -132,8 +132,8 @@ DefaultDependencies=no). Usually, this should pull-in all local mount points plus - /var, /tmp and - /var/tmp, swap devices, sockets, timers, + /var/, /tmp/ and + /var/tmp/, swap devices, sockets, timers, path units and other basic initialization necessary for general purpose daemons. The mentioned mount points are special cased to allow them to be remote. diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index a845bc23b2..f23c903d06 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -213,9 +213,9 @@ In addition to /etc/systemd/system, the drop-in .d/ directories for system services can be placed in /usr/lib/systemd/system or - /run/systemd/system directories. Drop-in files in /etc - take precedence over those in /run which in turn take precedence over those - in /usr/lib. Drop-in files under any of these directories take precedence + /run/systemd/system directories. Drop-in files in /etc/ + take precedence over those in /run/ which in turn take precedence over those + in /usr/lib/. Drop-in files under any of these directories take precedence over unit files wherever located. Multiple drop-in files with different names are applied in lexicographic order, regardless of which of the directories they reside in. @@ -803,9 +803,9 @@ PrivateTmp= directives (see systemd.exec5 for details). If a unit that has this setting set is started, its processes will see the same - /tmp, /var/tmp and network namespace as one listed unit + /tmp/, /var/tmp/ and network namespace as one listed unit that is started. If multiple listed units are already started, it is not defined which namespace is - joined. Note that this setting only has an effect if + joined. Note that this setting only has an effect if PrivateNetwork=/NetworkNamespacePath= and/or PrivateTmp= is enabled for both the unit that joins the namespace and the unit whose namespace is joined. @@ -1287,13 +1287,13 @@ ConditionNeedsUpdate= - Takes one of /var or /etc as argument, + Takes one of /var/ or /etc/ as argument, possibly prefixed with a ! (to invert the condition). This condition may be used to conditionalize units on whether the specified directory requires an update because - /usr's modification time is newer than the stamp file + /usr/'s modification time is newer than the stamp file .updated in the specified directory. This is useful to implement offline - updates of the vendor operating system resources in /usr that require updating - of /etc or /var on the next following boot. Units making + updates of the vendor operating system resources in /usr/ that require updating + of /etc/ or /var/ on the next following boot. Units making use of this condition should order themselves before systemd-update-done.service8, to make sure they run before the stamp file's modification time gets reset indicating a completed @@ -1312,9 +1312,9 @@ ConditionFirstBoot= Takes a boolean argument. This condition may be used to conditionalize units on - whether the system is booting up with an unpopulated /etc directory - (specifically: an /etc with no /etc/machine-id). This may - be used to populate /etc on the first boot after factory reset, or when a new + whether the system is booting up with an unpopulated /etc/ directory + (specifically: an /etc/ with no /etc/machine-id). This may + be used to populate /etc/ on the first boot after factory reset, or when a new system instance boots up for the first time. If the systemd.condition-first-boot= option is specified on the kernel @@ -1771,7 +1771,7 @@ %E Configuration directory root - This is either /etc (for the system manager) or the path $XDG_CONFIG_HOME resolves to (for user managers). + This is either /etc/ (for the system manager) or the path $XDG_CONFIG_HOME resolves to (for user managers). %f @@ -1857,13 +1857,9 @@ Note that this setting is not influenced by the Us %t Runtime directory root - This is either /run (for the system manager) or the path $XDG_RUNTIME_DIR resolves to (for user managers). - - - %T - Directory for temporary files - This is either /tmp or the path $TMPDIR, $TEMP or $TMP are set to. + This is either /run/ (for the system manager) or the path $XDG_RUNTIME_DIR resolves to (for user managers). + %g User group @@ -1889,11 +1885,7 @@ Note that this setting is not influenced by the Us Note that this setting is not influenced by the User= setting configurable in the [Service] section of the service unit. - - %V - Directory for larger and persistent temporary files - This is either /var/tmp or the path $TMPDIR, $TEMP or $TMP are set to. - + diff --git a/man/systemd.xml b/man/systemd.xml index 1747203779..27e7bf53f6 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -264,7 +264,7 @@ that need to be executed as part of the boot process. For example, it sets the hostname or configures the loopback network device. It also sets up and mounts various API file systems, such as - /sys or /proc. + /sys/ or /proc/. For more information about the concepts and ideas behind systemd, please refer to the diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml index 2d5023dc91..52b2d89474 100644 --- a/man/sysusers.d.xml +++ b/man/sysusers.d.xml @@ -260,17 +260,9 @@ r - 500-900 - - %T - Directory for temporary files - This is either /tmp or the path $TMPDIR, $TEMP or $TMP are set to. - + - - %V - Directory for larger and persistent temporary files - This is either /var/tmp or the path $TMPDIR, $TEMP or $TMP are set to. - + diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 9947ff97ab..5b81bb5888 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -83,10 +83,10 @@ A+ /path-or-glob/to/append/acls/recursively - - - - POSIX creation of regular files, directories, pipes, and device nodes, adjustments to their access mode, ownership, attributes, quota assignments, and contents, and finally their time-based removal. It is mostly commonly used for volatile and - temporary files and directories (such as those located under /run, - /tmp, /var/tmp, the API file systems such as - /sys or /proc, as well as some other directories below - /var). + temporary files and directories (such as those located under /run/, + /tmp/, /var/tmp/, the API file systems such as + /sys/ or /proc/, as well as some other directories below + /var/). systemd-tmpfiles uses this configuration to create volatile files and directories during boot and to do periodic cleanup afterwards. See @@ -94,7 +94,7 @@ A+ /path-or-glob/to/append/acls/recursively - - - - POSIX the description of systemd-tmpfiles-setup.service, systemd-tmpfiles-clean.service, and associated units. - System daemons frequently require private runtime directories below /run to + System daemons frequently require private runtime directories below /run/ to store communication sockets and similar. For these, it is better to use RuntimeDirectory= in their unit files (see systemd.exec5 for @@ -258,11 +258,11 @@ L /tmp/foobar - - - - /dev/null It is recommended to use Q for subvolumes that typically contain further subvolumes, and where it is desirable to have accounting and quota limits on all child subvolumes together. Examples for - Q are typically /home or /var/lib/machines. In + Q are typically /home/ or /var/lib/machines/. In contrast, q should be used for subvolumes that either usually do not include further subvolumes or where no accounting and quota limits are needed that apply to all child subvolumes - together. Examples for q are typically /var or - /var/tmp. + together. Examples for q are typically /var/ or + /var/tmp/. As with q, Q has no effect on the quota group hierarchy if the subvolume already exists, regardless of whether the subvolume already belong to a quota group or not. @@ -661,13 +661,9 @@ w- /proc/sys/vm/swappiness - - - - 10 %t System or user runtime directory - In mode, this is the same $XDG_RUNTIME_DIR, and /run otherwise. - - - %T - Directory for temporary files - This is either /tmp or the path $TMPDIR, $TEMP or $TMP are set to. + In mode, this is the same $XDG_RUNTIME_DIR, and /run/ otherwise. + %g User group @@ -689,11 +685,7 @@ w- /proc/sys/vm/swappiness - - - - 10 This is the numeric UID of the user running the command. In case of the system instance this resolves to 0. - - %V - Directory for larger and persistent temporary files - This is either /var/tmp or the path $TMPDIR, $TEMP or $TMP are set to. - + diff --git a/man/udev.xml b/man/udev.xml index 350ebcf5a2..a41a39a43f 100644 --- a/man/udev.xml +++ b/man/udev.xml @@ -25,7 +25,7 @@ Description udev supplies the system software with device events, manages permissions - of device nodes and may create additional symlinks in the /dev + of device nodes and may create additional symlinks in the /dev/ directory, or renames network interfaces. The kernel usually just assigns unpredictable device names based on the order of discovery. Meaningful symlinks or network device names provide a way to reliably identify devices based on their properties or @@ -50,11 +50,11 @@ volatile runtime directory /run/udev/rules.d and the local administration directory /etc/udev/rules.d. All rules files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with - identical filenames replace each other. Files in /etc have the highest priority, - files in /run take precedence over files with the same name under - /usr. This can be used to override a system-supplied rules file with a local - file if needed; a symlink in /etc with the same name as a rules file in - /usr/lib, pointing to /dev/null, disables the rules file + identical filenames replace each other. Files in /etc/ have the highest priority, + files in /run/ take precedence over files with the same name under + /usr/. This can be used to override a system-supplied rules file with a local + file if needed; a symlink in /etc/ with the same name as a rules file in + /usr/lib/, pointing to /dev/null, disables the rules file entirely. Rule files must have the extension .rules; other extensions are ignored. diff --git a/man/udev_device_new_from_syspath.xml b/man/udev_device_new_from_syspath.xml index 118adfa2c7..763041d223 100644 --- a/man/udev_device_new_from_syspath.xml +++ b/man/udev_device_new_from_syspath.xml @@ -100,8 +100,8 @@ udev_device_new_from_subsystem_sysname, and udev_device_new_from_device_id create the device object based on information found in - /sys, annotated with properties from the udev-internal - device database. A syspath is any subdirectory of /sys, + /sys/, annotated with properties from the udev-internal + device database. A syspath is any subdirectory of /sys/, with the restriction that a subdirectory of /sys/devices (or a symlink to one) represents a real device and as such must contain a uevent file. udev_device_new_from_devnum diff --git a/man/udevadm.xml b/man/udevadm.xml index c78faa5a06..d2f6083bae 100644 --- a/man/udevadm.xml +++ b/man/udevadm.xml @@ -102,8 +102,8 @@ - The /sys path of the device to query, e.g. - /sys/class/block/sda. This option is an alternative to + The /sys/ path of the device to query, e.g. + /sys//class/block/sda. This option is an alternative to the positional argument with a /sys/ prefix. udevadm info --path=/class/block/sda is equivalent to udevadm info /sys/class/block/sda. @@ -114,7 +114,7 @@ The name of the device node or a symlink to query, - e.g. /dev/sda. This option is an alternative to the + e.g. /dev//sda. This option is an alternative to the positional argument with a /dev/ prefix. udevadm info --name=sda is equivalent to udevadm info /dev/sda. @@ -297,7 +297,7 @@ Trigger events for devices for which the last component (i.e. the filename) of the - /sys path matches the specified PATH. This option + /sys/ path matches the specified PATH. This option supports shell style pattern matching. When this option is specified more than once, then each matching result is ORed, that is, all devices which have any of the specified NAME are triggered. @@ -343,7 +343,7 @@ In addition, optional positional arguments can be used to specify device names or sys paths. They must start with - /dev or /sys + /dev/ or /sys/ respectively.