{ "mode": "man", "parameter": "systemd-tmpfiles-clean.service", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/systemd-tmpfiles-clean.service/8/json", "generated": "2026-05-30T07:10:19Z", "synopsis": "systemd-tmpfiles [OPTIONS...] [CONFIGFILE...]\nSystem units:\nsystemd-tmpfiles-setup.service\nsystemd-tmpfiles-setup-dev.service\nsystemd-tmpfiles-clean.service\nsystemd-tmpfiles-clean.timer\nUser units:\nsystemd-tmpfiles-setup.service\nsystemd-tmpfiles-clean.service\nsystemd-tmpfiles-clean.timer", "sections": { "NAME": { "content": "systemd-tmpfiles, systemd-tmpfiles-setup.service, systemd-tmpfiles-setup-dev.service,\nsystemd-tmpfiles-clean.service, systemd-tmpfiles-clean.timer - Creates, deletes and cleans up\nvolatile and temporary files and directories\n", "subsections": [] }, "SYNOPSIS": { "content": "systemd-tmpfiles [OPTIONS...] [CONFIGFILE...]\n\nSystem units:\n\nsystemd-tmpfiles-setup.service\nsystemd-tmpfiles-setup-dev.service\nsystemd-tmpfiles-clean.service\nsystemd-tmpfiles-clean.timer\n\nUser units:\n\nsystemd-tmpfiles-setup.service\nsystemd-tmpfiles-clean.service\nsystemd-tmpfiles-clean.timer\n", "subsections": [] }, "DESCRIPTION": { "content": "systemd-tmpfiles creates, deletes, and cleans up volatile and temporary files and\ndirectories, using the configuration file format and location specified in tmpfiles.d(5). It\nmust be invoked with one or more options --create, --remove, and --clean, to select the\nrespective subset of operations.\n\nBy default, directives from all configuration files are applied. When invoked with\n--replace=PATH, arguments specified on the command line are used instead of the configuration\nfile PATH. Otherwise, if one or more absolute filenames are passed on the command line, only\nthe directives in these files are applied. If \"-\" is specified instead of a filename,\ndirectives are read from standard input. If only the basename of a configuration file is\nspecified, all configuration directories as specified in tmpfiles.d(5) are searched for a\nmatching file and the file found that has the highest priority is executed.\n\nSystem services (systemd-tmpfiles-setup.service, systemd-tmpfiles-setup-dev.service,\nsystemd-tmpfiles-clean.service) invoke systemd-tmpfiles to create system files and to perform\nsystem wide cleanup. Those services read administrator-controlled configuration files in\ntmpfiles.d/ directories. User services (systemd-tmpfiles-setup.service,\nsystemd-tmpfiles-clean.service) also invoke systemd-tmpfiles, but it reads a separate set of\nfiles, which includes user-controlled files under ~/.config/user-tmpfiles.d/ and\n~/.local/share/user-tmpfiles.d/, and administrator-controlled files under\n/usr/share/user-tmpfiles.d/. Users may use this to create and clean up files under their\ncontrol, but the system instance performs global cleanup and is not influenced by user\nconfiguration. Note that this means a time-based cleanup configured in the system instance,\nsuch as the one typically configured for /tmp/, will thus also affect files created by the\nuser instance if they are placed in /tmp/, even if the user instance's time-based cleanup is\nturned off.\n\nTo re-apply settings after configuration has been modified, simply restart\nsystemd-tmpfiles-clean.service, which will apply any settings which can be safely executed at\nruntime. To debug systemd-tmpfiles, it may be useful to invoke it directly from the command\nline with increased log level (see $SYSTEMDLOGLEVEL below).\n", "subsections": [] }, "OPTIONS": { "content": "The following options are understood:\n", "subsections": [ { "name": "--create", "content": "If this option is passed, all files and directories marked with f, F, w, d, D, v, p, L,\nc, b, m in the configuration files are created or written to. Files and directories\nmarked with z, Z, t, T, a, and A have their ownership, access mode and security labels\nset.\n", "long": "--create" }, { "name": "--clean", "content": "If this option is passed, all files and directories with an age parameter configured will\nbe cleaned up.\n", "long": "--clean" }, { "name": "--remove", "content": "If this option is passed, the contents of directories marked with D or R, and files or\ndirectories themselves marked with r or R are removed.\n", "long": "--remove" }, { "name": "--user", "content": "Execute \"user\" configuration, i.e. tmpfiles.d files in user configuration directories.\n", "long": "--user" }, { "name": "--boot", "content": "Also execute lines with an exclamation mark.\n\n--prefix=path\nOnly apply rules with paths that start with the specified prefix. This option can be\nspecified multiple times.\n\n--exclude-prefix=path\nIgnore rules with paths that start with the specified prefix. This option can be\nspecified multiple times.\n", "long": "--boot" }, { "name": "-E", "content": "A shortcut for \"--exclude-prefix=/dev --exclude-prefix=/proc --exclude-prefix=/run\n--exclude-prefix=/sys\", i.e. exclude the hierarchies typically backed by virtual or\nmemory file systems. This is useful in combination with --root=, if the specified\ndirectory tree contains an OS tree without these virtual/memory file systems mounted in,\nas it is typically not desirable to create any files and directories below these\nsubdirectories if they are supposed to be overmounted during runtime.\n\n--root=root\nTakes a directory path as an argument. All paths will be prefixed with the given\nalternate root path, including config search paths.\n\nWhen this option is used, the libc Name Service Switch (NSS) is bypassed for resolving\nusers and groups. Instead the files /etc/passwd and /etc/group inside the alternate root\nare read directly. This means that users/groups not listed in these files will not be\nresolved, i.e. LDAP NIS and other complex databases are not considered.\n\nConsider combining this with -E to ensure the invocation does not create files or\ndirectories below mount points in the OS image operated on that are typically overmounted\nduring runtime.\n\n--image=image\nTakes a path to a disk image file or block device node. If specified all operations are\napplied to file system in the indicated disk image. This is similar to --root= but\noperates on file systems stored in disk images or block devices. The disk image should\neither contain just a file system or a set of file systems within a GPT partition table,\nfollowing the Discoverable Partitions Specification[1]. For further information on\nsupported disk images, see systemd-nspawn(1)'s switch of the same name.\n\nImplies -E.\n\n--replace=PATH\nWhen this option is given, one ore more positional arguments must be specified. All\nconfiguration files found in the directories listed in tmpfiles.d(5) will be read, and\nthe configuration given on the command line will be handled instead of and with the same\npriority as the configuration file PATH.\n\nThis option is intended to be used when package installation scripts are running and\nfiles belonging to that package are not yet available on disk, so their contents must be\ngiven on the command line, but the admin configuration might already exist and should be\ngiven higher priority.\n", "flag": "-E" }, { "name": "--cat-config", "content": "Copy the contents of config files to standard output. Before each file, the filename is\nprinted as a comment.\n", "long": "--cat-config" }, { "name": "--no-pager", "content": "Do not pipe output into a pager.\n", "long": "--no-pager" }, { "name": "-h --help", "content": "Print a short help text and exit.\n", "flag": "-h", "long": "--help" }, { "name": "--version", "content": "Print a short version string and exit.\n\nIt is possible to combine --create, --clean, and --remove in one invocation (in which case\nremoval and cleanup are executed before creation of new files). For example, during boot the\nfollowing command line is executed to ensure that all temporary and volatile directories are\nremoved and created according to the configuration file:\n\nsystemd-tmpfiles --remove --create\n", "long": "--version" } ] }, "ENVIRONMENT": { "content": "$SYSTEMDLOGLEVEL\nThe maximum log level of emitted messages (messages with a higher log level, i.e. less\nimportant ones, will be suppressed). Either one of (in order of decreasing importance)\nemerg, alert, crit, err, warning, notice, info, debug, or an integer in the range 0...7.\nSee syslog(3) for more information.\n\n$SYSTEMDLOGCOLOR\nA boolean. If true, messages written to the tty will be colored according to priority.\n\nThis setting is only useful when messages are written directly to the terminal, because\njournalctl(1) and other tools that display logs will color messages based on the log\nlevel on their own.\n\n$SYSTEMDLOGTIME\nA boolean. If true, console log messages will be prefixed with a timestamp.\n\nThis setting is only useful when messages are written directly to the terminal or a file,\nbecause journalctl(1) and other tools that display logs will attach timestamps based on\nthe entry metadata on their own.\n\n$SYSTEMDLOGLOCATION\nA boolean. If true, messages will be prefixed with a filename and line number in the\nsource code where the message originates.\n\nNote that the log location is often attached as metadata to journal entries anyway.\nIncluding it directly in the message text can nevertheless be convenient when debugging\nprograms.\n\n$SYSTEMDLOGTARGET\nThe destination for log messages. One of console (log to the attached tty),\nconsole-prefixed (log to the attached tty but with prefixes encoding the log level and\n\"facility\", see syslog(3), kmsg (log to the kernel circular log buffer), journal (log to\nthe journal), journal-or-kmsg (log to the journal if available, and to kmsg otherwise),\nauto (determine the appropriate log target automatically, the default), null (disable log\noutput).\n\n$SYSTEMDPAGER\nPager to use when --no-pager is not given; overrides $PAGER. If neither $SYSTEMDPAGER\nnor $PAGER are set, a set of well-known pager implementations are tried in turn,\nincluding less(1) and more(1), until one is found. If no pager implementation is\ndiscovered no pager is invoked. Setting this environment variable to an empty string or\nthe value \"cat\" is equivalent to passing --no-pager.\n\n$SYSTEMDLESS\nOverride the options passed to less (by default \"FRSXMK\").\n\nUsers might want to change two options in particular:\n\nK\nThis option instructs the pager to exit immediately when Ctrl+C is pressed. To allow\nless to handle Ctrl+C itself to switch back to the pager command prompt, unset this\noption.\n\nIf the value of $SYSTEMDLESS does not include \"K\", and the pager that is invoked is\nless, Ctrl+C will be ignored by the executable, and needs to be handled by the pager.\n\nX\nThis option instructs the pager to not send termcap initialization and\ndeinitialization strings to the terminal. It is set by default to allow command\noutput to remain visible in the terminal even after the pager exits. Nevertheless,\nthis prevents some pager functionality from working, in particular paged output\ncannot be scrolled with the mouse.\n\nSee less(1) for more discussion.\n\n$SYSTEMDLESSCHARSET\nOverride the charset passed to less (by default \"utf-8\", if the invoking terminal is\ndetermined to be UTF-8 compatible).\n\n$SYSTEMDPAGERSECURE\nTakes a boolean argument. When true, the \"secure\" mode of the pager is enabled; if false,\ndisabled. If $SYSTEMDPAGERSECURE is not set at all, secure mode is enabled if the\neffective UID is not the same as the owner of the login session, see geteuid(2) and\nsdpidgetowneruid(3). In secure mode, LESSSECURE=1 will be set when invoking the\npager, and the pager shall disable commands that open or create new files or start new\nsubprocesses. When $SYSTEMDPAGERSECURE is not set at all, pagers which are not known to\nimplement secure mode will not be used. (Currently only less(1) implements secure mode.)\n\nNote: when commands are invoked with elevated privileges, for example under sudo(8) or\npkexec(1), care must be taken to ensure that unintended interactive features are not\nenabled. \"Secure\" mode for the pager may be enabled automatically as describe above.\nSetting SYSTEMDPAGERSECURE=0 or not removing it from the inherited environment allows\nthe user to invoke arbitrary commands. Note that if the $SYSTEMDPAGER or $PAGER\nvariables are to be honoured, $SYSTEMDPAGERSECURE must be set too. It might be\nreasonable to completely disable the pager using --no-pager instead.\n\n$SYSTEMDCOLORS\nTakes a boolean argument. When true, systemd and related utilities will use colors in\ntheir output, otherwise the output will be monochrome. Additionally, the variable can\ntake one of the following special values: \"16\", \"256\" to restrict the use of colors to\nthe base 16 or 256 ANSI colors, respectively. This can be specified to override the\nautomatic decision based on $TERM and what the console is connected to.\n\n$SYSTEMDURLIFY\nThe value must be a boolean. Controls whether clickable links should be generated in the\noutput for terminal emulators supporting this. This can be specified to override the\ndecision that systemd makes based on $TERM and other conditions.\n", "subsections": [] }, "UNPRIVILEGED --CLEANUP OPERATION": { "content": "systemd-tmpfiles tries to avoid changing the access and modification times on the directories\nit accesses, which requires CAPFOWNER privileges. When running as non-root, directories\nwhich are checked for files to clean up will have their access time bumped, which might\nprevent their cleanup.\n", "subsections": [] }, "EXIT STATUS": { "content": "On success, 0 is returned. If the configuration was syntactically invalid (syntax errors,\nmissing arguments, ...), so some lines had to be ignored, but no other errors occurred, 65 is\nreturned (EXDATAERR from /usr/include/sysexits.h). If the configuration was syntactically\nvalid, but could not be executed (lack of permissions, creation of files in missing\ndirectories, invalid contents when writing to /sys/ values, ...), 73 is returned\n(EXCANTCREAT from /usr/include/sysexits.h). Otherwise, 1 is returned (EXITFAILURE from\n/usr/include/stdlib.h).\n\nNote: when creating items, if the target already exists, but is of the wrong type or\notherwise does not match the requested state, and forced operation has not been requested\nwith \"+\", a message is emitted, but the failure is otherwise ignored.\n", "subsections": [] }, "SEE ALSO": { "content": "systemd(1), tmpfiles.d(5)\n", "subsections": [] }, "NOTES": { "content": "1. Discoverable Partitions Specification\nhttps://systemd.io/DISCOVERABLEPARTITIONS\n\n\n\nsystemd 249 SYSTEMD-TMPFILES(8)", "subsections": [] } }, "summary": "systemd-tmpfiles, systemd-tmpfiles-setup.service, systemd-tmpfiles-setup-dev.service, systemd-tmpfiles-clean.service, systemd-tmpfiles-clean.timer - Creates, deletes and cleans up volatile and temporary files and directories", "flags": [ { "flag": "", "long": "--create", "arg": null, "description": "If this option is passed, all files and directories marked with f, F, w, d, D, v, p, L, c, b, m in the configuration files are created or written to. Files and directories marked with z, Z, t, T, a, and A have their ownership, access mode and security labels set." }, { "flag": "", "long": "--clean", "arg": null, "description": "If this option is passed, all files and directories with an age parameter configured will be cleaned up." }, { "flag": "", "long": "--remove", "arg": null, "description": "If this option is passed, the contents of directories marked with D or R, and files or directories themselves marked with r or R are removed." }, { "flag": "", "long": "--user", "arg": null, "description": "Execute \"user\" configuration, i.e. tmpfiles.d files in user configuration directories." }, { "flag": "", "long": "--boot", "arg": null, "description": "Also execute lines with an exclamation mark. --prefix=path Only apply rules with paths that start with the specified prefix. This option can be specified multiple times. --exclude-prefix=path Ignore rules with paths that start with the specified prefix. This option can be specified multiple times." }, { "flag": "-E", "long": null, "arg": null, "description": "A shortcut for \"--exclude-prefix=/dev --exclude-prefix=/proc --exclude-prefix=/run --exclude-prefix=/sys\", i.e. exclude the hierarchies typically backed by virtual or memory file systems. This is useful in combination with --root=, if the specified directory tree contains an OS tree without these virtual/memory file systems mounted in, as it is typically not desirable to create any files and directories below these subdirectories if they are supposed to be overmounted during runtime. --root=root Takes a directory path as an argument. All paths will be prefixed with the given alternate root path, including config search paths. When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users and groups. Instead the files /etc/passwd and /etc/group inside the alternate root are read directly. This means that users/groups not listed in these files will not be resolved, i.e. LDAP NIS and other complex databases are not considered. Consider combining this with -E to ensure the invocation does not create files or directories below mount points in the OS image operated on that are typically overmounted during runtime. --image=image Takes a path to a disk image file or block device node. If specified all operations are applied to file system in the indicated disk image. This is similar to --root= but operates on file systems stored in disk images or block devices. The disk image should either contain just a file system or a set of file systems within a GPT partition table, following the Discoverable Partitions Specification[1]. For further information on supported disk images, see systemd-nspawn(1)'s switch of the same name. Implies -E. --replace=PATH When this option is given, one ore more positional arguments must be specified. All configuration files found in the directories listed in tmpfiles.d(5) will be read, and the configuration given on the command line will be handled instead of and with the same priority as the configuration file PATH. This option is intended to be used when package installation scripts are running and files belonging to that package are not yet available on disk, so their contents must be given on the command line, but the admin configuration might already exist and should be given higher priority." }, { "flag": "", "long": "--cat-config", "arg": null, "description": "Copy the contents of config files to standard output. Before each file, the filename is printed as a comment." }, { "flag": "", "long": "--no-pager", "arg": null, "description": "Do not pipe output into a pager." }, { "flag": "-h", "long": "--help", "arg": null, "description": "Print a short help text and exit." }, { "flag": "", "long": "--version", "arg": null, "description": "Print a short version string and exit. It is possible to combine --create, --clean, and --remove in one invocation (in which case removal and cleanup are executed before creation of new files). For example, during boot the following command line is executed to ensure that all temporary and volatile directories are removed and created according to the configuration file: systemd-tmpfiles --remove --create" } ], "examples": [], "see_also": [ { "name": "systemd", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/systemd/1/json" }, { "name": "tmpfiles.d", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/tmpfiles.d/5/json" } ] }