{ "content": [ { "type": "text", "text": "# tmpreaper(8) (man)\n\n**Summary:** tmpreaper - removes files which haven't been accessed for a period of time\n\n**Synopsis:** tmpreaper [-htvfmMsaT] [--help] [--test] [--verbose] [--force] [--delay=x] [--runtime=x]\n[--showdeleted] [--ctime] [--mtime] [--mtime-dir] [--symlinks] [--all] [[--protect\n'']...] ...\n\n## Flags\n\n| Flag | Long | Arg | Description |\n|------|------|-----|-------------|\n| -t | --test | — | Don't actually remove any files, but go through the motions, checking through the di‐ rectory, then pretend to remove th |\n| -v | --verbose | — | Print a verbose display. Two levels of verbosity are available---use this option twice to get the most verbose output. T |\n| — | --showdeleted | — | Show what files and directories are deleted. The output is in the form of shell com‐ mands, i.e. \"rm /dir/dir2/file\" and |\n| -f | --force | — | Remove files even if EUID doesn't have write access (akin to rm -f). Normally, files owned by the current EUID, with no |\n| — | --delay | x | Delay execution at the start for a random time, up to x seconds; if no value is speci‐ fied, the default maximum time to |\n| -T | --runtime | x | Execution of tmpreaper will aborted after x seconds; this is to prevent attacks that create many, many files. By default |\n| -m | --mtime | — | Base the decision of whether to remove the file on its mtime, rather than on its atime. |\n| -M | --mtime-dir | — | Base the decision of whether to remove the directory on its mtime, rather than on its atime. |\n| -c | --ctime | — | Base the decision of whether to remove the file on its ctime, in addition to its atime. Only applicable if the --mtime o |\n| -s | --symlinks | — | Remove symlinks too, not just regular files and directories. |\n| -a | --all | — | Remove all file types, not just regular files, symlinks, and directories. --protect '' Protect the files t |\n\n## See Also\n\n- chattr(1)\n- chdir(2)\n- chroot(8)\n- cron(1)\n- getoptlong(3)\n- ls(1)\n- lsattr(1)\n- rm(1)\n- stat(1)\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **SYNOPSIS** (5 lines)\n- **DESCRIPTION** (48 lines)\n- **OPTIONS** (1 lines) — 12 subsections\n - , -h, --help (4 lines)\n - -t, --test (4 lines)\n - -v, --verbose (8 lines)\n - --showdeleted (7 lines)\n - -f, --force (4 lines)\n - --delay=x (6 lines)\n - -T x, --runtime=x (6 lines)\n - -m, --mtime (4 lines)\n - -M, --mtime-dir (4 lines)\n - -c, --ctime (4 lines)\n - -s, --symlinks (3 lines)\n - -a, --all (21 lines)\n- **TIPS** (16 lines)\n- **WARNINGS** (5 lines)\n- **SEE ALSO** (13 lines)\n- **AUTHOR** (11 lines)\n\n## Full Content\n\n### NAME\n\ntmpreaper - removes files which haven't been accessed for a period of time\n\n### SYNOPSIS\n\ntmpreaper [-htvfmMsaT] [--help] [--test] [--verbose] [--force] [--delay=x] [--runtime=x]\n[--showdeleted] [--ctime] [--mtime] [--mtime-dir] [--symlinks] [--all] [[--protect\n'']...] ...\n\n### DESCRIPTION\n\ntmpreaper recursively searches for and removes files and empty directories which haven't been\naccessed for a given number of seconds. Normally, it's used to clean up directories which\nare used for temporary holding space, such as \"/tmp\". Please read the WARNINGS section of\nthis manual.\n\nWhen changing directories, tmpreaper is very sensitive to possible race condition security\nexploits[1], and will exit with an error if one is detected. It does not follow symbolic\nlinks in the directories it's cleaning (even if a symbolic link is given as its argument),\nnever performs chdir(\"..\"), will not switch file systems, and only removes empty directories\nand regular files. Unless your machine is one with lots of relatively untrusted users, such\nas an ISP or school, you don't need this program; `find ... -exec rm ...' works just as well\nwhen you don't have to be concerned about people trying to exploit the race condition on you.\n\ntmpreaper will stop itself after almost one minute with an appropriate warning message, as\nattempts to keep it running long enough so that it runs in parallel with another instance of\nitself may also lead to possible vulnerabilities. Normally, tmpreaper won't need that amount\nof time. If your system is so slow that it does, try to configure things so that this\ndoesn't happen. As a last resort, the --runtime=x option can be used to set the number of\nseconds after which the timeout occurs; the default setting is 55 seconds.\n\ntmpreaper dates files by their atime, not their mtime, unless you select the --mtime option.\nIf files aren't being removed when ls -l implies they should be, use stat(1) or ls --time=ac‐‐\ncess to examine the file's atime and see if that helps to explain the problem.\n\nAdditionally, tmpreaper can be instructed to also check the ctime (inode change time, which\nis updated e.g. when the file is created or permissions are changed). This is primarily use‐\nful when tmpreaper is used to clean up directories that are accessible as a Samba share; DOS\n(and Windows) PCs preserve the mtime and the atime when copying to a new file, so that it ap‐\npears that the newly created file is old. tmpreaper will remove such files is the atime is\nbeyond the removal time, even though they were just created. This is avoided by using the\n--ctime option.\n\nAs testing the contents of subdirectories will update those directories' atime, empty direc‐\ntories won't be removed. To circumvent this problem you can use the --mtime-dir option, which\nwill switch on mtime checking for directories only. Using --mtime-dir in addition to --mtime\ndoesn't do anything useful.\n\nThe parameter defines the age threshold for removing files. If the file has not\nbeen accessed for , it becomes eligible for removal. The should be a\nnumber, defaulting to hours, optionally suffixed by one character: `d' for days, `h' for\nhours, `m' for minutes, or `s' for seconds. Following the time option, one or more directo‐\nries must be given for tmpreaper to clean up.\n\nOn linux ext2/ext3/ext4 filesystems, no errors will be given when trying to remove files\nmarked as immutable. A common situation for this was the ext3 .journal file. However, there\nmay of course be other files marked as such by the system administrator.\n\n### OPTIONS\n\n#### , -h, --help\n\nPrint a brief version, copyright, and usage statement on stderr, then exit with error\nstatus 1.\n\n#### -t, --test\n\nDon't actually remove any files, but go through the motions, checking through the di‐\nrectory, then pretend to remove the eligible files.\n\n#### -v, --verbose\n\nPrint a verbose display. Two levels of verbosity are available---use this option twice\nto get the most verbose output. The --test option automaticly sets --verbose once.\nHigher numbers mean more output (max. is 3).\nTo force normal verbosity after --test, use \"--verbose=0\". This will generally only\nshow error messages. Use \"--test --verbose=0 --showdeleted\" to give a shellscript-like\nlist of actions that would have been done (see the --showdeleted description below).\n\n#### --showdeleted\n\nShow what files and directories are deleted. The output is in the form of shell com‐\nmands, i.e. \"rm /dir/dir2/file\" and \"rmdir /dir/dir2\".\nWhen used together with --test, this option will still cause the \"shell commands\" to\nbe printed, although nothing is really done. Note that this may show more than without\n--test, as problems removing the file won't be detected (e.g. immutable files).\n\n#### -f, --force\n\nRemove files even if EUID doesn't have write access (akin to rm -f). Normally, files\nowned by the current EUID, with no write bit set are not removed.\n\n#### --delay=x\n\nDelay execution at the start for a random time, up to x seconds; if no value is speci‐\nfied, the default maximum time to delay is 256 seconds. This is an option useful in\ncron scripts to make the execution of tmpreaper less predictable, thus making things a\nlittle harder for those who would attempt to use tmpreaper to thwart security.\n\n#### -T x, --runtime=x\n\nExecution of tmpreaper will aborted after x seconds; this is to prevent attacks that\ncreate many, many files. By default the timeout is set to 55 seconds. A value of 0\nwill disable this feature, which is not advised as this feature prevents possible\nrace-conditions between different instances of tmpreaper.\n\n#### -m, --mtime\n\nBase the decision of whether to remove the file on its mtime, rather than on its\natime.\n\n#### -M, --mtime-dir\n\nBase the decision of whether to remove the directory on its mtime, rather than on its\natime.\n\n#### -c, --ctime\n\nBase the decision of whether to remove the file on its ctime, in addition to its\natime. Only applicable if the --mtime options is not given!\n\n#### -s, --symlinks\n\nRemove symlinks too, not just regular files and directories.\n\n#### -a, --all\n\nRemove all file types, not just regular files, symlinks, and directories.\n\n\n--protect ''\nProtect the files that match the from deletion. This option may be\nused more than once. It has no one letter abbreviation, you must spell out the full\nword \"protect\".\n\nIf you do not enclose the in single quotes, the shell will perform the\nexpansion before tmpreaper reads its argument array. The program does not support\nthat syntax, so you must use single quotes around the glob pattern.\n\ntmpreaper will chdir(2) into each of the directories you've specified for cleanup, and\ncheck for files matching the there. It then builds a list of them,\nand uses that to protect them from removal. For example:\n\ntmpreaper --test --verbose --protect \\\n'.X*-{lock,unix,unix/*}' --protect '.ICE-{unix{/*,}}' \\\n5d /tmp # 5 day grace period\n\n### TIPS\n\nAs long as there are files present inside a subdirectory, it won't get removed. You can use\na non-writable, self-owned file, perhaps named \".tmpreaper\", or, if you are su, a file that\nhas the ext2fs immutable attribute set, to keep a subdirectory from being deleted. Of\ncourse, you could just as easily use use the --protect option to obtain the same result.\n\nBecause the command line argument processing is implemented with GNU getoptlong(3)[2], you\nmay order the arguments thusly, if it pleases you:\n\ntmpreaper --test --verbose 5h \\\n--protect './tmp/{blah?,dir{/blah4,}}' ./tmp \\\n--protect '/tmp/.X*' /tmp\n\n... Note that if you use --all or --symlinks, it will have global effect. If you only want\nit turned on for one directory, you must use separate commands.\n\n### WARNINGS\n\nPlease do not ever run tmpreaper on `/'!!! There are no safeguards against this built into\nthe program, because that would make it difficult to use in a chrooted environment.\n\n### SEE ALSO\n\nchattr(1) chdir(2) chroot(8) cron(1) getoptlong(3) ls(1) lsattr(1) rm(1) stat(1)\n\n[1] http://seclists.org/lists/bugtraq/1996/May/0046.html or\nhttp://www.security-express.com/archives/bugtraq/19962/0054.html\n\nhttp://linuxgazette.net/18/tmp.html\n(formerly http://www.linuxgazette.com/issue18/tmp.html)\n\nhttp://linuxgazette.net/20/followup.html\n\n[2] info:(libc)Long Options\n\n### AUTHOR\n\nKarl M. Hegbloom \n\nMostly based on `tmpwatch-1.2/1.4', by:\nErik Troan \n\nNow being maintained for Debian by:\nPaul Slootman \n\n\n\n4th Berkeley Distribution Sat Jan 5 2019 TMPREAPER(8)\n\n" } ], "structuredContent": { "command": "tmpreaper", "section": "8", "mode": "man", "summary": "tmpreaper - removes files which haven't been accessed for a period of time", "synopsis": "tmpreaper [-htvfmMsaT] [--help] [--test] [--verbose] [--force] [--delay=x] [--runtime=x]\n[--showdeleted] [--ctime] [--mtime] [--mtime-dir] [--symlinks] [--all] [[--protect\n'']...] ...", "flags": [ { "flag": "-t", "long": "--test", "arg": null, "description": "Don't actually remove any files, but go through the motions, checking through the di‐ rectory, then pretend to remove the eligible files." }, { "flag": "-v", "long": "--verbose", "arg": null, "description": "Print a verbose display. Two levels of verbosity are available---use this option twice to get the most verbose output. The --test option automaticly sets --verbose once. Higher numbers mean more output (max. is 3). To force normal verbosity after --test, use \"--verbose=0\". This will generally only show error messages. Use \"--test --verbose=0 --showdeleted\" to give a shellscript-like list of actions that would have been done (see the --showdeleted description below)." }, { "flag": "", "long": "--showdeleted", "arg": null, "description": "Show what files and directories are deleted. The output is in the form of shell com‐ mands, i.e. \"rm /dir/dir2/file\" and \"rmdir /dir/dir2\". When used together with --test, this option will still cause the \"shell commands\" to be printed, although nothing is really done. Note that this may show more than without --test, as problems removing the file won't be detected (e.g. immutable files)." }, { "flag": "-f", "long": "--force", "arg": null, "description": "Remove files even if EUID doesn't have write access (akin to rm -f). Normally, files owned by the current EUID, with no write bit set are not removed." }, { "flag": "", "long": "--delay", "arg": "x", "description": "Delay execution at the start for a random time, up to x seconds; if no value is speci‐ fied, the default maximum time to delay is 256 seconds. This is an option useful in cron scripts to make the execution of tmpreaper less predictable, thus making things a little harder for those who would attempt to use tmpreaper to thwart security." }, { "flag": "-T", "long": "--runtime", "arg": "x", "description": "Execution of tmpreaper will aborted after x seconds; this is to prevent attacks that create many, many files. By default the timeout is set to 55 seconds. A value of 0 will disable this feature, which is not advised as this feature prevents possible race-conditions between different instances of tmpreaper." }, { "flag": "-m", "long": "--mtime", "arg": null, "description": "Base the decision of whether to remove the file on its mtime, rather than on its atime." }, { "flag": "-M", "long": "--mtime-dir", "arg": null, "description": "Base the decision of whether to remove the directory on its mtime, rather than on its atime." }, { "flag": "-c", "long": "--ctime", "arg": null, "description": "Base the decision of whether to remove the file on its ctime, in addition to its atime. Only applicable if the --mtime options is not given!" }, { "flag": "-s", "long": "--symlinks", "arg": null, "description": "Remove symlinks too, not just regular files and directories." }, { "flag": "-a", "long": "--all", "arg": null, "description": "Remove all file types, not just regular files, symlinks, and directories. --protect '' Protect the files that match the from deletion. This option may be used more than once. It has no one letter abbreviation, you must spell out the full word \"protect\". If you do not enclose the in single quotes, the shell will perform the expansion before tmpreaper reads its argument array. The program does not support that syntax, so you must use single quotes around the glob pattern. tmpreaper will chdir(2) into each of the directories you've specified for cleanup, and check for files matching the there. It then builds a list of them, and uses that to protect them from removal. For example: tmpreaper --test --verbose --protect \\ '.X*-{lock,unix,unix/*}' --protect '.ICE-{unix{/*,}}' \\ 5d /tmp # 5 day grace period" } ], "examples": [], "see_also": [ { "name": "chattr", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/chattr/1/json" }, { "name": "chdir", "section": "2", "url": "https://www.chedong.com/phpMan.php/man/chdir/2/json" }, { "name": "chroot", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/chroot/8/json" }, { "name": "cron", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/cron/1/json" }, { "name": "getoptlong", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/getoptlong/3/json" }, { "name": "ls", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/ls/1/json" }, { "name": "lsattr", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/lsattr/1/json" }, { "name": "rm", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/rm/1/json" }, { "name": "stat", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/stat/1/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 5, "subsections": [] }, { "name": "DESCRIPTION", "lines": 48, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": ", -h, --help", "lines": 4 }, { "name": "-t, --test", "lines": 4, "flag": "-t", "long": "--test" }, { "name": "-v, --verbose", "lines": 8, "flag": "-v", "long": "--verbose" }, { "name": "--showdeleted", "lines": 7, "long": "--showdeleted" }, { "name": "-f, --force", "lines": 4, "flag": "-f", "long": "--force" }, { "name": "--delay=x", "lines": 6, "long": "--delay", "arg": "x" }, { "name": "-T x, --runtime=x", "lines": 6, "flag": "-T", "long": "--runtime", "arg": "x" }, { "name": "-m, --mtime", "lines": 4, "flag": "-m", "long": "--mtime" }, { "name": "-M, --mtime-dir", "lines": 4, "flag": "-M", "long": "--mtime-dir" }, { "name": "-c, --ctime", "lines": 4, "flag": "-c", "long": "--ctime" }, { "name": "-s, --symlinks", "lines": 3, "flag": "-s", "long": "--symlinks" }, { "name": "-a, --all", "lines": 21, "flag": "-a", "long": "--all" } ] }, { "name": "TIPS", "lines": 16, "subsections": [] }, { "name": "WARNINGS", "lines": 5, "subsections": [] }, { "name": "SEE ALSO", "lines": 13, "subsections": [] }, { "name": "AUTHOR", "lines": 11, "subsections": [] } ] } }