Loading...
 

tmpfiles

Description 
systemd-tmpfiles uses the configuration files from the above directories to describe the creation, cleaning and removal of volatile and temporary files and directories which usually reside in directories such as /run or /tmp.

Volatile and temporary files and directories are those located in /run (and its alias /var/run), /tmp, /var/tmp, the API file systems such as /sys or /proc, as well as some other directories below /var.

System daemons frequently require private runtime directories below /run to place communication sockets and similar in. For these, consider declaring them in their unit files using RuntimeDirectory= (see systemd.exec(5) for details), if this is feasible.

If you need to change any of the permissions of files, a typical Ansible example would be:

change log files
- block:
  - name: "MUST | Fix | Security logs must be writtable only by root"
    file: path="{{ item }}" owner="root" group="root" mode=0640
    with_items:
      - /var/log/lastlog
      - /var/log/btmp
      - /var/log/wtmp
    tags:
      - must
      - fix

  - lineinfile:
      dest: /lib/tmpfiles.d/var.conf
      regexp: "(?i)^#?f /var/log/wtmp.*"
      line: 'f /var/log/wtmp 0640 root utmp -'
    tags:
      - must
      - fix

  - lineinfile:
      dest: /lib/tmpfiles.d/var.conf
      regexp: "(?i)^#?f /var/log/btmp.*"
      line: 'f /var/log/btmp 0640 root utmp -'
    tags:
      - must
      - fix