Description
systemd-tmpfiles uses the configuration files from the above directories to describe the creation, cleaning and removal of volatile and temporary files and directories which usually reside in directories such as /run or /tmp.
Volatile and temporary files and directories are those located in /run (and its alias /var/run), /tmp, /var/tmp, the API file systems such as /sys or /proc, as well as some other directories below /var.
System daemons frequently require private runtime directories below /run to place communication sockets and similar in. For these, consider declaring them in their unit files using RuntimeDirectory= (see systemd.exec(5) for details), if this is feasible.
If you need to change any of the permissions of files, a typical Ansible example would be:
- block: - name: "MUST | Fix | Security logs must be writtable only by root" file: path="{{ item }}" owner="root" group="root" mode=0640 with_items: - /var/log/lastlog - /var/log/btmp - /var/log/wtmp tags: - must - fix - lineinfile: dest: /lib/tmpfiles.d/var.conf regexp: "(?i)^#?f /var/log/wtmp.*" line: 'f /var/log/wtmp 0640 root utmp -' tags: - must - fix - lineinfile: dest: /lib/tmpfiles.d/var.conf regexp: "(?i)^#?f /var/log/btmp.*" line: 'f /var/log/btmp 0640 root utmp -' tags: - must - fix