“A good portion of my home directory got deleted,” complained a bug report for systemd filed last week. It requested an update to a flag for the systemd-tmpfiles tool which cleans up files and directories: “a huge warning next to –purge. This option is dangerous, so it should be made clear that it’s dangerous.”
The Register explains: As long as five years ago, systemd-tmpfiles had moved on past managing only temporary files — as its name might suggest to the unwary. Now it manages all sorts of files created on the fly … such as things like users’ home directories. If you invoke the systemd-tmpfiles –purge command without specifying that very important config file which tells it which files to handle, version 256 will merrily purge your entire home directory.
The bug report first drew a cool response from systemd developer Luca Boccassi of Microsoft: So an option that is literally documented as saying “all files and directories created by a tmpfiles.d/ entry will be deleted”, that you knew nothing about, sounded like a “good idea”? Did you even go and look what tmpfiles.d entries you had beforehand? Maybe don’t just run random commands that you know nothing about, while ignoring what the documentation tells you? Just a thought eh
But the report then triggered “much discussion,” reports Phoronix. Some excerpts:
- Lennart Poettering: “I think we should fail –purge if no config file is specified on the command line. I see no world where an invocation without one would make sense, and it would have caught the problem here.”
- Red Hat open source developer Zbigniew JÄ(TM)drzejewski-Szmek: “We need to rethink how –purge works. The principle of not ever destroying user data is paramount. There can be commands which do remove user data, but they need to be minimized and guarded.”
- Systemd contributor Betonhaus: “Having a function that declares irreplaceable files — such as the contents of a home directory — to be temporary files that can be easily purged, is at best poor user interfacing design and at worst a severe design flaw.”
But in the end, Phoronix writes, systemd-tmpfiles behavior “is now improved upon.”
“Merged Wednesday was this patch that now makes systemd-tmpfiles accept a configuration file when running purge. That way the user must knowingly supply the configuration file(s) to which files they would ultimately like removed. The documentation has also been improved upon to make the behavior more clear.”
Source: Systemd 256.1 Addresses Complaint That ‘systemd-tmpfiles’ Could Unexpectedly Delete Your /home Directory
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft