The Full Disk Shock and the Birth of systemd-tmpfiles
I once broke into a cold sweat when a production server suddenly crashed. The logs reported No space left on device, even though there were 200GB of free space just a few days prior.
After scanning with du -sh, I discovered the /tmp directory contained over 10 million tiny session files, totaling 80GB. At the time, I handled it like a rookie: I wrote a Bash script to run rm -rf and threw it into crontab. The result? The script was too aggressive, deleting active database sockets and causing an additional 30 minutes of downtime.
If you’re struggling with manual cleanup like that, it’s time to get acquainted with systemd-tmpfiles. This is a standard tool deeply integrated into systemd. It helps manage the lifecycle of temporary files and directories scientifically, safely, and fully automatically.
This tool does more than just delete. It also automatically creates necessary directories at boot, assigns precise permissions to socket files, or creates symbolic links as required by applications. Everything is encapsulated in declarative configuration files instead of fragmented, hard-to-manage scripts.
Checking systemd-tmpfiles on Your System
Popular distributions like Ubuntu, CentOS/AlmaLinux, and Fedora have this feature enabled by default. To check if your system is protected, run the following command:
systemctl status systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timerThese two components play a key role:
- systemd-tmpfiles-setup.service: Runs at boot to initialize temporary files/directories.
- systemd-tmpfiles-clean.timer: Typically runs every 24 hours to scan and clean up expired files.
Configuration: Understanding the Rules to Avoid System Errors
Systemd manages configuration with a clear order of precedence. Never directly edit files in /usr/lib because they will be overwritten when you update the operating system.
Configuration File Locations
/usr/lib/tmpfiles.d/: Contains default configurations for software packages. Do not touch./run/tmpfiles.d/: Temporary configurations generated while the system is running./etc/tmpfiles.d/: This is your playground. Create your.conffiles here for customization.
Decoding the Syntax
A standard configuration line usually looks like this:
# Type Path Mode User Group Age Argument
d /run/my_app 0755 nginx nginx - -Column details:
- Type: The action to perform.
dcreates a directory,fcreates a file,ecleans only the contents inside, andXexcludes from deletion. - Path: Absolute path.
- Mode: Permissions (e.g., 0755).
- User/Group: Ownership.
- Age: File lifespan. For example,
7d(7 days),12h(12 hours). If set to-, the file will never be automatically deleted. - Argument: Usually used to specify the destination for symbolic links.
Practical Example: Cleaning 50GB of Cache After 1 Week
Suppose your application constantly creates files in /var/cache/my-app/. To prevent the disk from filling up, you want to automatically delete old files after 7 days.
First, create the configuration file:
sudo nano /etc/tmpfiles.d/my-app-cleanup.confAdd the following content:
# Only clean contents, keep the parent directory
e /var/cache/my-app 0750 webapp webapp 7d -Why use e? Because if you use d with an Age, systemd might delete the parent directory my-app itself if that directory hasn’t changed in 7 days. Using e (empty) is safer, as it only cleans the junk inside.
Another tip: If you need to create a socket directory for Redis in RAM (the /run directory is wiped on reboot), use:
d /run/redis 0755 redis redis - -Safe Operation: Don’t Leave It to Fate
Don’t just write the configuration and wait. Check it immediately to avoid unfortunate mistakes.
1. Dry-run
This command is extremely important. It tells you what systemd intends to do without actually deleting or creating anything:
systemd-tmpfiles --create --dry-run /etc/tmpfiles.d/my-app-cleanup.conf2. Force Immediate Execution
To create the directory immediately:
sudo systemd-tmpfiles --createOr to clean up expired files right now:
sudo systemd-tmpfiles --cleanWarning: Be careful with --clean. If you accidentally set the Age to 1s for an important directory, your data will vanish instantly after hitting Enter.
Practical Experience with Age Calculation
Many mistakenly believe that Age is only calculated based on file modification time. In reality, systemd-tmpfiles checks three timestamps: atime (access), mtime (content modification), and ctime (metadata change). By default, it only deletes files when all three timestamps exceed the time you set. This helps protect files that are being read by a process but not modified.
Managing temporary files may seem minor, but it’s a skill that distinguishes a Linux user from a professional DevOps engineer. I hope this article helps you confidently discard old Bash scripts in favor of the more standardized systemd-tmpfiles approach.
