Systemd 256.1 Addresses Complaint That 'systemd-tmpfiles' Could Unexpectedly Delete Your /home Directory (phoronix.com)
175
"A good portion of my home directory got deleted," complained a bug report for systemd filed last week. It requested an update to a flag for the systemd-tmpfiles tool which cleans up files and directories: "a huge warning next to --purge. This option is dangerous, so it should be made clear that it's dangerous."
The Register explains: As long as five years ago, systemd-tmpfiles had moved on past managing only temporary files — as its name might suggest to the unwary. Now it manages all sorts of files created on the fly ... such as things like users' home directories. If you invoke the systemd-tmpfiles --purge command without specifying that very important config file which tells it which files to handle, version 256 will merrily purge your entire home directory.
The bug report first drew a cool response from systemd developer Luca Boccassi of Microsoft: So an option that is literally documented as saying "all files and directories created by a tmpfiles.d/ entry will be deleted", that you knew nothing about, sounded like a "good idea"? Did you even go and look what tmpfiles.d entries you had beforehand? Maybe don't just run random commands that you know nothing about, while ignoring what the documentation tells you? Just a thought eh
But the report then triggered "much discussion," reports Phoronix. Some excerpts:
The Register explains: As long as five years ago, systemd-tmpfiles had moved on past managing only temporary files — as its name might suggest to the unwary. Now it manages all sorts of files created on the fly ... such as things like users' home directories. If you invoke the systemd-tmpfiles --purge command without specifying that very important config file which tells it which files to handle, version 256 will merrily purge your entire home directory.
The bug report first drew a cool response from systemd developer Luca Boccassi of Microsoft: So an option that is literally documented as saying "all files and directories created by a tmpfiles.d/ entry will be deleted", that you knew nothing about, sounded like a "good idea"? Did you even go and look what tmpfiles.d entries you had beforehand? Maybe don't just run random commands that you know nothing about, while ignoring what the documentation tells you? Just a thought eh
But the report then triggered "much discussion," reports Phoronix. Some excerpts:
- Lennart Poettering: "I think we should fail --purge if no config file is specified on the command line. I see no world where an invocation without one would make sense, and it would have caught the problem here."
- Red Hat open source developer Zbigniew Jedrzejewski-Szmek: "We need to rethink how --purge works. The principle of not ever destroying user data is paramount. There can be commands which do remove user data, but they need to be minimized and guarded."
- Systemd contributor Betonhaus: "Having a function that declares irreplaceable files — such as the contents of a home directory — to be temporary files that can be easily purged, is at best poor user interfacing design and at worst a severe design flaw."
But in the end, Phoronix writes, systemd-tmpfiles behavior "is now improved upon."
"Merged Wednesday was this patch that now makes systemd-tmpfiles accept a configuration file when running purge. That way the user must knowingly supply the configuration file(s) to which files they would ultimately like removed. The documentation has also been improved upon to make the behavior more clear."
Thanks to long-time Slashdot reader slack_justyb for sharing the news.
While inventing Unix (Score:5, Insightful)
While reinventing things they managed to make them worse. Par for the course in the world of Systemd.
Re: (Score:2)
And it only took them what? 256 VERSIONS to fix it?
Re: (Score:2)
Technically Java is still on 1.x series after almost 30 years. (maybe that's a stretch, Java versioning got weird for J2SE and again for 1.5 AKA 5.0)
Re: (Score:2)
Yea. I don't even know how to relate to releasing 200+ versions of something. I did about 7 releases (one every 6 months) of a voicemail server and people ran with the last release I worked on for years without bothering to update. It's not that I'm some amazing programmer or anything. Just had a spec and a test plan and threw together enough of a custom Linux distro to run JVM.
Re: While inventing Unix (Score:2)
Re: While inventing Unix (Score:2)
Re: While inventing Unix (Score:2)
Re: (Score:3, Insightful)
It's very telling that the attitude from the Microsoft guy is a big fat middle finger. On brand I feel.
Re: (Score:2)
"This is systemd of the Borg. Your file system will be approximated."
Re: (Score:2)
Well, I think systemd is complete crap on architecture, design and philosophy level. I now find it is complete crap regarding its implementation as well ...
Re: (Score:2)
And developer attitude. That guy shouldn't be anywhere near anything other people depend on.
Re: (Score:2)
I don't recall any windows tools that when run would purge my desktop and other user files Willy Nilly.
Re: (Score:2)
I'm way dumber than you, but ... perhaps I have better memory?
According to isolated reports, Windows 10 KB4532693 update is said to be 'deleting' files and users are unable to find their data in the temporary profile folder. In worst cases, users have lost all their personal data and they are unable to recover it even after uninstalling the patch. 1 [windowslatest.com] 2 [forbes.com]
Re: (Score:2)
Looks like the systemd people were copying features from windoze.
Re: (Score:2)
You can't tell the difference between a bug and a dumb ass dev saying, "yeah that function is intended and we're not going to fix it".
Okey dokey!
You didn't need that home directory (Score:5, Funny)
If Lennart wants to delete your home directory then just let him do it. He knows best after all.
Re: You didn't need that home directory (Score:3)
Re: (Score:3)
Re: (Score:2)
Wait until systemd decides to "mange" your filesystem setting too so the rollback set it silently removed before it deletes your files.
Re: (Score:2)
I knew that systemd was slowly subsuming everything. I didn't expect that to include the BOFH.
Re: (Score:2)
If Lennart wants to delete your home directory then just let him do it. He knows best after all.
It's only fair, since he is the one who invented Linux.
Home directory is a tmp file (Score:5, Funny)
Users are fleeting, Systemd is forever.
U+1F926
Just so you know... (Score:5, Funny)
That Luca Boccassi is the same idiot that boasted "42% less Unix philosophy" last week.
I guess he forgot to mention 42% less personal files...
Re: Just so you know... (Score:3)
Re: (Score:2)
The triangle wheel is a great idea as long as you modify the road first and don't intend on doing anything other traveling along the pre-determined path. You know, that really does describe systemd.
"of Microsoft" (Score:5, Insightful)
Says it all - the bad coding, the sneering attitude and the inability to understand basic command safety protocols.
Re:Just so you know... (Score:5, Insightful)
What this Boccassi fool coded was that running the command without arguments deleted everything.
It is the equivalent of coding rm so that typing rm would have it run rm -rf
At least now we know which 42% of the unix philosophy he removed.
This guy isn't worthy of shining the shoes of the greats of the 1970s.
Re: (Score:2)
Without arguments it was using configuration files.
Re:Just so you know... (Score:5, Interesting)
He also explained farther down the same thing the summary and Reg article mention, that tmpfiles hasn't been for temporary files for a very long time. It just maintains an "unfortunate legacy name" because changing that name would "break a lot of scripts". When directly asked why they don't change the package name and then simply provide a compatibility alias until scripts and such can be fully converted to the new name (you know, a bog standard thing that not only Linux distros, but even Windows and macOS do as a standard practice)?
"That would result in a ton of bikeshedding, so can't be bothered honestly"
And that, really, tells you all you need to know about this twat.
Re: (Score:2)
Or how about writing another command and leaving tmpfiles to do what it I assume used to do, deal with tmpfiles. Maybe call it realldangerouscommandthatmaydeleteyourhomedirectory or something like that. Assuming a user has read all or any of your documentation is just bad design, what you clicked on save and it deleted the document, really didn't the help that said it would delete you document shame on you. Its just not what users do.
Re: (Score:2)
Yes... and the Unix philosophy isn't just a technical argument about how to write good tools. It's also a description of how to build tools that "get along" with programs other people are contributing.
Even if SystemD were consistently technically flawless, it is still an attempt to get rid of the community development process in favor of corporate control of the platform. The Unix philosophy fosters collaboration; that's a major reason the SystemD crew want to discredit it.
Systemd (Score:5, Insightful)
Re: (Score:3)
Read the article again
your example: "rm -fr /", does actually exactly what you demand it to do.
where there you have a command that says "purge tempfiles" and it purges your home directory along with it.
No problem, just don't. (Score:5, Insightful)
If there were a button on your car dashboard, and the user manual said "if you press this button you will die", apparently Boccassi would say "no big deal, just don't press that button."
I would say "don't get a car that has that button."
Re:No problem, just don't. (Score:5, Insightful)
It says "tmpfiles", and through general consensus about language and what words mean, it follows that "tmp" is short for "temporary", and "temporary files" has a specific and known meaning. "/home" is not a "temporary" file, and treating it as such violates people's understanding about language.
Re: (Score:3, Insightful)
The tmpfiles.d Configuration specification has Flags for the things you are creating. The Line indicates whether the files are to be cleaned up "Aged out" or Not. The problem with Purge is it breaks expectations by Deleting files which are Flagged only to be added, and NOT to be Deleted, Cleaned, or Aged out.
Re:No problem, just don't. (Score:5, Insightful)
The home directory is not a "tmpfile", flagged or not. I would suggest an urgent psychological examination of anyone who thinks a program called "tmpfiles" should delete a home directory.
Re: (Score:3)
Not for your home computer it isn't. It very much is on other systems. The only difference here is we traditionally decided to simply nuke the entire OS from orbit on reboot instead of just purging the temporary user account directors of network machines in the past.
Re: (Score:2)
Not for your home computer it isn't. It very much is on other systems.
On those systems, you specifically mark the home directory for deletion. It's not a default action.
Re: (Score:2)
The home directory is not a "tmpfile", flagged or not. I would suggest an urgent psychological examination of anyone who thinks a program called "tmpfiles" should delete a home directory.
Well based on what I read in the summary - it sounds like you'd have to get rid of the systemd leadership.
Re: (Score:2)
Hey I just thought of a new meaning for /bin
and I'm sure it'll all be fine because people only make legacy assumptions about bin.
Re:No problem, just don't. (Score:5, Interesting)
this is still baffling me. i wonder how any user data that isn't explicitly created as temporary storage might end up referenced in those tmpfiles.d/ entries. it makes no fucking sense. that such a tool can simply wipe a home directory for any reason is just wrong, that the developers even insist that this is proper behavior is just asinine.
and worrying. i was reluctantly playing along with systemd, i'm not really a linux control freak and it has its upsides, but this really makes me want to reconsider. both the design, what the tool has evolved to do with time, the damage that it can now do and how these guys react when they clearly fucked up. this is broken.
Re: No problem, just don't. (Score:4, Insightful)
It's been clear for a long time that these guys are an arrogant bunch who mistakenly think they're coding rockstars so this behaviour should come as no surprise.
Re: No problem, just don't. (Score:2)
Re: (Score:2)
Re: (Score:2)
and worrying. i was reluctantly playing along with systemd, i'm not really a linux control freak and it has its upsides,
Which systemd upsides in particular do you like?
Re: (Score:2)
udev hotplug integration basically, i'm lazy, and i don't want to dig into docs at the precise moment i need some new/unknown device to work because it probably means i'm busy atm and just want the device to work.
in general, i find distros shouldn't have adopted systemd as default, but many of them have. this has a ripple effect and going with the current mainstream is often a bonus upside for lazy people.
Re: (Score:3)
It's making a philosophical point about the impermanence of life.
You are Ozymandias and systemd is the sands of time.
Look upon my files ye mighty and despair!
Re: (Score:2)
Mod points!
My kingdom for some mod points!
Re: (Score:2)
Name one command that without parameters will blindly delete all the files, or at least all the files you have permission to delete, in any common OS targeted at regular people like those you listed.
Re: (Score:2)
I got this!
Systemd-tmpfiles will do that.
Re: (Score:2)
Wouldn't be surprised if other commands that start with systemd also do it.
Re: No problem, just don't. (Score:2)
The FORMAT command in MS-DOS will wipe out your whole disk in a jiffy. Fun times.
Re: (Score:2)
"If you think that a non-systemd system is immune to user error, blindly running commands they don't understand I would state that you have never used a computer, period. Windows, Linux, or Mac, DOS, or any OS."
What would be the equivalent command in a Windows or Mac OS?
What would be the equivalent command in a non-systemd Linux OS?
There aren't any as far as I can tell, not one. Only a systemd OS does that.
Notabug (Score:2)
"Wontfix"
this should be a felony crime (Score:3)
kudos to Pat & Slackware, Mister V. is a wise old man, a master & wizard of Linux
Of course (Score:3)
Of course a init system needs to implement rm.
Can systemd just stick at to process/service start up. That's the thing it does ok at, the rest of it seems to be there for the purpose of making it bigger, which really doesn't suffer well.
Some early projects to implement just the good bits seem to have gone unmaintained, sadly.
How about... (Score:4, Insightful)
making a command do what its name actually implies it'll do, instead of having it do all kinds of other random things which its name does not imply?
Re: (Score:2)
No, who would pay for that?
Design principles (Score:4, Informative)
Apparently systemd development doesn't adhere to the "principle of least astonishment" which I've always tried to adhere to.
Admittedly I've not always successfully followed this principle but fortunately the resulting failures have (to my knowledge) resulted in "astonishment" such as "Why did this set of options give me a syntax error?" rather than "Where did my data go?".
Re: (Score:2)
The "Principle of least surprise" (as it is also called) is a very fundamental thing in all save and secure engineering. I would go so far as to say anybody that does not follow it does not qualify as engineer and is merely an "amateur cretin". And anybody that does not _know_ it is an uneducated amateur cretin.
In physical engineering, not following this principle kills people and can get engineers sent to prison.
Devuan Does Without systemd (Score:3, Informative)
Get it here [devuan.org] while the supply lasts!
Re: Devuan Does Without systemd (Score:3)
Re: (Score:2)
Indeed, it does. Debian without systemd is also still relatively possible, but the idiots and assholes that took over the technical board in Debian are slowly making it harder.
Won't fix (Score:2)
Re: (Score:2)
That's what the numbnuts who was bragging about systemd being so much less unixy said. Apparently the unit philosophy involves not wiping out ~ on a whim
Not a systemd bug (Score:2)
Obviously, the user needs to read the source code before using systemd. This is clearly a user issue. WONTFIX
Luca Boccassi sounds like a dick (Score:3)
It sounds like there was plenty of scope for misinterpreting what it would do, which makes Luca Boccassi sounds like a dick.
Figures... (Score:2, Interesting)
"systemd developer Luca Boccassi of Microsoft"
If you are going to infest linux with anti-unix bs like systemd it figures that Microsoft would be the ones funding it. They already built one POS that only persists due to a monopoly foothold... why not let them trash the superior choice of sane people.
Re: (Score:2)
Maybe but that doesn't mean they weren't on the take and it was still Microsoft who added the flight simulator and BSOD integrations.
I see Linux elitism is still alive. (Score:3)
The "cool response" is exactly what people hate about linux, although the other responses are what I would expect from a mature ecosystem
The name has "temp files" in it. Saying someone should have read the documents that comes with it because the name is deceptive, is a real a-hole response. If something does other than the description, it should have guardrails that DON'T require documentation.
When Can We Be Done with Systemd? (Score:3)
Re: (Score:2)
When can we just get rid of systemd? Seriously. Yes, I know about devuan, but I'm talking mainline debian and downstream from there.
When the users reject it, by switching to distributions which don't use it, like Devuan.
I am using Devuan 5 with root on ZFS. I have a 4060 card and I use the latest runfile CUDA driver installer. I do have to drop to single user mode and update that manually, but the benefit is that it doesn't interfere with multiarch. Everything works great, just like you would expect it to. You can use the DE of your choice, I am using XFCE4. My current kernel (from backports) is 6.6.13, (oh look 6.7.12 is in there now..
Re:When Can We Be Done with Systemd? (Score:4, Informative)
Take a look at popcon. People -are- rejecting systemd, in large scale - systemd-sysv (which effectively replaces systemd) is the 54th most popular Debian package, ahead of dbus, sudo, and kmod (as well as others, but those are somewhat significant). Systemd is 41, which isn't much of a margin since it's installed by default.
https://popcon.debian.org/by_vote
If by # of installs, it's #149, well ahead of most other stuff.
Re: When Can We Be Done with Systemd? (Score:3)
Debian doesn't quite work right with systemd disabled IME. There are a bunch of little tweaks that need to be made all over the place that aren't done for you. Hence Devuan. I did try Debian with sysvinit and it was too much work to fix the glitches.
Clearly user error (Score:2)
The error of the user is to run systemd in the first place and to trust the cretins behind it.
Well past time (Score:2)
It's well past time for people to consider systemd what it is: an intentional destructive, parasitic system, injected into an ecosystem in an attempt to make it unusable and undesirable. It's proponents have always been Microsoft shills and employees.
Get. Rid. Of. It.
Systemd... (Score:2)
Re: (Score:2)
not just an init system (Score:4, Interesting)
As always, the main problem with systemd is that it isn't just an init system, it does far too many things that have nothing to do with init and shouldn't be tightly coupled with any particular init system.
Whenever shit like this blows up (a depressingly regular occurrence), the systemd fanboys say crap like "why do you care so much about something that's just an init system" - but that's exactly the problem, it's NOT just an init system, and never really has been. It does way more than any "init system" should ever do. And, worse, the scope of things that systemd tries to do just keeps on growing.
If systemd confined its activities to system startup, i.e. unit files and scripts and the like (things that actually ARE the responsibility of an init system) it would be much less controversial - probably not controversial at all. I never have understood the fear of shell scripts pushed by systemd devs and users, but systemd's unit files aren't a bad way of doing system startup. Not perfect (nothing is), but good enough.
But things like logging, DNS resolution, NTP / time synchronisation, home directory automounting, cron/timerd, tmp reaping, partition management, user & group management, login & logout, system console, device node management, and more should never be so tightly coupled to one particular init system, nor should that init system be so tightly coupled to one particular implementation (their own) of those things.
And, unfortunately, systemd's adequacy at the basic requirements of init (system startup stuff*) is used to excuse its complete inadequacy at all the other things it makes a half-arsed (and sometimes scarily incompetent) attempt at doing.
---
* I was going to say "system startup and shutdown stuff" here, but then I remembered that systemd is fucking awful at system shutdown. If there's a zombie process or an unkillable process (e.g. stuck in the kernel, trying to access failed hardware or an inaccessible nfs mount, being unable to unmount a filesystem because a zombie process is "using" it, etc) then systemd can loop forever waiting for that process to be killed - and the only resolution is to give up waiting and just manually power-cycle the machine. I've left a machine in this state for hours just to see if systemd would eventually just reboot or poweroff anyway. Nope.
This is laughably cretinous coding because one of the reasons for shutting down is to deal with such issues....it might be understandable for a stuck process, but it's inexcusable for zombie processes which are trivially easy for an init system - or software in general - to detect.
I don't particularly care how long a system takes to boot up - if it takes 30 secs or 5 minutes to boot isn't that big a deal, an annoyance at worst. But I care a lot about how long a system takes to shutdown or reboot, or whether it actually reboots or gets stuck forever - because I'm generally trying to fix a problem when I have to do that. And this is especially important when the system I'm trying to shutdown or reboot is remote and doesn't have a BMC or some way to remotely power-cycle it.
Re: (Score:2)
Genuine question, but I've never understood why, on macOS, launchd seems simple and straightforward, whereas in Linux, it seems to be such a difficult problem space? Is it something about servers?
I wonder how old this is (Score:2)
I have encountered a problem years ago where I enabled a system logging feature - forgot which one - and used the option to clear the previous log. After that I discovered windows had cleared my complete home folder.Lost a lot of data then.
Not good enough (Score:2)
Software should always default safe.
rm, if not given an explicit path or file, doesn't delete your hard drive.
fsck, if not given an explicit device, doesn't trash all your drives.
Software should always default safe.
Why run commands you failed to research? (Score:2)
While the fault is silly it's sillier to run random commands without knowing the outcome. Ordinary users have no reasons to run that command and I (ordinary utilitarian boring Linux user since 1999) didn't know it existed until the issue got publicity.
If you need a safe place to practice terminal commands a virtual machine (snapshotted for effortless recovery after initial clean install) risks nothing on your host OS.
Re: I cant believe SystemD is still with us (Score:4, Informative)
Re: I cant believe SystemD is still with us (Score:2)
Slackware works for me but then I dont mind a bit more manual intervention than is common now.
Re: (Score:3)
Soon. Just ask it to remove temporary files.
Re: (Score:2)
Why can't you believe that?
They have rhetorically trained "Blametainers" that give "cool answers"
like you may have a button that says Purge Tempfiles and hey why not read the documentation that actually states "Purge Tempfiles btw. we consider your home directory only to be a tempfile, because of your limited life span"
Making you look like a fool for pointing out that a button that says self destruct should really engage self destruct, and a button that says test nuclear missiles should in contrast not actu
Re: (Score:2)
Making you look like a fool for pointing out that a button that says self destruct should really engage self destruct, and a button that says test nuclear missiles should in contrast not actually fire nuclear missiles.
And from Poettering's fix here [github.com]:
Plus a multitude of other fixes, some quite important, such as one that fixes a case where --dry-run wasn't dry at all.
So the button that says test nuclear missiles was in fact actually firing nuclear missiles sometimes.
Re: (Score:2)
Ok but let's just pause a moment.
System d, the init system somehow had a bug where it deletes your gone directory.
That is completely deranged.
Re: (Score:2)
That is dangerously and possibly criminally negligently deranged.
Re: (Score:2)
I use them. They work well. It is clear what they do. It is easy to adapt them.
Re: Systemd Derangement Syndrome (Score:3)
They require boilerplate code that either has to be copy pasted or source at the beginning of your script, and which is finicky to make work correctly.
They need weird hacks and pid files to keep track of processes, which can prevent services to restart if not correctly cleaned up.
They don't always restart after quitting.
The init par of systemd is the only part worth anything in that codebase. Unit files are simple text files describing the behavior you want and the path to your binary, and the let a dedicat
Re:Systemd Derangement Syndrome (Score:5, Informative)
Did you miss the part where the first response was "should've read the manual. wontfix." (I'm paraphrasing.) And that was the Systemd developer in Microsoft's employ who celebrated "42% less Unix philosophy" just last week. In light of how absolutely braindead this tool's (i mean the software) behavior is, it is absolutely newsworthy that there are still people at the steering wheel who would continue down that path, people who make Poettering look like the rational one.
Re: Systemd Derangement Syndrome (Score:5, Insightful)
Re: (Score:2)
What damage? Linux use is at an all time high, largely for the adoption of modern design and way of working. You're begging the question. The only damage done is a bunch of people who don't RTFM and complain online that they don't know how to use their computer.
Re: (Score:2)
My init.d based system wiped my home directory on every reboot because they put the wipehome.sh s riot in there.
Oh wait, no, they didn't. There was no way for the default init.d tools and scripts to wipe your home directory.
Re: (Score:3)
What damage? Linux use is at an all time high, largely for the adoption of modern design and way of working.
We've been over this many times. "Usage" and "popularity" are not measures of quality.
Re: (Score:2)
Also he seemed to miss the point that this is a massive howling bug. And one that speaks to an incredibly poor design and developer attitude. It's hard to overstate how bad such a bug is.
Re: (Score:2)
To me, systemd is a solution looking for a problem. Let's not go there.
Yes, a solution to get rid of that pesky home directory.