Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Linux

Systemd 256.1 Addresses Complaint That 'systemd-tmpfiles' Could Unexpectedly Delete Your /home Directory (phoronix.com) 175

"A good portion of my home directory got deleted," complained a bug report for systemd filed last week. It requested an update to a flag for the systemd-tmpfiles tool which cleans up files and directories: "a huge warning next to --purge. This option is dangerous, so it should be made clear that it's dangerous."

The Register explains: As long as five years ago, systemd-tmpfiles had moved on past managing only temporary files — as its name might suggest to the unwary. Now it manages all sorts of files created on the fly ... such as things like users' home directories. If you invoke the systemd-tmpfiles --purge command without specifying that very important config file which tells it which files to handle, version 256 will merrily purge your entire home directory.
The bug report first drew a cool response from systemd developer Luca Boccassi of Microsoft: So an option that is literally documented as saying "all files and directories created by a tmpfiles.d/ entry will be deleted", that you knew nothing about, sounded like a "good idea"? Did you even go and look what tmpfiles.d entries you had beforehand? Maybe don't just run random commands that you know nothing about, while ignoring what the documentation tells you? Just a thought eh
But the report then triggered "much discussion," reports Phoronix. Some excerpts:
  • Lennart Poettering: "I think we should fail --purge if no config file is specified on the command line. I see no world where an invocation without one would make sense, and it would have caught the problem here."
  • Red Hat open source developer Zbigniew Jedrzejewski-Szmek: "We need to rethink how --purge works. The principle of not ever destroying user data is paramount. There can be commands which do remove user data, but they need to be minimized and guarded."
  • Systemd contributor Betonhaus: "Having a function that declares irreplaceable files — such as the contents of a home directory — to be temporary files that can be easily purged, is at best poor user interfacing design and at worst a severe design flaw."

But in the end, Phoronix writes, systemd-tmpfiles behavior "is now improved upon."

"Merged Wednesday was this patch that now makes systemd-tmpfiles accept a configuration file when running purge. That way the user must knowingly supply the configuration file(s) to which files they would ultimately like removed. The documentation has also been improved upon to make the behavior more clear."

Thanks to long-time Slashdot reader slack_justyb for sharing the news.


This discussion has been archived. No new comments can be posted.

Systemd 256.1 Addresses Complaint That 'systemd-tmpfiles' Could Unexpectedly Delete Your /home Directory

Comments Filter:
  • by OrangeTide ( 124937 ) on Saturday June 22, 2024 @12:44PM (#64569307) Homepage Journal

    While reinventing things they managed to make them worse. Par for the course in the world of Systemd.

    • by Chas ( 5144 )

      And it only took them what? 256 VERSIONS to fix it?

      • Technically Java is still on 1.x series after almost 30 years. (maybe that's a stretch, Java versioning got weird for J2SE and again for 1.5 AKA 5.0)

    • Re: (Score:3, Insightful)

      It's very telling that the attitude from the Microsoft guy is a big fat middle finger. On brand I feel.

    • by hawk ( 1151 )

      "This is systemd of the Borg. Your file system will be approximated."

    • by gweihir ( 88907 )

      Well, I think systemd is complete crap on architecture, design and philosophy level. I now find it is complete crap regarding its implementation as well ...

  • by DrMrLordX ( 559371 ) on Saturday June 22, 2024 @12:51PM (#64569315)

    If Lennart wants to delete your home directory then just let him do it. He knows best after all.

  • by TheNameOfNick ( 7286618 ) on Saturday June 22, 2024 @12:52PM (#64569319)

    Users are fleeting, Systemd is forever.
    U+1F926

  • by alexhs ( 877055 ) on Saturday June 22, 2024 @12:57PM (#64569323) Homepage Journal

    That Luca Boccassi is the same idiot that boasted "42% less Unix philosophy" last week.

    I guess he forgot to mention 42% less personal files...

    • Ayup, people who reinvent the wheel not only waste their own time. They also waste the time of all their users. However, Systemd is the best triangular wheel ever.
      • by ebunga ( 95613 )

        The triangle wheel is a great idea as long as you modify the road first and don't intend on doing anything other traveling along the pre-determined path. You know, that really does describe systemd.

    • "of Microsoft" (Score:5, Insightful)

      by Viol8 ( 599362 ) on Saturday June 22, 2024 @02:28PM (#64569481) Homepage

      Says it all - the bad coding, the sneering attitude and the inability to understand basic command safety protocols.

    • by niftydude ( 1745144 ) on Saturday June 22, 2024 @05:10PM (#64569757)
      If I recall correctly, one of the Unix philosophy principles has always been "safe defaults'.

      What this Boccassi fool coded was that running the command without arguments deleted everything.

      It is the equivalent of coding rm so that typing rm would have it run rm -rf / by default.

      At least now we know which 42% of the unix philosophy he removed.

      This guy isn't worthy of shining the shoes of the greats of the 1970s.
    • by Mousit ( 646085 ) on Saturday June 22, 2024 @08:16PM (#64569971)
      The whole thread on LWN [lwn.net] about this is really just a wonderful glimpse into this asshole's Pottering Protege mindset. His first response was to even question whether it happened at all, implying he couldn't even be bothered to just fucking test it.

      He also explained farther down the same thing the summary and Reg article mention, that tmpfiles hasn't been for temporary files for a very long time. It just maintains an "unfortunate legacy name" because changing that name would "break a lot of scripts". When directly asked why they don't change the package name and then simply provide a compatibility alias until scripts and such can be fully converted to the new name (you know, a bog standard thing that not only Linux distros, but even Windows and macOS do as a standard practice)?

      "That would result in a ton of bikeshedding, so can't be bothered honestly"

      And that, really, tells you all you need to know about this twat.
      • Or how about writing another command and leaving tmpfiles to do what it I assume used to do, deal with tmpfiles. Maybe call it realldangerouscommandthatmaydeleteyourhomedirectory or something like that. Assuming a user has read all or any of your documentation is just bad design, what you clicked on save and it deleted the document, really didn't the help that said it would delete you document shame on you. Its just not what users do.

    • Yes... and the Unix philosophy isn't just a technical argument about how to write good tools. It's also a description of how to build tools that "get along" with programs other people are contributing.

      Even if SystemD were consistently technically flawless, it is still an attempt to get rid of the community development process in favor of corporate control of the platform. The Unix philosophy fosters collaboration; that's a major reason the SystemD crew want to discredit it.

  • Systemd (Score:5, Insightful)

    by dotslashdot ( 694478 ) on Saturday June 22, 2024 @01:00PM (#64569329)
    I think we all know what the D in System D stands for. Dumb. This narcissistic process is destroying everything. I hate it and left Linux distros using it. Whomever adopts it is naive or an idiot. Eventually, Linux will be a subprocess of OS SystemD.
  • by Geoffrey.landis ( 926948 ) on Saturday June 22, 2024 @01:17PM (#64569347) Homepage

    response from systemd developer Luca Boccassi of Microsoft:
    So an option that is literally documented as saying "all files and directories created by a tmpfiles.d/ entry will be deleted", that you knew nothing about, sounded like a "good idea"? Did you even go and look what tmpfiles.d entries you had beforehand? Maybe don't just run random commands that you know nothing about, while ignoring what the documentation tells you? Just a thought eh

    If there were a button on your car dashboard, and the user manual said "if you press this button you will die", apparently Boccassi would say "no big deal, just don't press that button."

    I would say "don't get a car that has that button."

    • by Dwedit ( 232252 ) on Saturday June 22, 2024 @01:25PM (#64569361) Homepage

      It says "tmpfiles", and through general consensus about language and what words mean, it follows that "tmp" is short for "temporary", and "temporary files" has a specific and known meaning. "/home" is not a "temporary" file, and treating it as such violates people's understanding about language.

      • Re: (Score:3, Insightful)

        by mysidia ( 191772 )

        The tmpfiles.d Configuration specification has Flags for the things you are creating. The Line indicates whether the files are to be cleaned up "Aged out" or Not. The problem with Purge is it breaks expectations by Deleting files which are Flagged only to be added, and NOT to be Deleted, Cleaned, or Aged out.

        • by TheNameOfNick ( 7286618 ) on Saturday June 22, 2024 @02:17PM (#64569453)

          The home directory is not a "tmpfile", flagged or not. I would suggest an urgent psychological examination of anyone who thinks a program called "tmpfiles" should delete a home directory.

          • Not for your home computer it isn't. It very much is on other systems. The only difference here is we traditionally decided to simply nuke the entire OS from orbit on reboot instead of just purging the temporary user account directors of network machines in the past.

            • Not for your home computer it isn't. It very much is on other systems.

              On those systems, you specifically mark the home directory for deletion. It's not a default action.

          • The home directory is not a "tmpfile", flagged or not. I would suggest an urgent psychological examination of anyone who thinks a program called "tmpfiles" should delete a home directory.

            Well based on what I read in the summary - it sounds like you'd have to get rid of the systemd leadership.

          • by Bongo ( 13261 )

            Hey I just thought of a new meaning for /bin
            and I'm sure it'll all be fine because people only make legacy assumptions about bin.

      • by znrt ( 2424692 ) on Saturday June 22, 2024 @02:10PM (#64569443)

        this is still baffling me. i wonder how any user data that isn't explicitly created as temporary storage might end up referenced in those tmpfiles.d/ entries. it makes no fucking sense. that such a tool can simply wipe a home directory for any reason is just wrong, that the developers even insist that this is proper behavior is just asinine.

        and worrying. i was reluctantly playing along with systemd, i'm not really a linux control freak and it has its upsides, but this really makes me want to reconsider. both the design, what the tool has evolved to do with time, the damage that it can now do and how these guys react when they clearly fucked up. this is broken.

        • by Viol8 ( 599362 ) on Saturday June 22, 2024 @02:33PM (#64569495) Homepage

          It's been clear for a long time that these guys are an arrogant bunch who mistakenly think they're coding rockstars so this behaviour should come as no surprise.

        • and worrying. i was reluctantly playing along with systemd, i'm not really a linux control freak and it has its upsides,

          Which systemd upsides in particular do you like?

          • by znrt ( 2424692 )

            udev hotplug integration basically, i'm lazy, and i don't want to dig into docs at the precise moment i need some new/unknown device to work because it probably means i'm busy atm and just want the device to work.

            in general, i find distros shouldn't have adopted systemd as default, but many of them have. this has a ripple effect and going with the current mainstream is often a bonus upside for lazy people.

      • It's making a philosophical point about the impermanence of life.

        You are Ozymandias and systemd is the sands of time.

        Look upon my files ye mighty and despair!

  • "Wontfix"

  • by FudRucker ( 866063 ) on Saturday June 22, 2024 @01:22PM (#64569355)
    and it makes be feel fortunate that i use a Linux distribution that never implemented systemDumb

    kudos to Pat & Slackware, Mister V. is a wise old man, a master & wizard of Linux
  • by eneville ( 745111 ) on Saturday June 22, 2024 @01:36PM (#64569385) Homepage

    Of course a init system needs to implement rm.

    Can systemd just stick at to process/service start up. That's the thing it does ok at, the rest of it seems to be there for the purpose of making it bigger, which really doesn't suffer well.

    Some early projects to implement just the good bits seem to have gone unmaintained, sadly.

  • How about... (Score:4, Insightful)

    by Schoenlepel ( 1751646 ) on Saturday June 22, 2024 @01:47PM (#64569401)

    making a command do what its name actually implies it'll do, instead of having it do all kinds of other random things which its name does not imply?

  • Design principles (Score:4, Informative)

    by uncqual ( 836337 ) on Saturday June 22, 2024 @01:49PM (#64569403)

    Apparently systemd development doesn't adhere to the "principle of least astonishment" which I've always tried to adhere to.

    Admittedly I've not always successfully followed this principle but fortunately the resulting failures have (to my knowledge) resulted in "astonishment" such as "Why did this set of options give me a syntax error?" rather than "Where did my data go?".

    • by gweihir ( 88907 )

      The "Principle of least surprise" (as it is also called) is a very fundamental thing in all save and secure engineering. I would go so far as to say anybody that does not follow it does not qualify as engineer and is merely an "amateur cretin". And anybody that does not _know_ it is an uneducated amateur cretin.

      In physical engineering, not following this principle kills people and can get engineers sent to prison.

  • by glum64 ( 8102266 ) on Saturday June 22, 2024 @01:51PM (#64569405)
    ... and does quite well.
    Get it here [devuan.org] while the supply lasts!
    • I got to agree with that. I tried many a distro over the decades and settled on Devuan as my preferred Linux years ago and cannot be happier.
    • by gweihir ( 88907 )

      Indeed, it does. Debian without systemd is also still relatively possible, but the idiots and assholes that took over the technical board in Debian are slowly making it harder.

  • I half expected Poettering to say: won't fix, user should know better
    • That's what the numbnuts who was bragging about systemd being so much less unixy said. Apparently the unit philosophy involves not wiping out ~ on a whim

  • Obviously, the user needs to read the source code before using systemd. This is clearly a user issue. WONTFIX

  • by ukoda ( 537183 ) on Saturday June 22, 2024 @03:12PM (#64569567) Homepage
    Luca said "all files and directories created by a tmpfiles.d/ entry will be deleted". When I read that it sounds like it is simply cleaning up files created by tmpfiles. Did tmpfiles create my home directory? No, then it should leave it alone.

    It sounds like there was plenty of scope for misinterpreting what it would do, which makes Luca Boccassi sounds like a dick.
  • Figures... (Score:2, Interesting)

    by Shaitan ( 22585 )

    "systemd developer Luca Boccassi of Microsoft"

    If you are going to infest linux with anti-unix bs like systemd it figures that Microsoft would be the ones funding it. They already built one POS that only persists due to a monopoly foothold... why not let them trash the superior choice of sane people.

  • by 278MorkandMindy ( 922498 ) on Saturday June 22, 2024 @06:06PM (#64569841)

    The "cool response" is exactly what people hate about linux, although the other responses are what I would expect from a mature ecosystem

    The name has "temp files" in it. Saying someone should have read the documents that comes with it because the name is deceptive, is a real a-hole response. If something does other than the description, it should have guardrails that DON'T require documentation.

  • by swsuehr ( 612400 ) on Saturday June 22, 2024 @07:40PM (#64569937) Homepage
    When can we just get rid of systemd? Seriously. Yes, I know about devuan, but I'm talking mainline debian and downstream from there. It seems quite obvious that systemd is a failed experiment, architected by people who had little production-level server experience on the platform. If there are elements systemd does well, let's incorporate those back into the standard init system and move on without it.
    • When can we just get rid of systemd? Seriously. Yes, I know about devuan, but I'm talking mainline debian and downstream from there.

      When the users reject it, by switching to distributions which don't use it, like Devuan.

      I am using Devuan 5 with root on ZFS. I have a 4060 card and I use the latest runfile CUDA driver installer. I do have to drop to single user mode and update that manually, but the benefit is that it doesn't interfere with multiarch. Everything works great, just like you would expect it to. You can use the DE of your choice, I am using XFCE4. My current kernel (from backports) is 6.6.13, (oh look 6.7.12 is in there now..

      • by CAIMLAS ( 41445 ) on Saturday June 22, 2024 @10:33PM (#64570231)

        Take a look at popcon. People -are- rejecting systemd, in large scale - systemd-sysv (which effectively replaces systemd) is the 54th most popular Debian package, ahead of dbus, sudo, and kmod (as well as others, but those are somewhat significant). Systemd is 41, which isn't much of a margin since it's installed by default.

        https://popcon.debian.org/by_vote

        If by # of installs, it's #149, well ahead of most other stuff.

        • Debian doesn't quite work right with systemd disabled IME. There are a bunch of little tweaks that need to be made all over the place that aren't done for you. Hence Devuan. I did try Debian with sysvinit and it was too much work to fix the glitches.

  • The error of the user is to run systemd in the first place and to trust the cretins behind it.

  • It's well past time for people to consider systemd what it is: an intentional destructive, parasitic system, injected into an ecosystem in an attempt to make it unusable and undesirable. It's proponents have always been Microsoft shills and employees.

    Get. Rid. Of. It.

  • is garbage... I switched back to windows and macos... A bit sad, because Linux could be promising. But unfortunately there aren't enough people able to fund a decent linux desktop anymore... and the stuff that gets funded... is systemd...
  • by cas2000 ( 148703 ) on Sunday June 23, 2024 @01:28AM (#64570403)

    As always, the main problem with systemd is that it isn't just an init system, it does far too many things that have nothing to do with init and shouldn't be tightly coupled with any particular init system.

    Whenever shit like this blows up (a depressingly regular occurrence), the systemd fanboys say crap like "why do you care so much about something that's just an init system" - but that's exactly the problem, it's NOT just an init system, and never really has been. It does way more than any "init system" should ever do. And, worse, the scope of things that systemd tries to do just keeps on growing.

    If systemd confined its activities to system startup, i.e. unit files and scripts and the like (things that actually ARE the responsibility of an init system) it would be much less controversial - probably not controversial at all. I never have understood the fear of shell scripts pushed by systemd devs and users, but systemd's unit files aren't a bad way of doing system startup. Not perfect (nothing is), but good enough.

    But things like logging, DNS resolution, NTP / time synchronisation, home directory automounting, cron/timerd, tmp reaping, partition management, user & group management, login & logout, system console, device node management, and more should never be so tightly coupled to one particular init system, nor should that init system be so tightly coupled to one particular implementation (their own) of those things.

    And, unfortunately, systemd's adequacy at the basic requirements of init (system startup stuff*) is used to excuse its complete inadequacy at all the other things it makes a half-arsed (and sometimes scarily incompetent) attempt at doing.

    ---

    * I was going to say "system startup and shutdown stuff" here, but then I remembered that systemd is fucking awful at system shutdown. If there's a zombie process or an unkillable process (e.g. stuck in the kernel, trying to access failed hardware or an inaccessible nfs mount, being unable to unmount a filesystem because a zombie process is "using" it, etc) then systemd can loop forever waiting for that process to be killed - and the only resolution is to give up waiting and just manually power-cycle the machine. I've left a machine in this state for hours just to see if systemd would eventually just reboot or poweroff anyway. Nope.

    This is laughably cretinous coding because one of the reasons for shutting down is to deal with such issues....it might be understandable for a stuck process, but it's inexcusable for zombie processes which are trivially easy for an init system - or software in general - to detect.

    I don't particularly care how long a system takes to boot up - if it takes 30 secs or 5 minutes to boot isn't that big a deal, an annoyance at worst. But I care a lot about how long a system takes to shutdown or reboot, or whether it actually reboots or gets stuck forever - because I'm generally trying to fix a problem when I have to do that. And this is especially important when the system I'm trying to shutdown or reboot is remote and doesn't have a BMC or some way to remotely power-cycle it.

    • by Bongo ( 13261 )

      Genuine question, but I've never understood why, on macOS, launchd seems simple and straightforward, whereas in Linux, it seems to be such a difficult problem space? Is it something about servers?

  • I have encountered a problem years ago where I enabled a system logging feature - forgot which one - and used the option to clear the previous log. After that I discovered windows had cleared my complete home folder.Lost a lot of data then.

  • Software should always default safe.

    rm, if not given an explicit path or file, doesn't delete your hard drive.

    fsck, if not given an explicit device, doesn't trash all your drives.

    Software should always default safe.

  • While the fault is silly it's sillier to run random commands without knowing the outcome. Ordinary users have no reasons to run that command and I (ordinary utilitarian boring Linux user since 1999) didn't know it existed until the issue got publicity.

    If you need a safe place to practice terminal commands a virtual machine (snapshotted for effortless recovery after initial clean install) risks nothing on your host OS.

To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire

Working...