Shortly after systemd version 256 comes 256.1, which fixes a handful of bugs. One of them is emphatic not systemd-tmpfiles recursively delete your entire home directory. That is a characteristic.
The 256.1 release is out now and contains around 38 minor changes and bug fixes. This includes some changes to the help text surrounding the systemd-tmpfiles command, which describes itself as a tool to “create, delete, and clean files and directories.” Red Hat’s RHEL documentation describes it as a tool for managing and cleaning your temporary files.
That sounds innocent enough, right?
That’s not the case, as GitHub user jedenastka discovered on Friday. He filed bug #33349 and the description is gripping to read, not only because of the fully intended behavior of the tool, but also because of the response from the systemd administrators, which could be summarized as “you’re doing it wrong.”
The systemd-tmpfiles command manages files according to a specification file called tmpfiles.d, and has, among many others, an option called --purgewhich sounds quite useful according to its own manual:
In fact, one of the issues fixed in version 256.1 dates back five years systemd-tmpfiles had gone beyond managing just temporary files – as the name might suggest to the unwary user. Now it manages all kinds of files created on-site, such as things like users’ home folders. If you rely on the systemd-tmpfiles --purge command without giving up that very important configuration file which tells which files to process, version 256 will be happily cleaned up your entire home folder.
That nice piece of information broke through on Mastodon and has attracted a lot of attention. Some of this is focused on the initial response to systemd team member Luca Boccassi’s bug report:
If you’re not familiar with Boccassi’s name, he’s the guy who came up with the pithy phrase “now with 42% less Unix philosophy,” which we reported on last week in our story on the release of systemd 256.
No, it doesn’t come from system father Lennart “Agent P” Poettering. We do note that Bocassi is Poettering’s colleague at Microsoft. And we didn’t just use the line for that Hitchhikers guide reference, but because it really made us chuckle. But in the delicate world of open source politics, sometimes a little more diplomacy may be needed.
So despite an initially quite hostile response along the lines of the command only doing what it said on the tin, always reading the label, being able to contain nuts, etc., this command has now produced a few more warnings. Now the --purge subcommand insists on a specification file, the command summary is more explicit and warns of care, there is a warning in the man page and the description of the systemd-tmpfiles tool no longer contains the word “temporary”. It’s not much, but it’s something. This is of course in addition to other modest changes.
It’s a useful reminder for everyone involved. We are all busy and no one has time to read the documents completely every time. Names are important, and the rest of the world probably won’t notice if you change what a tool does if its name still refers to a now-outdated definition.
A little joke can go around the world in the time it takes one bad command to erase all your data, which – thanks to SSDs – happens faster than ever. These tools are written and maintained by small teams of just people, and people mess up every now and then. And if your command has the potential to do something very dangerous, don’t just let people do it without warning and checking. ®