man: add sections about file node types and write access to file-hierarchy(7)

2025-01-24 02:03:54 +03:00 · 2014-07-01 01:13:50 +02:00 · 2014-07-01 01:13:50 +02:00 · c65b503d01
commit c65b503d01
parent ee43f49b78
1 changed files with 49 additions and 0 deletions
--- a/man/file-hierarchy.xml
+++ b/man/file-hierarchy.xml
@ -614,6 +614,55 @@
                </variablelist>
        </refsect1>

+        <refsect1>
+                <title>Unpriviliged Write Access</title>
+
+                <para>Unpriviliged processes generally lack
+                write access to most of the hierarchy.</para>
+
+                <para>The exceptions for normal users are
+                <filename>/tmp</filename>,
+                <filename>/var/tmp</filename>,
+                <filename>/dev/shm</filename>, as well as the home
+                directory <varname>$HOME</varname> (usually found
+                below <filename>/home</filename>) and the runtime
+                directory <varname>$XDG_RUNTIME_DIR</varname> (found
+                below <filename>/run/user</filename>) of the
+                user, which are all writable.</para>
+
+                <para>For unpriviliged system processes only
+                <filename>/tmp</filename>,
+                <filename>/var/tmp</filename> and
+                <filename>/dev/shm</filename> are writable. If an
+                unpriviliged system process needs a private, writable
+                directory in <filename>/var</filename> or
+                <filename>/run</filename>, it is recommended to either
+                create it before dropping priviliges in the daemon
+                code, to create it via
+                <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                fragments during boot, or via the
+                <varname>RuntimeDirectory=</varname> directive of
+                service units (see
+                <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                for details).</para>
+        </refsect1>
+
+        <refsect1>
+                <title>Node Types</title>
+
+                <para>Unix file systems support different types of file
+                nodes, including regular files, directories, symlinks,
+                character and block device nodes, sockets and FIFOs.</para>
+
+                <para>It is strongly recommended that
+                <filename>/dev</filename> is the only location below
+                which device nodes shall be placed. Similar,
+                <filename>/run</filename> shall be the only location
+                to place sockets and FIFOs. Regular files,
+                directories and symlinks may be used in all
+                directories.</para>
+        </refsect1>
+
        <refsect1>
                <title>System Packages</title>