The bug is the lack of documentation and that a simple unguarded command can erase all user’s data on the system.
Also, the principle of least surprise would like a word.
If I look at the command line arguments of a program called “systemd-tmpfiles” and one of them is called “purge” I will generally assume that option will purge temporary files.
Now it turns out that someone decided that this program would be a simple way to do something with /home directories(*) so they included /home in the config file for the program, the file that the program reads by default when it is invoked.
Who decided it would be a good idea for it to deal with /home?
(*)I have no idea what this program is doing with /home in its config file. I will presume that there is a useful and mostly logical reason for it, and that this command line option was just an unfortunate footgun for those users who were not intimately familiar with systemd.
There were talks a few years ago about changing sd-tmpfiles name but it was decide not worth it due to the churn and bikeshedding it would cause.
sd-tmpfiles is generally used to create, modify (e.g. permissions) and remove directories on the system. The home.conf is intended for systems that only ship /usr/ (e.g. containers) to create /home/ and /srv/ as a separate subvolume on btrfs
“Breaking userspace” is often considered a bug even if the code doing so is working as intended. Deleting user data because they bundle a config file deep in the directory tree for a completely different use case was not intended behavior even if one of them is defensive about the logic.
If it was intended but not properly documented as it says, why does it keep being called a bug?
The bug is the lack of documentation and that a simple unguarded command can erase all user’s data on the system.
Also, the principle of least surprise would like a word.
If I look at the command line arguments of a program called “systemd-tmpfiles” and one of them is called “purge” I will generally assume that option will purge temporary files.
Now it turns out that someone decided that this program would be a simple way to do something with /home directories(*) so they included /home in the config file for the program, the file that the program reads by default when it is invoked.
Who decided it would be a good idea for it to deal with /home?
Wellllll…
https://github.com/systemd/systemd/blob/main/tmpfiles.d/home.conf
(*)I have no idea what this program is doing with /home in its config file. I will presume that there is a useful and mostly logical reason for it, and that this command line option was just an unfortunate footgun for those users who were not intimately familiar with systemd.
There were talks a few years ago about changing sd-tmpfiles name but it was decide not worth it due to the churn and bikeshedding it would cause.
sd-tmpfiles is generally used to create, modify (e.g. permissions) and remove directories on the system. The home.conf is intended for systems that only ship /usr/ (e.g. containers) to create /home/ and /srv/ as a separate subvolume on btrfs
Home directories are temporary, obviously
“Breaking userspace” is often considered a bug even if the code doing so is working as intended. Deleting user data because they bundle a config file deep in the directory tree for a completely different use case was not intended behavior even if one of them is defensive about the logic.
it was clearly a feature