We already have covered how to manually find and delete files older than X days using "find" command in Linux. Today we will do the same, but only if the files have not been accessed for a certain period of time. Say hello to "Tmpwatch", a command line utility to recursively delete files that haven't been accessed for a given time. Not just files, tmpwatch will also delete empty directories as well.
By default, Tmpwatch will decide which files/directories should be deleted based on their
atime (access time). You can, of course, change this behaviour by using
ctime (inode change time),
mtime (modification time) values as well. Normally, Tmpwatch can be used to delete the contents of
/tmp directory and other unused and unwanted stuffs like old log files.
An important warning!!
Before start using this tool, you must know that Tmpwatch will delete files and directories recursively based on the given criteria. Do not run tmpwatch in / (root directory). This directory contains important files which are required to keep the Linux system running. If you're not careful enough, tmpwatch will delete the important system files and directories that matches the given criteria in the entire root directory. There is no safeguard mechanism built into Tmpwatch tool to prevent you from running it on root directory. So, there is no way to undo the operation. You have been warned!
Install Tmpwatch on Linux
Tmpwatch is available in the default repositories of most Linux distributions.
On Fedora, CentOS, RHEL, AlmaLinux and Rocky Linux, you can install it using command:
$ sudo dnf install tmpwatch
$ sudo zypper install tmpwatch
On Debian and its derivatives like Ubuntu, Tmpwatch is available in different name i.e Tmpreaper. Tmpreaper is mostly based on `tmpwatch-1.2/1.4' by Erik Troan from Redhat. Now, tmpreaper is being maintained for Debian by Paul Slootman.
To install tmpreaper on Debian, Ubuntu, Linux Mint, run:
$ sudo apt install tmpreaper
To launch it, run:
$ tmpreaper <options>
Or enter full path:
$ /usr/sbin/tmpreaper <options>
Delete Files That Have Not Been Accessed For A Given Time Using Tmpwatch / Tmpreaper
Usage of Tmpwatch and Tmpreaper is almost same. If you're on Debian-based systems, replace "Tmpwatch" with "Tmpreaper" in the following examples.
Delete files which are not accessed more than X days
To delete files more than 10 days old, run:
tmpwatch 10d /var/log/
The above command will delete all the files and empty directories which are not accessed more than 10 days from
Delete files which are not modified more than X days
Like I already said, Tmpwatch will delete files based on their access time. You can also delete files based on their modification time (mtime) using
For example, the following command will delete files which are not modified for the 10 days in
tmpwatch -m 10d /var/log/
-m refers the modification time and
d is the <time_spec> parameter. The <time_spec> parameter defines the age threshold for removing files. You can use the following time_spec parameters for removing files.
d- for days,
h- for hours,
m- for minutes,
s- for seconds.
Hours is the default.
For instance, to delete files which are not modified for the past 10 hours, simply run:
tmpwatch -m 10 /var/log/
As you might have noticed, I haven't used time_spec parameter in the above command. Because, h (for hours) is default parameter, so we don't have to mention it when deleting files that haven't been modified for the past X hours.
If you want to delete symlinks, not just regular files and directories, use
-s option like below.
tmpwatch -s 10 /var/log/
Delete all files
To remove all file types, not just regular files, symlinks, and directories, use
tmpwatch -a 10 /var/log/
The above command will delete all types of files including regular files, symlinks, and directories in the
Exclude directories from deletion
Sometimes, you might want to delete files, but not directories. if so, the command would be:
tmpwatch -am 10 --nodirs /var/log/
The above command will delete all files except the directories which are not modified for the past 10 hours.
Perform a test run without actually delete anything
Sometimes, you might want to view which files are actually going to be deleted. This will be helpful when running Tmpwatch on an important directory. If so, run Tmpwatch in test mode with
tmpwatch -t 30 /var/log/
Sample output from CentOS 7 server:
removing file /var/log/wtmp removing directory /var/log/ppp if empty removing directory /var/log/tuned if empty removing directory /var/log/anaconda if empty removing file /var/log/dmesg.old removing file /var/log/boot.log removing file /var/log/dnf.librepo.log
On Debian-based systems, you will see an output like below.
$ tmpreaper -t 30 /var/log/ (PID 1803) Pretending to clean up directory `/var/log/'. (PID 1804) Pretending to clean up directory `apache2'. Pretending to remove file `apache2/error.log'. Pretending to remove file `apache2/access.log'. Pretending to remove file `apache2/other_vhosts_access.log'. (PID 1804) Back from recursing down `apache2'. (PID 1804) Pretending to clean up directory `dbconfig-common'. Pretending to remove file `dbconfig-common/dbc.log'. (PID 1804) Back from recursing down `dbconfig-common'. (PID 1804) Pretending to clean up directory `dist-upgrade'. (PID 1804) Back from recursing down `dist-upgrade'. (PID 1804) Pretending to clean up directory `lxd'. (PID 1804) Back from recursing down `lxd'. Pretending to remove file `/var/log//cloud-init.log'. (PID 1804) Pretending to clean up directory `landscape'. Pretending to remove file `landscape/sysinfo.log'. (PID 1804) Back from recursing down `landscape'. [...]
This will only simulate the operation, but don't actually delete anything. Tmpwatch will simply perform a dry run and show you which files are going to be deleted in the output.
Force file deletion
If you want to forcibly delete the files, use
tmpwatch -f 10h /var/log/
Normally, the files owned by the current user, with no write access are not removed. The
-f option will delete them as well.
Skip certain files from deletion
Tmpreaper has an option to skip files from deletion. This will be useful when you want to keep certain types of files and deleting everything else. If so, use
tmpreaper --protect '*.txt' -t 10h /var/log/
This command will skip all files that have
.txt extension from deletion
(PID 2623) Pretending to clean up directory `/var/log/'. (PID 2624) Pretending to clean up directory `apache2'. Pretending to remove file `apache2/error.log'. Pretending to remove file `apache2/access.log'. Pretending to remove file `apache2/other_vhosts_access.log'. (PID 2624) Back from recursing down `apache2'. (PID 2624) Pretending to clean up directory `dbconfig-common'. Pretending to remove file `dbconfig-common/dbc.log'. (PID 2624) Back from recursing down `dbconfig-common'. (PID 2624) Pretending to clean up directory `dist-upgrade'. (PID 2624) Back from recursing down `dist-upgrade'. Pretending to remove empty directory `dist-upgrade'. Entry matching `--protect' pattern skipped. `ostechnix.txt' (PID 2624) Pretending to clean up directory `lxd'.
As you can see, Tmpreaper skips the
*.txt files from deletion.
This option is not available in Tmpwatch, by the way.
Setting up cron job to delete files periodically
You may not want to manually run Tmpwatch/Tmpreaper all the time. In that case, you could setup a cron job to automate the clean process.
When installing Tmpreaper, it will create a daily cron job (
/etc/cron.daily/tmpreaper). This job will read the options from
/etc/timereaper.conf file and act accordingly. Open the file and change the values as per your requirement. By default, Tmpreaper will delete files that 7 days older. You can, however, change this by modifying the value
"TMPREAPER_TIME=7d" in tmpreaper.conf file.
If you use "Tmpwatch", you need to manually create cron job and put the cron entry in it.
# crontab -e
Add the following line:
0 1 * * * /usr/sbin/tmpwatch 30d /var/log/
As per the above cron job, Tmpwatch will run everyday at 1am and delete files which are 30 days older.
For more details about setting cron jobs, refer the following link.
Again, please careful while using Tmpwatch/Tmpreaper commands. Double check the path before running it to avoid data loss.
For more details, refer man pages.
$ man tmpwatch
$ man tmpreaper