2021-12-15
User runtime directories on modern Linux, aka /run/user/<uid>
If you've used a "modern" Linux, which is to say a Linux running
systemd, you may have noticed one or more /run/user/<uid> directory
hierarchies. These are especially noticeable on systems with a bunch
of users logged into them (such as many of our servers), because each of these directory
trees is a separate tmpfs mount. These are a systemd feature that's
generally called a "user runtime directory".
The mounts and so on are normally created (and destroyed) through
pam_systemd,
assuming that it's part of your PAM stack and you're running all
of the relevant systemd bits. I believe that the actual work may
be done behind the scenes by systemd's logind stuff, with pam_systemd
calling out to it to start things. This PAM module also sets up
$XDG_RUNTIME_DIR to point into the user's runtime directory.
At least some of the time, you can also wind up with at least a
$DBUS_SESSION_BUS_ADDRESS environment variable that points into
your user runtime directory.
(On sufficiently recent systemd based systems, there's also the user-runtime-dir systemd service, which I think logind uses to actually do the work of creating the user runtime directory. Our Ubuntu 20.04 servers and my Fedora machines have this service, but our 18.04 machines don't.)
To generalize, the purpose of the user runtime directory is to
replace all of the various traditional uses of /tmp for session
related files, subdirectories, and so on. A locked down, automatically
managed per-user directory tree for this purpose is more secure and
also allows for nicer naming of things; your DBUS session bus can
just be at /run/user/<uid>/bus instead of, say, /tmp/dbus-<big
jumble>. This also provides systemd with a place to put its own
per-user stuff, such as some user systemd session information.
As you can see from looking at your own /run/user directory, any number of things have been updated to put their files there on a modern Linux machine. This happens both for desktop logins and for remote logins, especially if you have a relatively full package set installed; our Ubuntu 20.04 servers give me a healthy collection of running services and /run/user entries even on SSH logins. I don't know what all of these updated programs do on systems that don't use systemd and may not have user runtime directories. There can also be mysterious FUSE filesystems mounted there, like /run/user/<uid>/doc on my Fedora 24 machine.
(It's my impression that programs make more user runtime directories and use less obvious names than they might have in the /tmp era. Or perhaps not; our /tmp directories are full of oddly named clutter too, even today.)
You're probably free to use your user runtime directory for your own programs, or just for things in general. It does have size limits, and since it's a tmpfs, the space you use up is coming out of your own RAM. But watch out; at least one thing feels free to dump a potentially large log file into your /run/user directory.
(This behavior wasn't really great even in the days when it might be writing that log to /tmp. It's even less so today.)