How folders created in /var/run on each reboot
(Thanks to @Zulakis and an answer on Serverfault for pointing out that this answer had not kept up with Ubuntu's ongoing development.)
With the adoption of systemd as of 15.04, there is now a centralized mechanism for the creation of temporary files and directories such as these. A service wishing to use this method can remove mkdir commands in its own startup script and instead place a .conf file in /etc/tmpfiles.d, /run/tmpfiles.d, or /usr/lib/tmpfiles.d, with Ubuntu services seeming to prefer the last option. For example, my system now has:
$ egrep -r /var/run /usr/lib/tmpfiles.d
/usr/lib/tmpfiles.d/var.conf:L /var/run - - - - ../run
/usr/lib/tmpfiles.d/sudo.conf:d /var/run/sudo 0711 root root
/usr/lib/tmpfiles.d/sudo.conf:D /var/run/sudo/ts 0700 root root
/usr/lib/tmpfiles.d/postgresql.conf:d /var/run/postgresql 2775 postgres postgres - -
/usr/lib/tmpfiles.d/sshd.conf:d /var/run/sshd 0755 root root
/usr/lib/tmpfiles.d/screen-cleanup.conf:d /var/run/screen 0775 root utmp
The d means to create a directory if it doesn't already exist, after that is the path, and the rest are the permissions, user, and group. These directories will be created regardless of whether the corresponding service is ever started.
For full documentation, see man tmpfiles.d.
OLD PRE-SYSTEMD ANSWER:
Looks like they're created dynamically by individual services as they start:
$ sudo egrep -r 'mkdir.*/var/run' /etc
/etc/init.d/ssh: mkdir /var/run/sshd
/etc/init.d/bind9: mkdir -p /var/run/named
/etc/init.d/timidity: mkdir -p /var/run/timidity
/etc/init.d/bzflag: mkdir -p /var/run/bzflag
/etc/init.d/dns-clean:mkdir /var/run/pppconfig >/dev/null 2>&1 || true
/etc/init/winbind.conf: mkdir -p /var/run/samba/winbindd_privileged
/etc/init/dbus.conf: mkdir -p /var/run/dbus
/etc/init/ssh.conf: mkdir -p -m0755 /var/run/sshd
/etc/init/libvirt-bin.conf: mkdir -p /var/run/libvirt
/etc/init/cups.conf: mkdir -p /var/run/cups/certs
I believe this is the one that handles mysqld:
[ -d /var/run/mysqld ] || install -m 755 -o mysql -g root -d /var/run/mysqld
/lib/init/apparmor-profile-load usr.sbin.mysqld
man install says that the -d form will "create all components of the specified directories".
The new tmpfs-mounted /run folder allows programs like udev, lvm and mdadm to keep runtime data from initrd until shutdown.
/var is a standard directory of any Linux/UNIX system - it stands for "variable" and is a place where a lot of logs, cahces, BUT also program variable settings files and even some system configuration databases reside.
Most things in /var should be properly purged and regulated by the system. Your swap files for virtual memory also live in /var so don't mess with that. /var/run also holds a lot status and parameter information of actively running process daemans.
This directory contains system information data describing the system since it was booted. Files under this directory must be cleared (removed or truncated as appropriate) at the beginning of the boot process. Programs may have a sub-directory of /var/run; this is encouraged for programs that use more than one run-time file.
Well since /var/run is mounted as tmpfs. That means it's totally empty when your machine boots and it's meant to be like this to prevent stuff like daemons not starting because of a left-over PID-file.
Startup scripts usually create the directories they need before using them. If you want to store a PID-file either put it in /var/run directly or create a directory before creating the PID-file. This is no place to store data that needs to remain there across reboots.
Sources:Pathname & Linux System Administrator's Guide
For anyone that comes across this thread because you're looking for a solution to how you can configure an application so that it creates the directory in /var/run so it can store it's sock or pid file or whatever… here's an example. I came across this thread because I wanted to store the MySQL sock file in /var/run/mysqld. So, after I came across this thread, I started looking in the /etc/init files for examples. dbus was a good one. And, I came up with this mysql startup configuration:
start on runlevel [2345]
stop on runlevel [!2345]
expect daemon
pre-start script
mkdir -p -m0755 /var/run/mysqld
chown mysql:mysql /var/run/mysqld
end script
exec /etc/init.d/mysql start
pre-stop exec /etc/init.d/mysql stop
The pre-start script part did the trick.