mirror of
https://github.com/systemd/systemd.git
synced 2024-11-24 10:43:35 +08:00
52b9b66b7d
Kill user session scope by default
460 lines
19 KiB
XML
460 lines
19 KiB
XML
<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
<!--
|
|
This file is part of systemd.
|
|
|
|
Copyright 2013 Zbigniew Jędrzejewski-Szmek
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
-->
|
|
|
|
<refentry id="systemd-run"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
|
|
<refentryinfo>
|
|
<title>systemd-run</title>
|
|
<productname>systemd</productname>
|
|
|
|
<authorgroup>
|
|
<author>
|
|
<contrib>Developer</contrib>
|
|
<firstname>Lennart</firstname>
|
|
<surname>Poettering</surname>
|
|
<email>lennart@poettering.net</email>
|
|
</author>
|
|
</authorgroup>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>systemd-run</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>systemd-run</refname>
|
|
<refpurpose>Run programs in transient scope or service or timer units</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>systemd-run</command>
|
|
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
|
<arg choice="plain"><replaceable>COMMAND</replaceable>
|
|
<arg choice="opt" rep="repeat">ARGS</arg>
|
|
</arg>
|
|
</cmdsynopsis>
|
|
<cmdsynopsis>
|
|
<command>systemd-run</command>
|
|
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
|
<arg choice="opt" rep="repeat">TIMER OPTIONS</arg>
|
|
<arg choice="req"><replaceable>COMMAND</replaceable></arg>
|
|
<arg choice="opt" rep="repeat">ARGS</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para><command>systemd-run</command> may be used to create and
|
|
start a transient <filename>.service</filename> or
|
|
<filename>.scope</filename> unit and run the specified
|
|
<replaceable>COMMAND</replaceable> in it. It may also be used to
|
|
create and start transient <filename>.timer</filename>
|
|
units.</para>
|
|
|
|
<para>If a command is run as transient service unit, it will be
|
|
started and managed by the service manager like any other service,
|
|
and thus shows up in the output of <command>systemctl
|
|
list-units</command> like any other unit. It will run in a clean
|
|
and detached execution environment, with the service manager as
|
|
its parent process. In this mode, <command>systemd-run</command>
|
|
will start the service asynchronously in the background and return
|
|
after the command has begun execution.</para>
|
|
|
|
<para>If a command is run as transient scope unit, it will be
|
|
started by <command>systemd-run</command> itself as parent process
|
|
and will thus inherit the execution environment of the
|
|
caller. However, the processes of the command are managed by the
|
|
service manager similar to normal services, and will show up in
|
|
the output of <command>systemctl list-units</command>. Execution
|
|
in this case is synchronous, and will return only when the command
|
|
finishes. This mode is enabled via the <option>--scope</option>
|
|
switch (see below). </para>
|
|
|
|
<para>If a command is run with timer options such as
|
|
<option>--on-calendar=</option> (see below), a transient timer
|
|
unit is created alongside the service unit for the specified
|
|
command. Only the transient timer unit is started immediately, the
|
|
transient service unit will be started when the transient timer
|
|
elapses. If the <option>--unit=</option> is specified, the
|
|
<replaceable>COMMAND</replaceable> may be omitted. In this case,
|
|
<command>systemd-run</command> only creates a
|
|
<filename>.timer</filename> unit that invokes the specified unit
|
|
when elapsing.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Options</title>
|
|
|
|
<para>The following options are understood:</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><option>--no-ask-password</option></term>
|
|
|
|
<listitem><para>Do not query the user for authentication for
|
|
privileged operations.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--scope</option></term>
|
|
|
|
<listitem>
|
|
<para>Create a transient <filename>.scope</filename> unit instead of
|
|
the default transient <filename>.service</filename> unit.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--unit=</option></term>
|
|
|
|
<listitem><para>Use this unit name instead of an automatically
|
|
generated one.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--property=</option></term>
|
|
<term><option>-p</option></term>
|
|
|
|
<listitem><para>Sets a unit property for the scope or service
|
|
unit that is created. This takes an assignment in the same
|
|
format as
|
|
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
|
<command>set-property</command> command.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--description=</option></term>
|
|
|
|
<listitem><para>Provide a description for the service or scope
|
|
unit. If not specified, the command itself will be used as a
|
|
description. See <varname>Description=</varname> in
|
|
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--slice=</option></term>
|
|
|
|
<listitem><para>Make the new <filename>.service</filename> or
|
|
<filename>.scope</filename> unit part of the specified slice,
|
|
instead of the <filename>system.slice</filename>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--remain-after-exit</option></term>
|
|
|
|
<listitem><para>After the service or scope process has
|
|
terminated, keep the service around until it is explicitly
|
|
stopped. This is useful to collect runtime information about
|
|
the service after it finished running. Also see
|
|
<varname>RemainAfterExit=</varname> in
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--send-sighup</option></term>
|
|
|
|
<listitem><para>When terminating the scope or service unit,
|
|
send a SIGHUP immediately after SIGTERM. This is useful to
|
|
indicate to shells and shell-like processes that the
|
|
connection has been severed. Also see
|
|
<varname>SendSIGHUP=</varname> in
|
|
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--service-type=</option></term>
|
|
|
|
<listitem><para>Sets the service type. Also see
|
|
<varname>Type=</varname> in
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
|
|
option has no effect in conjunction with
|
|
<option>--scope</option>. Defaults to
|
|
<constant>simple</constant>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--uid=</option></term>
|
|
<term><option>--gid=</option></term>
|
|
|
|
<listitem><para>Runs the service process under the UNIX user
|
|
and group. Also see <varname>User=</varname> and
|
|
<varname>Group=</varname> in
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--nice=</option></term>
|
|
|
|
<listitem><para>Runs the service process with the specified
|
|
nice level. Also see <varname>Nice=</varname> in
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-E <replaceable>NAME</replaceable>=<replaceable>VALUE</replaceable></option></term>
|
|
<term><option>--setenv=<replaceable>NAME</replaceable>=<replaceable>VALUE</replaceable></option></term>
|
|
|
|
<listitem><para>Runs the service process with the specified environment variable set.
|
|
Also see <varname>Environment=</varname> in
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--pty</option></term>
|
|
<term><option>-t</option></term>
|
|
|
|
<listitem><para>When invoking a command, the service connects
|
|
its standard input and output to the invoking tty via a
|
|
pseudo TTY device. This allows invoking binaries as services
|
|
that expect interactive user input, such as interactive
|
|
command shells.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--quiet</option></term>
|
|
<term><option>-q</option></term>
|
|
|
|
<listitem><para>Suppresses additional informational output
|
|
while running. This is particularly useful in combination with
|
|
<option>--pty</option> when it will suppress the initial
|
|
message explaining how to terminate the TTY connection.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--on-active=</option></term>
|
|
<term><option>--on-boot=</option></term>
|
|
<term><option>--on-startup=</option></term>
|
|
<term><option>--on-unit-active=</option></term>
|
|
<term><option>--on-unit-inactive=</option></term>
|
|
|
|
<listitem><para>Defines monotonic timers relative to different
|
|
starting points. Also see <varname>OnActiveSec=</varname>,
|
|
<varname>OnBootSec=</varname>,
|
|
<varname>OnStartupSec=</varname>,
|
|
<varname>OnUnitActiveSec=</varname> and
|
|
<varname>OnUnitInactiveSec=</varname> in
|
|
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
|
|
options have no effect in conjunction with
|
|
<option>--scope</option>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--on-calendar=</option></term>
|
|
|
|
<listitem><para>Defines realtime (i.e. wallclock) timers with
|
|
calendar event expressions. Also see
|
|
<varname>OnCalendar=</varname> in
|
|
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
|
|
option has no effect in conjunction with
|
|
<option>--scope</option>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--timer-property=</option></term>
|
|
|
|
<listitem><para>Sets a timer unit property for the timer unit
|
|
that is created. It is similar with
|
|
<option>--property</option> but only for created timer
|
|
unit. This option only has effect in conjunction with
|
|
<option>--on-active=</option>, <option>--on-boot=</option>,
|
|
<option>--on-startup=</option>,
|
|
<option>--on-unit-active=</option>,
|
|
<option>--on-unit-inactive=</option>,
|
|
<option>--on-calendar=</option>. This takes an assignment in
|
|
the same format as
|
|
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
|
<command>set-property</command> command.</para> </listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--no-block</option></term>
|
|
|
|
<listitem>
|
|
<para>Do not synchronously wait for the requested operation
|
|
to finish. If this is not specified, the job will be
|
|
verified, enqueued and <command>systemd-run</command> will
|
|
wait until the unit's start-up is completed. By passing this
|
|
argument, it is only verified and enqueued.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<xi:include href="user-system-options.xml" xpointer="user" />
|
|
<xi:include href="user-system-options.xml" xpointer="system" />
|
|
<xi:include href="user-system-options.xml" xpointer="host" />
|
|
<xi:include href="user-system-options.xml" xpointer="machine" />
|
|
|
|
<xi:include href="standard-options.xml" xpointer="help" />
|
|
<xi:include href="standard-options.xml" xpointer="version" />
|
|
</variablelist>
|
|
|
|
<para>All command line arguments after the first non-option
|
|
argument become part of the command line of the launched
|
|
process. If a command is run as service unit, its first argument
|
|
needs to be an absolute binary path.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Exit status</title>
|
|
|
|
<para>On success, 0 is returned, a non-zero failure
|
|
code otherwise.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Examples</title>
|
|
|
|
<example>
|
|
<title>Logging environment variables provided by systemd to services</title>
|
|
|
|
<programlisting># systemd-run env
|
|
Running as unit: run-19945.service
|
|
# journalctl -u run-19945.service
|
|
Sep 08 07:37:21 bupkis systemd[1]: Starting /usr/bin/env...
|
|
Sep 08 07:37:21 bupkis systemd[1]: Started /usr/bin/env.
|
|
Sep 08 07:37:21 bupkis env[19948]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
|
|
Sep 08 07:37:21 bupkis env[19948]: LANG=en_US.UTF-8
|
|
Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.x86_64</programlisting>
|
|
</example>
|
|
|
|
<example>
|
|
<title>Limiting resources available to a command</title>
|
|
|
|
<programlisting># systemd-run -p BlockIOWeight=10 updatedb</programlisting>
|
|
|
|
<para>This command invokes the
|
|
<citerefentry project='man-pages'><refentrytitle>updatedb</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
tool, but lowers the block I/O weight for it to 10. See
|
|
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for more information on the <varname>BlockIOWeight=</varname>
|
|
property.</para>
|
|
</example>
|
|
|
|
<example>
|
|
<title>Running commands at a specified time</title>
|
|
|
|
<para>The following command will touch a file after 30 seconds.</para>
|
|
|
|
<programlisting># date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo
|
|
Mon Dec 8 20:44:24 KST 2014
|
|
Running as unit: run-71.timer
|
|
Will run service as unit: run-71.service
|
|
# journalctl -b -u run-71.timer
|
|
-- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
|
|
Dec 08 20:44:38 container systemd[1]: Starting /bin/touch /tmp/foo.
|
|
Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo.
|
|
# journalctl -b -u run-71.service
|
|
-- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
|
|
Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo...
|
|
Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.</programlisting>
|
|
</example>
|
|
|
|
<example>
|
|
<title>Allowing access to the tty</title>
|
|
|
|
<para>The following command invokes <filename>/bin/bash</filename> as a service
|
|
passing its standard input, output and error to the calling TTY.</para>
|
|
|
|
<programlisting># systemd-run -t --send-sighup /bin/bash</programlisting>
|
|
</example>
|
|
|
|
<example>
|
|
<title>Start <command>screen</command> as a user service</title>
|
|
|
|
<programlisting>$ systemd-run --scope --user screen
|
|
Running scope as unit run-r14b0047ab6df45bfb45e7786cc839e76.scope.
|
|
|
|
$ screen -ls
|
|
There is a screen on:
|
|
492..laptop (Detached)
|
|
1 Socket in /var/run/screen/S-fatima.
|
|
</programlisting>
|
|
|
|
<para>This starts the <command>screen</command> process as a child of the
|
|
<command>systemd --user</command> process that was started by
|
|
<filename>user@.service</filename>, in a scope unit. A
|
|
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
unit is used instead of a
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
unit, because <command>screen</command> will exit when detaching from the terminal,
|
|
and a service unit would be terminated. Running <command>screen</command>
|
|
as a user unit has the advantage that it is not part of the session scope.
|
|
If <varname>KillUserProcesses=yes</varname> is configured in
|
|
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
the default, the session scope will be terminated when the user logs
|
|
out of that session.</para>
|
|
|
|
<para>The <filename>user@.service</filename> is started automatically
|
|
when the user first logs in, and stays around as long as at least one
|
|
login session is open. After the user logs out of the last session,
|
|
<filename>user@.service</filename> and all services underneath it
|
|
are terminated. This behaviour is the default, when "lingering" is
|
|
not enabled for that user. Enabling lingering means that
|
|
<filename>user@.service</filename> is started automatically during
|
|
boot, even if the user is not logged in, and that the service is
|
|
not terminated when the user logs out.</para>
|
|
|
|
<para>Enabling lingering allows the user to run processes without being logged in,
|
|
for example to allow <command>screen</command> to persist after the user logs out,
|
|
even if the session scope is terminated. In the default configuration, users can
|
|
enable lingering for themselves:</para>
|
|
|
|
<programlisting>$ loginctl enable-linger</programlisting>
|
|
</example>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|