mirror of
https://github.com/systemd/systemd.git
synced 2024-11-27 04:03:36 +08:00
2072 lines
117 KiB
XML
2072 lines
117 KiB
XML
<?xml version='1.0'?>
|
||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||
<!ENTITY % entities SYSTEM "custom-entities.ent" >
|
||
%entities;
|
||
]>
|
||
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
||
|
||
<refentry id="systemd.unit"
|
||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||
|
||
<refentryinfo>
|
||
<title>systemd.unit</title>
|
||
<productname>systemd</productname>
|
||
</refentryinfo>
|
||
|
||
<refmeta>
|
||
<refentrytitle>systemd.unit</refentrytitle>
|
||
<manvolnum>5</manvolnum>
|
||
</refmeta>
|
||
|
||
<refnamediv>
|
||
<refname>systemd.unit</refname>
|
||
<refpurpose>Unit configuration</refpurpose>
|
||
</refnamediv>
|
||
|
||
<refsynopsisdiv>
|
||
<para><filename><replaceable>service</replaceable>.service</filename>,
|
||
<filename><replaceable>socket</replaceable>.socket</filename>,
|
||
<filename><replaceable>device</replaceable>.device</filename>,
|
||
<filename><replaceable>mount</replaceable>.mount</filename>,
|
||
<filename><replaceable>automount</replaceable>.automount</filename>,
|
||
<filename><replaceable>swap</replaceable>.swap</filename>,
|
||
<filename><replaceable>target</replaceable>.target</filename>,
|
||
<filename><replaceable>path</replaceable>.path</filename>,
|
||
<filename><replaceable>timer</replaceable>.timer</filename>,
|
||
<filename><replaceable>slice</replaceable>.slice</filename>,
|
||
<filename><replaceable>scope</replaceable>.scope</filename></para>
|
||
|
||
<refsect2>
|
||
<title>System Unit Search Path</title>
|
||
|
||
<para><literallayout><filename>/etc/systemd/system.control/*</filename>
|
||
<filename>/run/systemd/system.control/*</filename>
|
||
<filename>/run/systemd/transient/*</filename>
|
||
<filename>/run/systemd/generator.early/*</filename>
|
||
<filename>/etc/systemd/system/*</filename>
|
||
<filename>/etc/systemd/systemd.attached/*</filename>
|
||
<filename>/run/systemd/system/*</filename>
|
||
<filename>/run/systemd/systemd.attached/*</filename>
|
||
<filename>/run/systemd/generator/*</filename>
|
||
<filename index='false'>…</filename>
|
||
<filename>/usr/lib/systemd/system/*</filename>
|
||
<filename>/run/systemd/generator.late/*</filename></literallayout></para>
|
||
</refsect2>
|
||
|
||
<refsect2>
|
||
<title>User Unit Search Path</title>
|
||
<para><literallayout><filename>~/.config/systemd/user.control/*</filename>
|
||
<filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename>
|
||
<filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename>
|
||
<filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename>
|
||
<filename>$XDG_CONFIG_HOME/systemd/user/*</filename>
|
||
<filename>$XDG_CONFIG_DIRS/systemd/user/*</filename>
|
||
<filename>/etc/systemd/user/*</filename>
|
||
<filename>$XDG_RUNTIME_DIR/systemd/user/*</filename>
|
||
<filename>/run/systemd/user/*</filename>
|
||
<filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename>
|
||
<filename>$XDG_DATA_HOME/systemd/user/*</filename>
|
||
<filename>$XDG_DATA_DIRS/systemd/user/*</filename>
|
||
<filename index='false'>…</filename>
|
||
<filename>/usr/lib/systemd/user/*</filename>
|
||
<filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></literallayout></para>
|
||
</refsect2>
|
||
|
||
</refsynopsisdiv>
|
||
|
||
<refsect1>
|
||
<title>Description</title>
|
||
|
||
<para>A unit file is a plain text ini-style file that encodes information about a service, a
|
||
socket, a device, a mount point, an automount point, a swap file or partition, a start-up
|
||
target, a watched file system path, a timer controlled and supervised by
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, a
|
||
resource management slice or a group of externally created processes. See
|
||
<citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||
for a general description of the syntax.</para>
|
||
|
||
<para>This man page lists the common configuration options of all
|
||
the unit types. These options need to be configured in the [Unit]
|
||
or [Install] sections of the unit files.</para>
|
||
|
||
<para>In addition to the generic [Unit] and [Install] sections
|
||
described here, each unit may have a type-specific section, e.g.
|
||
[Service] for a service unit. See the respective man pages for
|
||
more information:
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||
</para>
|
||
|
||
<para>Unit files are loaded from a set of paths determined during compilation, described in the next
|
||
section.</para>
|
||
|
||
<para>Valid unit names consist of a "name prefix" and a dot and a suffix specifying the unit type. The
|
||
"unit prefix" must consist of one or more valid characters (ASCII letters, digits, <literal>:</literal>,
|
||
<literal>-</literal>, <literal>_</literal>, <literal>.</literal>, and <literal>\</literal>). The total
|
||
length of the unit name including the suffix must not exceed 256 characters. The type suffix must be one
|
||
of <literal>.service</literal>, <literal>.socket</literal>, <literal>.device</literal>,
|
||
<literal>.mount</literal>, <literal>.automount</literal>, <literal>.swap</literal>,
|
||
<literal>.target</literal>, <literal>.path</literal>, <literal>.timer</literal>,
|
||
<literal>.slice</literal>, or <literal>.scope</literal>.</para>
|
||
|
||
<para>Units names can be parameterized by a single argument called the "instance name". The unit is then
|
||
constructed based on a "template file" which serves as the definition of multiple services or other
|
||
units. A template unit must have a single <literal>@</literal> at the end of the name (right before the
|
||
type suffix). The name of the full unit is formed by inserting the instance name between
|
||
<literal>@</literal> and the unit type suffix. In the unit file itself, the instance parameter may be
|
||
referred to using <literal>%i</literal> and other specifiers, see below.</para>
|
||
|
||
<para>Unit files may contain additional options on top of those
|
||
listed here. If systemd encounters an unknown option, it will
|
||
write a warning log message but continue loading the unit. If an
|
||
option or section name is prefixed with <option>X-</option>, it is
|
||
ignored completely by systemd. Options within an ignored section
|
||
do not need the prefix. Applications may use this to include
|
||
additional information in the unit files.</para>
|
||
|
||
<para>Units can be aliased (have an alternative name), by creating a symlink from the new name to the
|
||
existing name in one of the unit search paths. For example, <filename>systemd-networkd.service</filename>
|
||
has the alias <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as
|
||
a symlink, so when <command>systemd</command> is asked through D-Bus to load
|
||
<filename>dbus-org.freedesktop.network1.service</filename>, it'll load
|
||
<filename>systemd-networkd.service</filename>. As another example, <filename>default.target</filename> —
|
||
the default system target started at boot — is commonly symlinked (aliased) to either
|
||
<filename>multi-user.target</filename> or <filename>graphical.target</filename> to select what is started
|
||
by default. Alias names may be used in commands like <command>disable</command>,
|
||
<command>start</command>, <command>stop</command>, <command>status</command>, and similar, and in all
|
||
unit dependency directives, including <varname>Wants=</varname>, <varname>Requires=</varname>,
|
||
<varname>Before=</varname>, <varname>After=</varname>. Aliases cannot be used with the
|
||
<command>preset</command> command.</para>
|
||
|
||
<para>Aliases obey the following restrictions: a unit of a certain type (<literal>.service</literal>,
|
||
<literal>.socket</literal>, …) can only be aliased by a name with the same type suffix. A plain unit (not
|
||
a template or an instance), may only be aliased by a plain name. A template instance may only be aliased
|
||
by another template instance, and the instance part must be identical. A template may be aliased by
|
||
another template (in which case the alias applies to all instances of the template). As a special case, a
|
||
template instance (e.g. <literal>alias@inst.service</literal>) may be a symlink to different template
|
||
(e.g. <literal>template@inst.service</literal>). In that case, just this specific instance is aliased,
|
||
while other instances of the template (e.g. <literal>alias@foo.service</literal>,
|
||
<literal>alias@bar.service</literal>) are not aliased. Those rule preserve the requirement that the
|
||
instance (if any) is always uniquely defined for a given unit and all its aliases.</para>
|
||
|
||
<para>Unit files may specify aliases through the <varname>Alias=</varname> directive in the [Install]
|
||
section. When the unit is enabled, symlinks will be created for those names, and removed when the unit is
|
||
disabled. For example, <filename>reboot.target</filename> specifies
|
||
<varname>Alias=ctrl-alt-del.target</varname>, so when enabled, the symlink
|
||
<filename>/etc/systemd/systemd/ctrl-alt-del.service</filename> pointing to the
|
||
<filename>reboot.target</filename> file will be created, and when
|
||
<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Del</keycap></keycombo> is invoked,
|
||
<command>systemd</command> will look for the <filename>ctrl-alt-del.service</filename> and execute
|
||
<filename>reboot.service</filename>. <command>systemd</command> does not look at the [Install] section at
|
||
all during normal operation, so any directives in that section only have an effect through the symlinks
|
||
created during enablement.</para>
|
||
|
||
<para>Along with a unit file <filename>foo.service</filename>, the directory
|
||
<filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a directory are
|
||
implicitly added as dependencies of type <varname>Wants=</varname> to the unit. Similar functionality
|
||
exists for <varname>Requires=</varname> type dependencies as well, the directory suffix is
|
||
<filename>.requires/</filename> in this case. This functionality is useful to hook units into the
|
||
start-up of other units, without having to modify their unit files. For details about the semantics of
|
||
<varname>Wants=</varname>, see below. The preferred way to create symlinks in the
|
||
<filename>.wants/</filename> or <filename>.requires/</filename> directory of a unit file is by embedding
|
||
the dependency in [Install] section of the target unit, and creating the symlink in the file system with
|
||
the <command>enable</command> or <command>preset</command> commands of
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
||
|
||
<para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory
|
||
<filename>foo.service.d/</filename> may exist. All files with the suffix <literal>.conf</literal> from this
|
||
directory will be parsed after the unit file itself is parsed. This is useful to alter or add configuration
|
||
settings for a unit, without having to modify unit files. Drop-in files must contain appropriate section
|
||
headers. For instantiated units, this logic will first look for the instance <literal>.d/</literal> subdirectory
|
||
(e.g. <literal>foo@bar.service.d/</literal>) and read its <literal>.conf</literal> files, followed by the template
|
||
<literal>.d/</literal> subdirectory (e.g. <literal>foo@.service.d/</literal>) and the <literal>.conf</literal>
|
||
files there. Moreover for units names containing dashes (<literal>-</literal>), the set of directories generated by
|
||
truncating the unit name after all dashes is searched too. Specifically, for a unit name
|
||
<filename>foo-bar-baz.service</filename> not only the regular drop-in directory
|
||
<filename>foo-bar-baz.service.d/</filename> is searched but also both <filename>foo-bar-.service.d/</filename> and
|
||
<filename>foo-.service.d/</filename>. This is useful for defining common drop-ins for a set of related units, whose
|
||
names begin with a common prefix. This scheme is particularly useful for mount, automount and slice units, whose
|
||
systematic naming structure is built around dashes as component separators. Note that equally named drop-in files
|
||
further down the prefix hierarchy override those further up,
|
||
i.e. <filename>foo-bar-.service.d/10-override.conf</filename> overrides
|
||
<filename>foo-.service.d/10-override.conf</filename>.</para>
|
||
|
||
<para>In cases of unit aliases (described above), dropins for the aliased name and all aliases are
|
||
loaded. In the example of <filename>default.target</filename> aliasing
|
||
<filename>graphical.target</filename>, <filename>default.target.d/</filename>,
|
||
<filename>default.target.wants/</filename>, <filename>default.target.requires/</filename>,
|
||
<filename>graphical.target.d/</filename>, <filename>graphical.target.wants/</filename>,
|
||
<filename>graphical.target.requires/</filename> would all be read. For templates, dropins for the
|
||
template, any template aliases, the template instance, and all alias instances are read. When just a
|
||
specific template instance is aliased, then the dropins for the target template, the target template
|
||
instance, and the alias template instance are read.</para>
|
||
|
||
<para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d/</literal>
|
||
directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or
|
||
<filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc/</filename>
|
||
take precedence over those in <filename>/run/</filename> which in turn take precedence over those
|
||
in <filename>/usr/lib/</filename>. Drop-in files under any of these directories take precedence
|
||
over unit files wherever located. Multiple drop-in files with different names are applied in
|
||
lexicographic order, regardless of which of the directories they reside in.</para>
|
||
|
||
<para>Units also support a top-level drop-in with <filename><replaceable>type</replaceable>.d/</filename>,
|
||
where <replaceable>type</replaceable> may be e.g. <literal>service</literal> or <literal>socket</literal>,
|
||
that allows altering or adding to the settings of all corresponding unit files on the system.
|
||
The formatting and precedence of applying drop-in configurations follow what is defined above.
|
||
Configurations in <filename><replaceable>type</replaceable>.d/</filename> have the lowest precedence
|
||
compared to settings in the name specific override directories. So the contents of
|
||
<filename>foo-.service.d/10-override.conf</filename> would override
|
||
<filename>service.d/10-override.conf</filename>.</para>
|
||
|
||
<para>Note that while systemd offers a flexible dependency system
|
||
between units it is recommended to use this functionality only
|
||
sparingly and instead rely on techniques such as bus-based or
|
||
socket-based activation which make dependencies implicit,
|
||
resulting in a both simpler and more flexible system.</para>
|
||
|
||
<para>As mentioned above, a unit may be instantiated from a template file. This allows creation
|
||
of multiple units from a single configuration file. If systemd looks for a unit configuration
|
||
file, it will first search for the literal unit name in the file system. If that yields no
|
||
success and the unit name contains an <literal>@</literal> character, systemd will look for a
|
||
unit template that shares the same name but with the instance string (i.e. the part between the
|
||
<literal>@</literal> character and the suffix) removed. Example: if a service
|
||
<filename>getty@tty3.service</filename> is requested and no file by that name is found, systemd
|
||
will look for <filename>getty@.service</filename> and instantiate a service from that
|
||
configuration file if it is found.</para>
|
||
|
||
<para>To refer to the instance string from within the
|
||
configuration file you may use the special <literal>%i</literal>
|
||
specifier in many of the configuration options. See below for
|
||
details.</para>
|
||
|
||
<para>If a unit file is empty (i.e. has the file size 0) or is
|
||
symlinked to <filename>/dev/null</filename>, its configuration
|
||
will not be loaded and it appears with a load state of
|
||
<literal>masked</literal>, and cannot be activated. Use this as an
|
||
effective way to fully disable a unit, making it impossible to
|
||
start it even manually.</para>
|
||
|
||
<para>The unit file format is covered by the
|
||
<ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface
|
||
Portability and Stability Promise</ulink>.</para>
|
||
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>String Escaping for Inclusion in Unit Names</title>
|
||
|
||
<para>Sometimes it is useful to convert arbitrary strings into unit names. To facilitate this, a method of string
|
||
escaping is used, in order to map strings containing arbitrary byte values (except <constant>NUL</constant>) into
|
||
valid unit names and their restricted character set. A common special case are unit names that reflect paths to
|
||
objects in the file system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device
|
||
with the device node <filename index="false">/dev/sda</filename> in the file system.</para>
|
||
|
||
<para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is replaced by
|
||
<literal>-</literal>, and all other characters which are not ASCII alphanumerics or <literal>_</literal> are
|
||
replaced by C-style <literal>\x2d</literal> escapes. In addition, <literal>.</literal> is replaced with such a
|
||
C-style escape when it would appear as the first character in the escaped string.</para>
|
||
|
||
<para>When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the
|
||
root directory <literal>/</literal> is encoded as single dash <literal>-</literal>. In addition, any leading,
|
||
trailing or duplicate <literal>/</literal> characters are removed from the string before transformation. Example:
|
||
<filename index="false">/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para>
|
||
|
||
<para>This escaping is fully reversible, as long as it is known whether the escaped string was a path (the
|
||
unescaping results are different for paths and non-path strings). The
|
||
<citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> command may be
|
||
used to apply and reverse escaping on arbitrary strings. Use <command>systemd-escape --path</command> to escape
|
||
path strings, and <command>systemd-escape</command> without <option>--path</option> otherwise.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Automatic dependencies</title>
|
||
|
||
<refsect2>
|
||
<title>Implicit Dependencies</title>
|
||
|
||
<para>A number of unit dependencies are implicitly established, depending on unit type and
|
||
unit configuration. These implicit dependencies can make unit configuration file cleaner. For
|
||
the implicit dependencies in each unit type, please refer to section "Implicit Dependencies"
|
||
in respective man pages.</para>
|
||
|
||
<para>For example, service units with <varname>Type=dbus</varname> automatically acquire
|
||
dependencies of type <varname>Requires=</varname> and <varname>After=</varname> on
|
||
<filename>dbus.socket</filename>. See
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details.</para>
|
||
</refsect2>
|
||
|
||
<refsect2>
|
||
<title>Default Dependencies</title>
|
||
|
||
<para>Default dependencies are similar to implicit dependencies, but can be turned on and off
|
||
by setting <varname>DefaultDependencies=</varname> to <varname>yes</varname> (the default) and
|
||
<varname>no</varname>, while implicit dependencies are always in effect. See section "Default
|
||
Dependencies" in respective man pages for the effect of enabling
|
||
<varname>DefaultDependencies=</varname> in each unit types.</para>
|
||
|
||
<para>For example, target units will complement all configured dependencies of type
|
||
<varname>Wants=</varname> or <varname>Requires=</varname> with dependencies of type
|
||
<varname>After=</varname> unless <varname>DefaultDependencies=no</varname> is set in the
|
||
specified units. See
|
||
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details. Note that this behavior can be turned off by setting
|
||
<varname>DefaultDependencies=no</varname>.</para>
|
||
</refsect2>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Unit File Load Path</title>
|
||
|
||
<para>Unit files are loaded from a set of paths determined during
|
||
compilation, described in the two tables below. Unit files found
|
||
in directories listed earlier override files with the same name in
|
||
directories lower in the list.</para>
|
||
|
||
<para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set,
|
||
the contents of this variable overrides the unit load path. If
|
||
<varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component
|
||
(<literal>:</literal>), the usual unit load path will be appended
|
||
to the contents of the variable.</para>
|
||
|
||
<table>
|
||
<title>
|
||
Load path when running in system mode (<option>--system</option>).
|
||
</title>
|
||
|
||
<tgroup cols='2'>
|
||
<colspec colname='path' />
|
||
<colspec colname='expl' />
|
||
<thead>
|
||
<row>
|
||
<entry>Path</entry>
|
||
<entry>Description</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry><filename>/etc/systemd/system.control</filename></entry>
|
||
<entry morerows="1">Persistent and transient configuration created using the dbus API</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/system.control</filename></entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/transient</filename></entry>
|
||
<entry>Dynamic configuration for transient units</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/generator.early</filename></entry>
|
||
<entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry
|
||
><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/etc/systemd/system</filename></entry>
|
||
<entry>System units created by the administrator</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/system</filename></entry>
|
||
<entry>Runtime units</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/generator</filename></entry>
|
||
<entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry
|
||
><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/usr/local/lib/systemd/system</filename></entry>
|
||
<entry>System units installed by the administrator </entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/usr/lib/systemd/system</filename></entry>
|
||
<entry>System units installed by the distribution package manager</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/generator.late</filename></entry>
|
||
<entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry
|
||
><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
|
||
<table>
|
||
<title>
|
||
Load path when running in user mode (<option>--user</option>).
|
||
</title>
|
||
|
||
<tgroup cols='2'>
|
||
<colspec colname='path' />
|
||
<colspec colname='expl' />
|
||
<thead>
|
||
<row>
|
||
<entry>Path</entry>
|
||
<entry>Description</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry><filename>$XDG_CONFIG_HOME/systemd/user.control</filename> or <filename
|
||
>~/.config/systemd/user.control</filename></entry>
|
||
<entry morerows="1">Persistent and transient configuration created using the dbus API (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_RUNTIME_DIR/systemd/user.control</filename></entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/transient</filename></entry>
|
||
<entry>Dynamic configuration for transient units</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/generator.early</filename></entry>
|
||
<entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry
|
||
><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_CONFIG_HOME/systemd/user</filename> or <filename>$HOME/.config/systemd/user</filename></entry>
|
||
<entry>User configuration (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_CONFIG_DIRS/systemd/user</filename> or <filename>/etc/xdg/systemd/user</filename></entry>
|
||
<entry>Additional configuration directories as specified by the XDG base directory specification (<varname>$XDG_CONFIG_DIRS</varname> is used if set, <filename>/etc/xdg</filename> otherwise)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/etc/systemd/user</filename></entry>
|
||
<entry>User units created by the administrator</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry>
|
||
<entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/user</filename></entry>
|
||
<entry>Runtime units</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_RUNTIME_DIR/systemd/generator</filename></entry>
|
||
<entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry
|
||
><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_DATA_HOME/systemd/user</filename> or <filename>$HOME/.local/share/systemd/user</filename></entry>
|
||
<entry>Units of packages that have been installed in the home directory (<varname>$XDG_DATA_HOME</varname> is used if set, <filename>~/.local/share</filename> otherwise)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_DATA_DIRS/systemd/user</filename> or <filename>/usr/local/share/systemd/user</filename> and <filename>/usr/share/systemd/user</filename></entry>
|
||
<entry>Additional data directories as specified by the XDG base directory specification (<varname>$XDG_DATA_DIRS</varname> is used if set, <filename>/usr/local/share</filename> and <filename>/usr/share</filename> otherwise)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$dir/systemd/user</filename> for each <varname index="false">$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry>
|
||
<entry>Additional locations for installed user units, one for each entry in <varname>$XDG_DATA_DIRS</varname></entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/usr/local/lib/systemd/user</filename></entry>
|
||
<entry>User units installed by the administrator</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/usr/lib/systemd/user</filename></entry>
|
||
<entry>User units installed by the distribution package manager</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename></entry>
|
||
<entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry
|
||
><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
|
||
<para>The set of load paths for the user manager instance may be augmented or
|
||
changed using various environment variables. And environment variables may in
|
||
turn be set using environment generators, see
|
||
<citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||
In particular, <varname>$XDG_DATA_HOME</varname> and
|
||
<varname>$XDG_DATA_DIRS</varname> may be easily set using
|
||
<citerefentry><refentrytitle>systemd-environment-d-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||
Thus, directories listed here are just the defaults. To see the actual list that
|
||
would be used based on compilation options and current environment use
|
||
<programlisting>systemd-analyze --user unit-paths</programlisting>
|
||
</para>
|
||
|
||
<para>Moreover, additional units might be loaded into systemd from
|
||
directories not on the unit load path by creating a symlink pointing to a
|
||
unit file in the directories. You can use <command>systemctl link</command>
|
||
for this operation. See
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
for its usage and precaution.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Unit Garbage Collection</title>
|
||
|
||
<para>The system and service manager loads a unit's configuration automatically when a unit is referenced for the
|
||
first time. It will automatically unload the unit configuration and state again when the unit is not needed anymore
|
||
("garbage collection"). A unit may be referenced through a number of different mechanisms:</para>
|
||
|
||
<orderedlist>
|
||
<listitem><para>Another loaded unit references it with a dependency such as <varname>After=</varname>,
|
||
<varname>Wants=</varname>, …</para></listitem>
|
||
|
||
<listitem><para>The unit is currently starting, running, reloading or stopping.</para></listitem>
|
||
|
||
<listitem><para>The unit is currently in the <constant>failed</constant> state. (But see below.)</para></listitem>
|
||
|
||
<listitem><para>A job for the unit is pending.</para></listitem>
|
||
|
||
<listitem><para>The unit is pinned by an active IPC client program.</para></listitem>
|
||
|
||
<listitem><para>The unit is a special "perpetual" unit that is always active and loaded. Examples for perpetual
|
||
units are the root mount unit <filename>-.mount</filename> or the scope unit <filename>init.scope</filename> that
|
||
the service manager itself lives in.</para></listitem>
|
||
|
||
<listitem><para>The unit has running processes associated with it.</para></listitem>
|
||
</orderedlist>
|
||
|
||
<para>The garbage collection logic may be altered with the <varname>CollectMode=</varname> option, which allows
|
||
configuration whether automatic unloading of units that are in <constant>failed</constant> state is permissible,
|
||
see below.</para>
|
||
|
||
<para>Note that when a unit's configuration and state is unloaded, all execution results, such as exit codes, exit
|
||
signals, resource consumption and other statistics are lost, except for what is stored in the log subsystem.</para>
|
||
|
||
<para>Use <command>systemctl daemon-reload</command> or an equivalent command to reload unit configuration while
|
||
the unit is already loaded. In this case all configuration settings are flushed out and replaced with the new
|
||
configuration (which however might not be in effect immediately), however all runtime state is
|
||
saved/restored.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[Unit] Section Options</title>
|
||
|
||
<para>The unit file may include a [Unit] section, which carries
|
||
generic information about the unit that is not dependent on the
|
||
type of unit:</para>
|
||
|
||
<variablelist class='unit-directives'>
|
||
<varlistentry>
|
||
<term><varname>Description=</varname></term>
|
||
<listitem><para>A human readable name for the unit. This is used by
|
||
<command>systemd</command> (and other UIs) as the label for the unit, so this string should
|
||
identify the unit rather than describe it, despite the name. <literal>Apache2 Web
|
||
Server</literal> is a good example. Bad examples are <literal>high-performance light-weight
|
||
HTTP server</literal> (too generic) or <literal>Apache2</literal> (too specific and
|
||
meaningless for people who do not know Apache). <command>systemd</command> will use this
|
||
string as a noun in status messages (<literal>Starting
|
||
<replaceable>description</replaceable>...</literal>, <literal>Started
|
||
<replaceable>description</replaceable>.</literal>, <literal>Reached target
|
||
<replaceable>description</replaceable>.</literal>, <literal>Failed to start
|
||
<replaceable>description</replaceable>.</literal>), so it should be capitalized, and should
|
||
not be a full sentence or a phrase with a continuous verb. Bad examples include
|
||
<literal>exiting the container</literal> or <literal>updating the database once per
|
||
day.</literal>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Documentation=</varname></term>
|
||
<listitem><para>A space-separated list of URIs referencing
|
||
documentation for this unit or its configuration. Accepted are
|
||
only URIs of the types <literal>http://</literal>,
|
||
<literal>https://</literal>, <literal>file:</literal>,
|
||
<literal>info:</literal>, <literal>man:</literal>. For more
|
||
information about the syntax of these URIs, see <citerefentry
|
||
project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||
The URIs should be listed in order of relevance, starting with
|
||
the most relevant. It is a good idea to first reference
|
||
documentation that explains what the unit's purpose is,
|
||
followed by how it is configured, followed by any other
|
||
related documentation. This option may be specified more than
|
||
once, in which case the specified list of URIs is merged. If
|
||
the empty string is assigned to this option, the list is reset
|
||
and all prior assignments will have no
|
||
effect.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Wants=</varname></term>
|
||
|
||
<listitem><para>Configures requirement dependencies on other units. This option may be specified more
|
||
than once or multiple space-separated units may be specified in one option in which case dependencies
|
||
for all listed names will be created. Dependencies of this type may also be configured outside of the
|
||
unit configuration file by adding a symlink to a <filename>.wants/</filename> directory accompanying
|
||
the unit file. For details, see above.</para>
|
||
|
||
<para>Units listed in this option will be started if the configuring unit is. However, if the listed
|
||
units fail to start or cannot be added to the transaction, this has no impact on the validity of the
|
||
transaction as a whole, and this unit will still be started. This is the recommended way to hook
|
||
the start-up of one unit to the start-up of another unit.</para>
|
||
|
||
<para>Note that requirement dependencies do not influence the order in which services are started or
|
||
stopped. This has to be configured independently with the <varname>After=</varname> or
|
||
<varname>Before=</varname> options. If unit <filename>foo.service</filename> pulls in unit
|
||
<filename>bar.service</filename> as configured with <varname>Wants=</varname> and no ordering is
|
||
configured with <varname>After=</varname> or <varname>Before=</varname>, then both units will be
|
||
started simultaneously and without any delay between them if <filename>foo.service</filename> is
|
||
activated.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Requires=</varname></term>
|
||
|
||
<listitem><para>Similar to <varname>Wants=</varname>, but declares a stronger
|
||
dependency. Dependencies of this type may also be configured by adding a symlink to a
|
||
<filename>.requires/</filename> directory accompanying the unit file.</para>
|
||
|
||
<para>If this unit gets activated, the units listed will be activated as well. If one of
|
||
the other units fails to activate, and an ordering dependency <varname>After=</varname> on the
|
||
failing unit is set, this unit will not be started. Besides, with or without specifying
|
||
<varname>After=</varname>, this unit will be stopped if one of the other units is explicitly
|
||
stopped.</para>
|
||
|
||
<para>Often, it is a better choice to use <varname>Wants=</varname> instead of
|
||
<varname>Requires=</varname> in order to achieve a system that is more robust when dealing with
|
||
failing services.</para>
|
||
|
||
<para>Note that this dependency type does not imply that the other unit always has to be in active state when
|
||
this unit is running. Specifically: failing condition checks (such as <varname>ConditionPathExists=</varname>,
|
||
<varname>ConditionPathIsSymbolicLink=</varname>, … — see below) do not cause the start job of a unit with a
|
||
<varname>Requires=</varname> dependency on it to fail. Also, some unit types may deactivate on their own (for
|
||
example, a service process may decide to exit cleanly, or a device may be unplugged by the user), which is not
|
||
propagated to units having a <varname>Requires=</varname> dependency. Use the <varname>BindsTo=</varname>
|
||
dependency type together with <varname>After=</varname> to ensure that a unit may never be in active state
|
||
without a specific other unit also in active state (see below).</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Requisite=</varname></term>
|
||
|
||
<listitem><para>Similar to <varname>Requires=</varname>. However, if the units listed here
|
||
are not started already, they will not be started and the starting of this unit will fail
|
||
immediately. <varname>Requisite=</varname> does not imply an ordering dependency, even if
|
||
both units are started in the same transaction. Hence this setting should usually be
|
||
combined with <varname>After=</varname>, to ensure this unit is not started before the other
|
||
unit.</para>
|
||
|
||
<para>When <varname>Requisite=b.service</varname> is used on
|
||
<filename>a.service</filename>, this dependency will show as
|
||
<varname>RequisiteOf=a.service</varname> in property listing of
|
||
<filename>b.service</filename>. <varname>RequisiteOf=</varname>
|
||
dependency cannot be specified directly.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>BindsTo=</varname></term>
|
||
|
||
<listitem><para>Configures requirement dependencies, very similar in style to
|
||
<varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effect of
|
||
<varname>Requires=</varname> it declares that if the unit bound to is stopped, this unit will be stopped
|
||
too. This means a unit bound to another unit that suddenly enters inactive state will be stopped too.
|
||
Units can suddenly, unexpectedly enter inactive state for different reasons: the main process of a service unit
|
||
might terminate on its own choice, the backing device of a device unit might be unplugged or the mount point of
|
||
a mount unit might be unmounted without involvement of the system and service manager.</para>
|
||
|
||
<para>When used in conjunction with <varname>After=</varname> on the same unit the behaviour of
|
||
<varname>BindsTo=</varname> is even stronger. In this case, the unit bound to strictly has to be in active
|
||
state for this unit to also be in active state. This not only means a unit bound to another unit that suddenly
|
||
enters inactive state, but also one that is bound to another unit that gets skipped due to a failed condition
|
||
check (such as <varname>ConditionPathExists=</varname>, <varname>ConditionPathIsSymbolicLink=</varname>, … —
|
||
see below) will be stopped, should it be running. Hence, in many cases it is best to combine
|
||
<varname>BindsTo=</varname> with <varname>After=</varname>.</para>
|
||
|
||
<para>When <varname>BindsTo=b.service</varname> is used on
|
||
<filename>a.service</filename>, this dependency will show as
|
||
<varname>BoundBy=a.service</varname> in property listing of
|
||
<filename>b.service</filename>. <varname>BoundBy=</varname>
|
||
dependency cannot be specified directly.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>PartOf=</varname></term>
|
||
|
||
<listitem><para>Configures dependencies similar to
|
||
<varname>Requires=</varname>, but limited to stopping and
|
||
restarting of units. When systemd stops or restarts the units
|
||
listed here, the action is propagated to this unit. Note that
|
||
this is a one-way dependency — changes to this unit do not
|
||
affect the listed units.</para>
|
||
|
||
<para>When <varname>PartOf=b.service</varname> is used on
|
||
<filename>a.service</filename>, this dependency will show as
|
||
<varname>ConsistsOf=a.service</varname> in property listing of
|
||
<filename>b.service</filename>. <varname>ConsistsOf=</varname>
|
||
dependency cannot be specified directly.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Conflicts=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of unit names. Configures negative requirement
|
||
dependencies. If a unit has a <varname>Conflicts=</varname> setting on another unit, starting the
|
||
former will stop the latter and vice versa.</para>
|
||
|
||
<para>Note that this setting does not imply an ordering dependency, similarly to the
|
||
<varname>Wants=</varname> and <varname>Requires=</varname> dependencies described above. This means
|
||
that to ensure that the conflicting unit is stopped before the other unit is started, an
|
||
<varname>After=</varname> or <varname>Before=</varname> dependency must be declared. It doesn't
|
||
matter which of the two ordering dependencies is used, because stop jobs are always ordered before
|
||
start jobs, see the discussion in <varname>Before=</varname>/<varname>After=</varname> below.</para>
|
||
|
||
<para>If unit A that conflicts with unit B is scheduled to
|
||
be started at the same time as B, the transaction will either
|
||
fail (in case both are required parts of the transaction) or be
|
||
modified to be fixed (in case one or both jobs are not a
|
||
required part of the transaction). In the latter case, the job
|
||
that is not required will be removed, or in case both are
|
||
not required, the unit that conflicts will be started and the
|
||
unit that is conflicted is stopped.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Before=</varname></term>
|
||
<term><varname>After=</varname></term>
|
||
|
||
<listitem><para>These two settings expect a space-separated list of unit names. They may be specified
|
||
more than once, in which case dependencies for all listed names are created.</para>
|
||
|
||
<para>Those two settings configure ordering dependencies between units. If unit
|
||
<filename>foo.service</filename> contains the setting <option>Before=bar.service</option> and both
|
||
units are being started, <filename>bar.service</filename>'s start-up is delayed until
|
||
<filename>foo.service</filename> has finished starting up. <varname>After=</varname> is the inverse
|
||
of <varname>Before=</varname>, i.e. while <varname>Before=</varname> ensures that the configured unit
|
||
is started before the listed unit begins starting up, <varname>After=</varname> ensures the opposite,
|
||
that the listed unit is fully started up before the configured unit is started.</para>
|
||
|
||
<para>When two units with an ordering dependency between them are shut down, the inverse of the
|
||
start-up order is applied. I.e. if a unit is configured with <varname>After=</varname> on another
|
||
unit, the former is stopped before the latter if both are shut down. Given two units with any
|
||
ordering dependency between them, if one unit is shut down and the other is started up, the shutdown
|
||
is ordered before the start-up. It doesn't matter if the ordering dependency is
|
||
<varname>After=</varname> or <varname>Before=</varname>, in this case. It also doesn't matter which
|
||
of the two is shut down, as long as one is shut down and the other is started up; the shutdown is
|
||
ordered before the start-up in all cases. If two units have no ordering dependencies between them,
|
||
they are shut down or started up simultaneously, and no ordering takes place. It depends on the unit
|
||
type when precisely a unit has finished starting up. Most importantly, for service units start-up is
|
||
considered completed for the purpose of <varname>Before=</varname>/<varname>After=</varname> when all
|
||
its configured start-up commands have been invoked and they either failed or reported start-up
|
||
success. Note that this does includes <varname>ExecStartPost=</varname> (or
|
||
<varname>ExecStopPost=</varname> for the shutdown case).</para>
|
||
|
||
<para>Note that those settings are independent of and orthogonal to the requirement dependencies as
|
||
configured by <varname>Requires=</varname>, <varname>Wants=</varname>, <varname>Requisite=</varname>,
|
||
or <varname>BindsTo=</varname>. It is a common pattern to include a unit name in both the
|
||
<varname>After=</varname> and <varname>Wants=</varname> options, in which case the unit listed will
|
||
be started before the unit that is configured with these options.</para>
|
||
|
||
<para>Note that <varname>Before=</varname> dependencies on device units have no effect and are not
|
||
supported. Devices generally become available as a result of an external hotplug event, and systemd
|
||
creates the corresponding device unit without delay.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>OnFailure=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of one or more units
|
||
that are activated when this unit enters the
|
||
<literal>failed</literal> state. A service unit using
|
||
<varname>Restart=</varname> enters the failed state only after
|
||
the start limits are reached.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>PropagatesReloadTo=</varname></term>
|
||
<term><varname>ReloadPropagatedFrom=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of one or more units
|
||
where reload requests on this unit will be propagated to, or
|
||
reload requests on the other unit will be propagated to this
|
||
unit, respectively. Issuing a reload request on a unit will
|
||
automatically also enqueue a reload request on all units that
|
||
the reload request shall be propagated to via these two
|
||
settings.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>JoinsNamespaceOf=</varname></term>
|
||
|
||
<listitem><para>For units that start processes (such as service units), lists one or more other units
|
||
whose network and/or temporary file namespace to join. This only applies to unit types which support
|
||
the <varname>PrivateNetwork=</varname>, <varname>NetworkNamespacePath=</varname> and
|
||
<varname>PrivateTmp=</varname> directives (see
|
||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
||
details). If a unit that has this setting set is started, its processes will see the same
|
||
<filename>/tmp/</filename>, <filename>/var/tmp/</filename> and network namespace as one listed unit
|
||
that is started. If multiple listed units are already started, it is not defined which namespace is
|
||
joined. Note that this setting only has an effect if
|
||
<varname>PrivateNetwork=</varname>/<varname>NetworkNamespacePath=</varname> and/or
|
||
<varname>PrivateTmp=</varname> is enabled for both the unit that joins the namespace and the unit
|
||
whose namespace is joined.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>RequiresMountsFor=</varname></term>
|
||
|
||
<listitem><para>Takes a space-separated list of absolute
|
||
paths. Automatically adds dependencies of type
|
||
<varname>Requires=</varname> and <varname>After=</varname> for
|
||
all mount units required to access the specified path.</para>
|
||
|
||
<para>Mount points marked with <option>noauto</option> are not
|
||
mounted automatically through <filename>local-fs.target</filename>,
|
||
but are still honored for the purposes of this option, i.e. they
|
||
will be pulled in by this unit.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>OnFailureJobMode=</varname></term>
|
||
|
||
<listitem><para>Takes a value of
|
||
<literal>fail</literal>,
|
||
<literal>replace</literal>,
|
||
<literal>replace-irreversibly</literal>,
|
||
<literal>isolate</literal>,
|
||
<literal>flush</literal>,
|
||
<literal>ignore-dependencies</literal> or
|
||
<literal>ignore-requirements</literal>. Defaults to
|
||
<literal>replace</literal>. Specifies how the units listed in
|
||
<varname>OnFailure=</varname> will be enqueued. See
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||
<option>--job-mode=</option> option for details on the
|
||
possible values. If this is set to <literal>isolate</literal>,
|
||
only a single unit may be listed in
|
||
<varname>OnFailure=</varname>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>IgnoreOnIsolate=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If <option>true</option>, this unit will not be stopped
|
||
when isolating another unit. Defaults to <option>false</option> for service, target, socket, timer,
|
||
and path units, and <option>true</option> for slice, scope, device, swap, mount, and automount
|
||
units.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>StopWhenUnneeded=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, this unit will be stopped when it is no
|
||
longer used. Note that, in order to minimize the work to be
|
||
executed, systemd will not stop units by default unless they
|
||
are conflicting with other units, or the user explicitly
|
||
requested their shut down. If this option is set, a unit will
|
||
be automatically cleaned up if no other active unit requires
|
||
it. Defaults to <option>false</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>RefuseManualStart=</varname></term>
|
||
<term><varname>RefuseManualStop=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, this unit can only be activated or
|
||
deactivated indirectly. In this case, explicit start-up or
|
||
termination requested by the user is denied, however if it is
|
||
started or stopped as a dependency of another unit, start-up
|
||
or termination will succeed. This is mostly a safety feature
|
||
to ensure that the user does not accidentally activate units
|
||
that are not intended to be activated explicitly, and not
|
||
accidentally deactivate units that are not intended to be
|
||
deactivated. These options default to
|
||
<option>false</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>AllowIsolate=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, this unit may be used with the
|
||
<command>systemctl isolate</command> command. Otherwise, this
|
||
will be refused. It probably is a good idea to leave this
|
||
disabled except for target units that shall be used similar to
|
||
runlevels in SysV init systems, just as a precaution to avoid
|
||
unusable system states. This option defaults to
|
||
<option>false</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>DefaultDependencies=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>yes</option>, (the default), a few default
|
||
dependencies will implicitly be created for the unit. The
|
||
actual dependencies created depend on the unit type. For
|
||
example, for service units, these dependencies ensure that the
|
||
service is started only after basic system initialization is
|
||
completed and is properly terminated on system shutdown. See
|
||
the respective man pages for details. Generally, only services
|
||
involved with early boot or late shutdown should set this
|
||
option to <option>no</option>. It is highly recommended to
|
||
leave this option enabled for the majority of common units. If
|
||
set to <option>no</option>, this option does not disable
|
||
all implicit dependencies, just non-essential
|
||
ones.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>CollectMode=</varname></term>
|
||
|
||
<listitem><para>Tweaks the "garbage collection" algorithm for this unit. Takes one of <option>inactive</option>
|
||
or <option>inactive-or-failed</option>. If set to <option>inactive</option> the unit will be unloaded if it is
|
||
in the <constant>inactive</constant> state and is not referenced by clients, jobs or other units — however it
|
||
is not unloaded if it is in the <constant>failed</constant> state. In <option>failed</option> mode, failed
|
||
units are not unloaded until the user invoked <command>systemctl reset-failed</command> on them to reset the
|
||
<constant>failed</constant> state, or an equivalent command. This behaviour is altered if this option is set to
|
||
<option>inactive-or-failed</option>: in this case the unit is unloaded even if the unit is in a
|
||
<constant>failed</constant> state, and thus an explicitly resetting of the <constant>failed</constant> state is
|
||
not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed
|
||
resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging
|
||
subsystem. Defaults to <option>inactive</option>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>FailureAction=</varname></term>
|
||
<term><varname>SuccessAction=</varname></term>
|
||
|
||
<listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state.
|
||
Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
|
||
<option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
|
||
<option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
|
||
all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and
|
||
<option>exit-force</option> are allowed. Both options default to <option>none</option>.</para>
|
||
|
||
<para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
|
||
following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
|
||
<option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
|
||
cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
|
||
<option>reboot-immediate</option> causes immediate execution of the
|
||
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
|
||
might result in data loss (i.e. equivalent to <command>systemctl reboot -ff</command>). Similarly,
|
||
<option>poweroff</option>, <option>poweroff-force</option>, <option>poweroff-immediate</option> have the effect
|
||
of powering down the system with similar semantics. <option>exit</option> causes the manager to exit following
|
||
the normal shutdown procedure, and <option>exit-force</option> causes it terminate without shutting down
|
||
services. When <option>exit</option> or <option>exit-force</option> is used by default the exit status of the
|
||
main process of the unit (if this applies) is returned from the service manager. However, this may be overridden
|
||
with <varname>FailureActionExitStatus=</varname>/<varname>SuccessActionExitStatus=</varname>, see
|
||
below.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>FailureActionExitStatus=</varname></term>
|
||
<term><varname>SuccessActionExitStatus=</varname></term>
|
||
|
||
<listitem><para>Controls the exit status to propagate back to an invoking container manager (in case of a
|
||
system service) or service manager (in case of a user manager) when the
|
||
<varname>FailureAction=</varname>/<varname>SuccessAction=</varname> are set to <option>exit</option> or
|
||
<option>exit-force</option> and the action is triggered. By default the exit status of the main process of the
|
||
triggering unit (if this applies) is propagated. Takes a value in the range 0…255 or the empty string to
|
||
request default behaviour.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>JobTimeoutSec=</varname></term>
|
||
<term><varname>JobRunningTimeoutSec=</varname></term>
|
||
|
||
<listitem><para>When a job for this unit is queued, a timeout <varname>JobTimeoutSec=</varname> may be
|
||
configured. Similarly, <varname>JobRunningTimeoutSec=</varname> starts counting when the queued job is actually
|
||
started. If either time limit is reached, the job will be cancelled, the unit however will not change state or
|
||
even enter the <literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts
|
||
disabled), except for device units (<varname>JobRunningTimeoutSec=</varname> defaults to
|
||
<varname>DefaultTimeoutStartSec=</varname>). NB: this timeout is independent from any unit-specific timeout
|
||
(for example, the timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has
|
||
no effect on the unit itself, only on the job that might be pending for it. Or in other words: unit-specific
|
||
timeouts are useful to abort unit state changes, and revert them. The job timeout set with this option however
|
||
is useful to abort only the job waiting for the unit state to change.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>JobTimeoutAction=</varname></term>
|
||
<term><varname>JobTimeoutRebootArgument=</varname></term>
|
||
|
||
<listitem><para><varname>JobTimeoutAction=</varname> optionally configures an additional action to take when
|
||
the timeout is hit, see description of <varname>JobTimeoutSec=</varname> and
|
||
<varname>JobRunningTimeoutSec=</varname> above. It takes the same values as
|
||
<varname>StartLimitAction=</varname>. Defaults to <option>none</option>.
|
||
<varname>JobTimeoutRebootArgument=</varname> configures an optional reboot string to pass to the
|
||
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>StartLimitIntervalSec=<replaceable>interval</replaceable></varname></term>
|
||
<term><varname>StartLimitBurst=<replaceable>burst</replaceable></varname></term>
|
||
|
||
<listitem><para>Configure unit start rate limiting. Units which are started more than
|
||
<replaceable>burst</replaceable> times within an <replaceable>interval</replaceable> time interval are not
|
||
permitted to start any more. Use <varname>StartLimitIntervalSec=</varname> to configure the checking interval
|
||
(defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, set it to 0 to
|
||
disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many starts per
|
||
interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager configuration
|
||
file). These configuration options are particularly useful in conjunction with the service setting
|
||
<varname>Restart=</varname> (see
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however,
|
||
they apply to all kinds of starts (including manual), not just those triggered by the
|
||
<varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and
|
||
which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted
|
||
manually at a later point, after the <replaceable>interval</replaceable> has passed. From this point on, the
|
||
restart logic is activated again. Note that <command>systemctl reset-failed</command> will cause the restart
|
||
rate counter for a service to be flushed, which is useful if the administrator wants to manually start a unit
|
||
and the start limit interferes with that. Note that this rate-limiting is enforced after any unit condition
|
||
checks are executed, and hence unit activations with failing conditions do not count towards this rate
|
||
limit. This setting does not apply to slice, target, device, and scope units, since they are unit types whose
|
||
activation may either never fail, or may succeed only a single time.</para>
|
||
|
||
<para>When a unit is unloaded due to the garbage collection logic (see above) its rate limit counters are
|
||
flushed out too. This means that configuring start rate limiting for a unit that is not referenced continuously
|
||
has no effect.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>StartLimitAction=</varname></term>
|
||
|
||
<listitem><para>Configure an additional action to take if the rate limit configured with
|
||
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
|
||
values as the <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings. If
|
||
<option>none</option> is set, hitting the rate limit will trigger no action except that
|
||
the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>RebootArgument=</varname></term>
|
||
<listitem><para>Configure the optional argument for the
|
||
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if
|
||
<varname>StartLimitAction=</varname> or <varname>FailureAction=</varname> is a reboot action. This
|
||
works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>SourcePath=</varname></term>
|
||
<listitem><para>A path to a configuration file this unit has
|
||
been generated from. This is primarily useful for
|
||
implementation of generator tools that convert configuration
|
||
from an external configuration file format into native unit
|
||
files. This functionality should not be used in normal
|
||
units.</para></listitem>
|
||
</varlistentry>
|
||
</variablelist>
|
||
|
||
<refsect2>
|
||
<title>Conditions and Asserts</title>
|
||
|
||
<para>Unit files may also include a number of <varname index="false">Condition…=</varname> and
|
||
<varname index="false">Assert…=</varname> settings. Before the unit is started, systemd will verify
|
||
that the specified conditions are true. If not, the starting of the unit will be (mostly silently)
|
||
skipped. Failing conditions will not result in the unit being moved into the <literal>failed</literal>
|
||
state. The conditions are checked at the time the queued start job is to be executed. The ordering
|
||
dependencies are still respected, so other units are still pulled in and ordered as if this unit was
|
||
successfully activated. Use condition expressions in order to skip units that do not apply to the local
|
||
system, for example because the kernel or runtime environment doesn't require their functionality.
|
||
</para>
|
||
|
||
<para>If multiple conditions are specified, the unit will be executed if all of them apply (i.e. a
|
||
logical AND is applied). Condition checks can use a pipe symbol (<literal>|</literal>) after the equals
|
||
sign (<literal>Condition…=|…</literal>), which causes the condition becomes a triggering condition. If
|
||
at least one triggering condition is defined for a unit, then the unit will be executed if at least one
|
||
of the triggering conditions apply and all of the non-triggering conditions. If you prefix an argument
|
||
with the pipe symbol and an exclamation mark, the pipe symbol must be passed first, the exclamation
|
||
second. If any of these options is assigned the empty string, the list of conditions is reset
|
||
completely, all previous condition settings (of any kind) will have no effect.</para>
|
||
|
||
<para>The <varname>AssertArchitecture=</varname>, <varname>AssertVirtualization=</varname>, … options
|
||
provide a similar mechanism that causes the job to fail (instead of being skipped). The failed check is
|
||
logged. Units with failed conditions are considered to be in a clean state and will be garbage
|
||
collected if they are not referenced. This means that when queried, the condition failure may or may
|
||
not show up in the state of the unit.</para>
|
||
|
||
<para>Note that neither assertion nor condition expressions result in unit state changes. Also note
|
||
that both are checked at the time the job is to be executed, i.e. long after depending jobs and it
|
||
itself were queued. Thus, neither condition nor assertion expressions are suitable for conditionalizing
|
||
unit dependencies.</para>
|
||
|
||
<para>The <command>condition</command> verb of
|
||
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> can
|
||
be used to test condition and assert expressions.</para>
|
||
|
||
<para>Except for <varname>ConditionPathIsSymbolicLink=</varname>, all path checks follow symlinks.</para>
|
||
|
||
<variablelist class='unit-directives'>
|
||
<varlistentry>
|
||
<term><varname>ConditionArchitecture=</varname></term>
|
||
|
||
<listitem><para>Check whether the system is running on a specific architecture. Takes one of
|
||
<literal>x86</literal>,
|
||
<literal>x86-64</literal>,
|
||
<literal>ppc</literal>,
|
||
<literal>ppc-le</literal>,
|
||
<literal>ppc64</literal>,
|
||
<literal>ppc64-le</literal>,
|
||
<literal>ia64</literal>,
|
||
<literal>parisc</literal>,
|
||
<literal>parisc64</literal>,
|
||
<literal>s390</literal>,
|
||
<literal>s390x</literal>,
|
||
<literal>sparc</literal>,
|
||
<literal>sparc64</literal>,
|
||
<literal>mips</literal>,
|
||
<literal>mips-le</literal>,
|
||
<literal>mips64</literal>,
|
||
<literal>mips64-le</literal>,
|
||
<literal>alpha</literal>,
|
||
<literal>arm</literal>,
|
||
<literal>arm-be</literal>,
|
||
<literal>arm64</literal>,
|
||
<literal>arm64-be</literal>,
|
||
<literal>sh</literal>,
|
||
<literal>sh64</literal>,
|
||
<literal>m68k</literal>,
|
||
<literal>tilegx</literal>,
|
||
<literal>cris</literal>,
|
||
<literal>arc</literal>,
|
||
<literal>arc-be</literal>, or
|
||
<literal>native</literal>.</para>
|
||
|
||
<para>The architecture is determined from the information returned by
|
||
<citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
||
and is thus subject to
|
||
<citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
|
||
Note that a <varname>Personality=</varname> setting in the same unit file has no effect on this
|
||
condition. A special architecture name <literal>native</literal> is mapped to the architecture the
|
||
system manager itself is compiled for. The test may be negated by prepending an exclamation
|
||
mark.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionVirtualization=</varname></term>
|
||
|
||
<listitem><para>Check whether the system is executed in a virtualized environment and optionally
|
||
test whether it is a specific implementation. Takes either boolean value to check if being executed
|
||
in any virtualized environment, or one of
|
||
<literal>vm</literal> and
|
||
<literal>container</literal> to test against a generic type of virtualization solution, or one of
|
||
<literal>qemu</literal>,
|
||
<literal>kvm</literal>,
|
||
<literal>zvm</literal>,
|
||
<literal>vmware</literal>,
|
||
<literal>microsoft</literal>,
|
||
<literal>oracle</literal>,
|
||
<literal>powervm</literal>,
|
||
<literal>xen</literal>,
|
||
<literal>bochs</literal>,
|
||
<literal>uml</literal>,
|
||
<literal>bhyve</literal>,
|
||
<literal>qnx</literal>,
|
||
<literal>openvz</literal>,
|
||
<literal>lxc</literal>,
|
||
<literal>lxc-libvirt</literal>,
|
||
<literal>systemd-nspawn</literal>,
|
||
<literal>docker</literal>,
|
||
<literal>podman</literal>,
|
||
<literal>rkt</literal>,
|
||
<literal>wsl</literal>,
|
||
<literal>proot</literal>,
|
||
<literal>pouch</literal>,
|
||
<literal>acrn</literal> to test
|
||
against a specific implementation, or
|
||
<literal>private-users</literal> to check whether we are running in a user namespace. See
|
||
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
for a full list of known virtualization technologies and their identifiers. If multiple
|
||
virtualization technologies are nested, only the innermost is considered. The test may be negated
|
||
by prepending an exclamation mark.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionHost=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionHost=</varname> may be used to match against the hostname or
|
||
machine ID of the host. This either takes a hostname string (optionally with shell style globs)
|
||
which is tested against the locally set hostname as returned by
|
||
<citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>, or
|
||
a machine ID formatted as string (see
|
||
<citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||
The test may be negated by prepending an exclamation mark.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionKernelCommandLine=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionKernelCommandLine=</varname> may be used to check whether a
|
||
specific kernel command line option is set (or if prefixed with the exclamation mark — unset). The
|
||
argument must either be a single word, or an assignment (i.e. two words, separated by
|
||
<literal>=</literal>). In the former case the kernel command line is searched for the word
|
||
appearing as is, or as left hand side of an assignment. In the latter case, the exact assignment is
|
||
looked for with right and left hand side matching. This operates on the kernel command line
|
||
communicated to userspace via <filename>/proc/cmdline</filename>, except when the service manager
|
||
is invoked as payload of a container manager, in which case the command line of <filename>PID
|
||
1</filename> is used instead (i.e. <filename>/proc/1/cmdline</filename>).</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionKernelVersion=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionKernelVersion=</varname> may be used to check whether the kernel
|
||
version (as reported by <command>uname -r</command>) matches a certain expression (or if prefixed
|
||
with the exclamation mark does not match it). The argument must be a list of (potentially quoted)
|
||
expressions. For each of the expressions, if it starts with one of <literal><</literal>,
|
||
<literal><=</literal>, <literal>=</literal>, <literal>!=</literal>, <literal>>=</literal>,
|
||
<literal>></literal> a relative version comparison is done, otherwise the specified string is
|
||
matched with shell-style globs.</para>
|
||
|
||
<para>Note that using the kernel version string is an unreliable way to determine which features
|
||
are supported by a kernel, because of the widespread practice of backporting drivers, features, and
|
||
fixes from newer upstream kernels into older versions provided by distributions. Hence, this check
|
||
is inherently unportable and should not be used for units which may be used on different
|
||
distributions.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionEnvironment=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionEnvironment=</varname> may be used to check whether a specific
|
||
environment variable is set (or if prefixed with the exclamation mark — unset) in the service
|
||
manager's environment block.
|
||
|
||
The argument may be a single word, to check if the variable with this name is defined in the
|
||
environment block, or an assignment
|
||
(<literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>), to check if
|
||
the variable with this exact value is defined. Note that the environment block of the service
|
||
manager itself is checked, i.e. not any variables defined with <varname>Environment=</varname> or
|
||
<varname>EnvironmentFile=</varname>, as described above. This is particularly useful when the
|
||
service manager runs inside a containerized environment or as per-user service manager, in order to
|
||
check for variables passed in by the enclosing container manager or PAM.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionSecurity=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionSecurity=</varname> may be used to check whether the given
|
||
security technology is enabled on the system. Currently, the recognized values are
|
||
<literal>selinux</literal>, <literal>apparmor</literal>, <literal>tomoyo</literal>,
|
||
<literal>ima</literal>, <literal>smack</literal>, <literal>audit</literal> and
|
||
<literal>uefi-secureboot</literal>. The test may be negated by prepending an exclamation
|
||
mark.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionCapability=</varname></term>
|
||
|
||
<listitem><para>Check whether the given capability exists in the capability bounding set of the
|
||
service manager (i.e. this does not check whether capability is actually available in the permitted
|
||
or effective sets, see
|
||
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||
for details). Pass a capability name such as <literal>CAP_MKNOD</literal>, possibly prefixed with
|
||
an exclamation mark to negate the check.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionACPower=</varname></term>
|
||
|
||
<listitem><para>Check whether the system has AC power, or is exclusively battery powered at the
|
||
time of activation of the unit. This takes a boolean argument. If set to <literal>true</literal>,
|
||
the condition will hold only if at least one AC connector of the system is connected to a power
|
||
source, or if no AC connectors are known. Conversely, if set to <literal>false</literal>, the
|
||
condition will hold only if there is at least one AC connector known and all AC connectors are
|
||
disconnected from a power source.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionNeedsUpdate=</varname></term>
|
||
|
||
<listitem><para>Takes one of <filename>/var/</filename> or <filename>/etc/</filename> as argument,
|
||
possibly prefixed with a <literal>!</literal> (to invert the condition). This condition may be
|
||
used to conditionalize units on whether the specified directory requires an update because
|
||
<filename>/usr/</filename>'s modification time is newer than the stamp file
|
||
<filename>.updated</filename> in the specified directory. This is useful to implement offline
|
||
updates of the vendor operating system resources in <filename>/usr/</filename> that require updating
|
||
of <filename>/etc/</filename> or <filename>/var/</filename> on the next following boot. Units making
|
||
use of this condition should order themselves before
|
||
<citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||
to make sure they run before the stamp file's modification time gets reset indicating a completed
|
||
update.</para>
|
||
|
||
<para>If the <varname>systemd.condition-needs-update=</varname> option is specified on the kernel
|
||
command line (taking a boolean), it will override the result of this condition check, taking
|
||
precedence over any file modification time checks. If it is used
|
||
<filename>systemd-update-done.service</filename> will not have immediate effect on any following
|
||
<varname>ConditionNeedsUpdate=</varname> checks, until the system is rebooted where the kernel
|
||
command line option is not specified anymore.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionFirstBoot=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. This condition may be used to conditionalize units on
|
||
whether the system is booting up for the first time. This roughly means that <filename>/etc/</filename>
|
||
is unpopulated (for details, see "First Boot Semantics" in
|
||
<citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||
This may be used to populate <filename>/etc/</filename> on the first boot after factory reset, or
|
||
when a new system instance boots up for the first time.</para>
|
||
|
||
<para>For robustness, units with <varname>ConditionFirstBoot=yes</varname> should order themselves
|
||
before <filename>first-boot-complete.target</filename> and pull in this passive target with
|
||
<varname>Wants=</varname>. This ensures that in a case of an aborted first boot, these units will
|
||
be re-run during the next system startup.</para>
|
||
|
||
<para>If the <varname>systemd.condition-first-boot=</varname> option is specified on the kernel
|
||
command line (taking a boolean), it will override the result of this condition check, taking
|
||
precedence over <filename>/etc/machine-id</filename> existence checks.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionPathExists=</varname></term>
|
||
|
||
<listitem><para>Check for the exists of a file. If the specified absolute path name does not exist,
|
||
the condition will fail. If the absolute path name passed to
|
||
<varname>ConditionPathExists=</varname> is prefixed with an exclamation mark
|
||
(<literal>!</literal>), the test is negated, and the unit is only started if the path does not
|
||
exist.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionPathExistsGlob=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionPathExistsGlob=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname>, but checks for the existence of at least one file or
|
||
directory matching the specified globbing pattern.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionPathIsDirectory=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionPathIsDirectory=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a
|
||
directory.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionPathIsSymbolicLink=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionPathIsSymbolicLink=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a symbolic
|
||
link.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionPathIsMountPoint=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionPathIsMountPoint=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a mount
|
||
point.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionPathIsReadWrite=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionPathIsReadWrite=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that the underlying file system is readable
|
||
and writable (i.e. not mounted read-only).</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionPathIsEncrypted=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionPathIsEncrypted=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that the underlying file system's backing
|
||
block device is encrypted using dm-crypt/LUKS. Note that this check does not cover ext4
|
||
per-directory encryption, and only detects block level encryption. Moreover, if the specified path
|
||
resides on a file system on top of a loopback block device, only encryption above the loopback device is
|
||
detected. It is not detected whether the file system backing the loopback block device is encrypted.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionDirectoryNotEmpty=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionDirectoryNotEmpty=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a non-empty
|
||
directory.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionFileNotEmpty=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionFileNotEmpty=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that a certain path exists and refers to a
|
||
regular file with a non-zero size.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionFileIsExecutable=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionFileIsExecutable=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies that a certain path exists, is a regular file,
|
||
and marked executable.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionUser=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionUser=</varname> takes a numeric <literal>UID</literal>, a UNIX
|
||
user name, or the special value <literal>@system</literal>. This condition may be used to check
|
||
whether the service manager is running as the given user. The special value
|
||
<literal>@system</literal> can be used to check if the user id is within the system user
|
||
range. This option is not useful for system services, as the system manager exclusively runs as the
|
||
root user, and thus the test result is constant.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionGroup=</varname></term>
|
||
|
||
<listitem><para><varname>ConditionGroup=</varname> is similar to <varname>ConditionUser=</varname>
|
||
but verifies that the service manager's real or effective group, or any of its auxiliary groups,
|
||
match the specified group or GID. This setting does not support the special value
|
||
<literal>@system</literal>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionControlGroupController=</varname></term>
|
||
|
||
<listitem><para>Verify that the given cgroup controller (eg. <literal>cpu</literal>) is available
|
||
for use on the system. For example, a particular controller may not be available if it was disabled
|
||
on the kernel command line with <varname>cgroup_disable=controller</varname>. Multiple controllers
|
||
may be passed with a space separating them; in this case the condition will only pass if all listed
|
||
controllers are available for use. Controllers unknown to systemd are ignored. Valid controllers
|
||
are <literal>cpu</literal>, <literal>cpuacct</literal>, <literal>io</literal>,
|
||
<literal>blkio</literal>, <literal>memory</literal>, <literal>devices</literal>, and
|
||
<literal>pids</literal>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionMemory=</varname></term>
|
||
|
||
<listitem><para>Verify that the specified amount of system memory is available to the current
|
||
system. Takes a memory size in bytes as argument, optionally prefixed with a comparison operator
|
||
<literal><</literal>, <literal><=</literal>, <literal>=</literal>, <literal>!=</literal>,
|
||
<literal>>=</literal>, <literal>></literal>. On bare-metal systems compares the amount of
|
||
physical memory in the system with the specified size, adhering to the specified comparison
|
||
operator. In containers compares the amount of memory assigned to the container instead.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionCPUs=</varname></term>
|
||
|
||
<listitem><para>Verify that the specified number of CPUs is available to the current system. Takes
|
||
a number of CPUs as argument, optionally prefixed with a comparison operator
|
||
<literal><</literal>, <literal><=</literal>, <literal>=</literal>, <literal>!=</literal>,
|
||
<literal>>=</literal>, <literal>></literal>. Compares the number of CPUs in the CPU affinity
|
||
mask configured of the service manager itself with the specified number, adhering to the specified
|
||
comparison operator. On physical systems the number of CPUs in the affinity mask of the service
|
||
manager usually matches the number of physical CPUs, but in special and virtual environments might
|
||
differ. In particular, in containers the affinity mask usually matches the number of CPUs assigned
|
||
to the container and not the physically available ones.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>AssertArchitecture=</varname></term>
|
||
<term><varname>AssertVirtualization=</varname></term>
|
||
<term><varname>AssertHost=</varname></term>
|
||
<term><varname>AssertKernelCommandLine=</varname></term>
|
||
<term><varname>AssertKernelVersion=</varname></term>
|
||
<term><varname>AssertSecurity=</varname></term>
|
||
<term><varname>AssertCapability=</varname></term>
|
||
<term><varname>AssertACPower=</varname></term>
|
||
<term><varname>AssertNeedsUpdate=</varname></term>
|
||
<term><varname>AssertFirstBoot=</varname></term>
|
||
<term><varname>AssertPathExists=</varname></term>
|
||
<term><varname>AssertPathExistsGlob=</varname></term>
|
||
<term><varname>AssertPathIsDirectory=</varname></term>
|
||
<term><varname>AssertPathIsSymbolicLink=</varname></term>
|
||
<term><varname>AssertPathIsMountPoint=</varname></term>
|
||
<term><varname>AssertPathIsReadWrite=</varname></term>
|
||
<term><varname>AssertDirectoryNotEmpty=</varname></term>
|
||
<term><varname>AssertFileNotEmpty=</varname></term>
|
||
<term><varname>AssertFileIsExecutable=</varname></term>
|
||
<term><varname>AssertUser=</varname></term>
|
||
<term><varname>AssertGroup=</varname></term>
|
||
<term><varname>AssertControlGroupController=</varname></term>
|
||
|
||
<listitem><para>Similar to the <varname>ConditionArchitecture=</varname>,
|
||
<varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings
|
||
add assertion checks to the start-up of the unit. However, unlike the conditions settings, any
|
||
assertion setting that is not met results in failure of the start job (which means this is logged
|
||
loudly). Note that hitting a configured assertion does not cause the unit to enter the
|
||
<literal>failed</literal> state (or in fact result in any state change of the unit), it affects
|
||
only the job queued for it. Use assertion expressions for units that cannot operate when specific
|
||
requirements are not met, and when this is something the administrator or user should look
|
||
into.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
</variablelist>
|
||
</refsect2>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Mapping of unit properties to their inverses</title>
|
||
|
||
<para>Unit settings that create a relationship with a second unit usually show up
|
||
in properties of both units, for example in <command>systemctl show</command>
|
||
output. In some cases the name of the property is the same as the name of the
|
||
configuration setting, but not always. This table lists the properties
|
||
that are shown on two units which are connected through some dependency, and shows
|
||
which property on "source" unit corresponds to which property on the "target" unit.
|
||
</para>
|
||
|
||
<table>
|
||
<title>
|
||
"Forward" and "reverse" unit properties
|
||
</title>
|
||
|
||
<tgroup cols='4'>
|
||
<colspec colname='forward' />
|
||
<colspec colname='reverse' />
|
||
<colspec colname='fuse' />
|
||
<colspec colname='ruse' />
|
||
<thead>
|
||
<row>
|
||
<entry>"Forward" property</entry>
|
||
<entry>"Reverse" property</entry>
|
||
<entry namest='fuse' nameend='ruse' valign='middle'>Where used</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry><varname>Before=</varname></entry>
|
||
<entry><varname>After=</varname></entry>
|
||
<entry morerows='1' namest='fuse' nameend='ruse' valign='middle'>[Unit] section</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>After=</varname></entry>
|
||
<entry><varname>Before=</varname></entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>Requires=</varname></entry>
|
||
<entry><varname>RequiredBy=</varname></entry>
|
||
<entry>[Unit] section</entry>
|
||
<entry>[Install] section</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>Wants=</varname></entry>
|
||
<entry><varname>WantedBy=</varname></entry>
|
||
<entry>[Unit] section</entry>
|
||
<entry>[Install] section</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>PartOf=</varname></entry>
|
||
<entry><varname>ConsistsOf=</varname></entry>
|
||
<entry>[Unit] section</entry>
|
||
<entry>an automatic property</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>BindsTo=</varname></entry>
|
||
<entry><varname>BoundBy=</varname></entry>
|
||
<entry>[Unit] section</entry>
|
||
<entry>an automatic property</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>Requisite=</varname></entry>
|
||
<entry><varname>RequisiteOf=</varname></entry>
|
||
<entry>[Unit] section</entry>
|
||
<entry>an automatic property</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>Triggers=</varname></entry>
|
||
<entry><varname>TriggeredBy=</varname></entry>
|
||
<entry namest='fuse' nameend='ruse' valign='middle'>Automatic properties, see notes below</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>Conflicts=</varname></entry>
|
||
<entry><varname>ConflictedBy=</varname></entry>
|
||
<entry>[Unit] section</entry>
|
||
<entry>an automatic property</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>PropagatesReloadTo=</varname></entry>
|
||
<entry><varname>ReloadPropagatedFrom=</varname></entry>
|
||
<entry morerows='1' namest='fuse' nameend='ruse' valign='middle'>[Unit] section</entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>ReloadPropagatedFrom=</varname></entry>
|
||
<entry><varname>PropagatesReloadTo=</varname></entry>
|
||
</row>
|
||
<row>
|
||
<entry><varname>Following=</varname></entry>
|
||
<entry>n/a</entry>
|
||
<entry>An automatic property</entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
|
||
<para>Note: <varname>WantedBy=</varname> and <varname>RequiredBy=</varname> are
|
||
used in the [Install] section to create symlinks in <filename>.wants/</filename>
|
||
and <filename>.requires/</filename> directories. They cannot be used directly as a
|
||
unit configuration setting.</para>
|
||
|
||
<para>Note: <varname>ConsistsOf=</varname>, <varname>BoundBy=</varname>,
|
||
<varname>RequisiteOf=</varname>, <varname>ConflictedBy=</varname> are created
|
||
implicitly along with their reverses and cannot be specified directly.</para>
|
||
|
||
<para>Note: <varname>Triggers=</varname> is created implicitly between a socket,
|
||
path unit, or an automount unit, and the unit they activate. By default a unit
|
||
with the same name is triggered, but this can be overridden using
|
||
<varname>Sockets=</varname>, <varname>Service=</varname>, and <varname>Unit=</varname>
|
||
settings. See
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
and
|
||
<citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details. <varname>TriggeredBy=</varname> is created implicitly on the
|
||
triggered unit.</para>
|
||
|
||
<para>Note: <varname>Following=</varname> is used to group device aliases and points to the
|
||
"primary" device unit that systemd is using to track device state, usually corresponding to a
|
||
sysfs path. It does not show up in the "target" unit.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[Install] Section Options</title>
|
||
|
||
<para>Unit files may include an [Install] section, which carries installation information for
|
||
the unit. This section is not interpreted by
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
|
||
used by the <command>enable</command> and <command>disable</command> commands of the
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during
|
||
installation of a unit.</para>
|
||
|
||
<variablelist class='unit-directives'>
|
||
<varlistentry>
|
||
<term><varname>Alias=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed
|
||
here must have the same suffix (i.e. type) as the unit filename. This option may be specified more than once,
|
||
in which case all listed names are used. At installation time, <command>systemctl enable</command> will create
|
||
symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this
|
||
setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support
|
||
aliasing.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>WantedBy=</varname></term>
|
||
<term><varname>RequiredBy=</varname></term>
|
||
|
||
<listitem><para>This option may be used more than once, or a
|
||
space-separated list of unit names may be given. A symbolic
|
||
link is created in the <filename>.wants/</filename> or
|
||
<filename>.requires/</filename> directory of each of the
|
||
listed units when this unit is installed by <command>systemctl
|
||
enable</command>. This has the effect that a dependency of
|
||
type <varname>Wants=</varname> or <varname>Requires=</varname>
|
||
is added from the listed unit to the current unit. The primary
|
||
result is that the current unit will be started when the
|
||
listed unit is started. See the description of
|
||
<varname>Wants=</varname> and <varname>Requires=</varname> in
|
||
the [Unit] section for details.</para>
|
||
|
||
<para><command>WantedBy=foo.service</command> in a service
|
||
<filename>bar.service</filename> is mostly equivalent to
|
||
<command>Alias=foo.service.wants/bar.service</command> in the
|
||
same file. In case of template units, <command>systemctl
|
||
enable</command> must be called with an instance name, and
|
||
this instance will be added to the
|
||
<filename>.wants/</filename> or
|
||
<filename>.requires/</filename> list of the listed unit. E.g.
|
||
<command>WantedBy=getty.target</command> in a service
|
||
<filename>getty@.service</filename> will result in
|
||
<command>systemctl enable getty@tty2.service</command>
|
||
creating a
|
||
<filename>getty.target.wants/getty@tty2.service</filename>
|
||
link to <filename>getty@.service</filename>.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Also=</varname></term>
|
||
|
||
<listitem><para>Additional units to install/deinstall when
|
||
this unit is installed/deinstalled. If the user requests
|
||
installation/deinstallation of a unit with this option
|
||
configured, <command>systemctl enable</command> and
|
||
<command>systemctl disable</command> will automatically
|
||
install/uninstall units listed in this option as well.</para>
|
||
|
||
<para>This option may be used more than once, or a
|
||
space-separated list of unit names may be
|
||
given.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>DefaultInstance=</varname></term>
|
||
|
||
<listitem><para>In template unit files, this specifies for
|
||
which instance the unit shall be enabled if the template is
|
||
enabled without any explicitly set instance. This option has
|
||
no effect in non-template unit files. The specified string
|
||
must be usable as instance identifier.</para></listitem>
|
||
</varlistentry>
|
||
</variablelist>
|
||
|
||
<para>The following specifiers are interpreted in the Install section:
|
||
%a, %b, %B, %g, %G, %H, %i, %j, %l, %m, %n, %N, %o, %p, %u, %U, %v, %w, %W, %%.
|
||
For their meaning see the next section.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Specifiers</title>
|
||
|
||
<para>Many settings resolve specifiers which may be used to write
|
||
generic unit files referring to runtime or unit parameters that
|
||
are replaced when the unit files are loaded. Specifiers must be known
|
||
and resolvable for the setting to be valid. The following
|
||
specifiers are understood:</para>
|
||
|
||
<table class='specifiers'>
|
||
<title>Specifiers available in unit files</title>
|
||
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
|
||
<colspec colname="spec" />
|
||
<colspec colname="mean" />
|
||
<colspec colname="detail" />
|
||
<thead>
|
||
<row>
|
||
<entry>Specifier</entry>
|
||
<entry>Meaning</entry>
|
||
<entry>Details</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<!-- We do not use the common definition from standard-specifiers.xml here since it includes a
|
||
reference onto our own man page, which would make the rendered version self-referential. -->
|
||
<entry><literal>%a</literal></entry>
|
||
<entry>Architecture</entry>
|
||
<entry>A short string identifying the architecture of the local system. A string such as <constant>x86</constant>, <constant>x86-64</constant> or <constant>arm64</constant>. See the architectures defined for <varname>ConditionArchitecture=</varname> above for a full list.</entry>
|
||
</row>
|
||
<xi:include href="standard-specifiers.xml" xpointer="b"/>
|
||
<xi:include href="standard-specifiers.xml" xpointer="B"/>
|
||
<row>
|
||
<entry><literal>%C</literal></entry>
|
||
<entry>Cache directory root</entry>
|
||
<entry>This is either <filename>/var/cache</filename> (for the system manager) or the path <literal>$XDG_CACHE_HOME</literal> resolves to (for user managers).</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%E</literal></entry>
|
||
<entry>Configuration directory root</entry>
|
||
<entry>This is either <filename>/etc/</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%f</literal></entry>
|
||
<entry>Unescaped filename</entry>
|
||
<entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>. This implements unescaping according to the rules for escaping absolute file system paths discussed above.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%g</literal></entry>
|
||
<entry>User group</entry>
|
||
<entry>This is the name of the group running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%G</literal></entry>
|
||
<entry>User GID</entry>
|
||
<entry>This is the numeric GID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%h</literal></entry>
|
||
<entry>User home directory</entry>
|
||
<entry>This is the home directory of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>/root</literal>.
|
||
|
||
Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry>
|
||
</row>
|
||
<row>
|
||
<!-- We do not use the common definition from standard-specifiers.xml here since we want a
|
||
slightly more verbose explanation here, referring to the reload cycle. -->
|
||
<entry><literal>%H</literal></entry>
|
||
<entry>Host name</entry>
|
||
<entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%i</literal></entry>
|
||
<entry>Instance name</entry>
|
||
<entry>For instantiated units this is the string between the first <literal>@</literal> character and the type suffix. Empty for non-instantiated units.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%I</literal></entry>
|
||
<entry>Unescaped instance name</entry>
|
||
<entry>Same as <literal>%i</literal>, but with escaping undone.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%j</literal></entry>
|
||
<entry>Final component of the prefix</entry>
|
||
<entry>This is the string between the last <literal>-</literal> and the end of the prefix name. If there is no <literal>-</literal>, this is the same as <literal>%p</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%J</literal></entry>
|
||
<entry>Unescaped final component of the prefix</entry>
|
||
<entry>Same as <literal>%j</literal>, but with escaping undone.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%l</literal></entry>
|
||
<entry>Short host name</entry>
|
||
<entry>The hostname of the running system at the point in time the unit configuration is loaded, truncated at the first dot to remove any domain component.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%L</literal></entry>
|
||
<entry>Log directory root</entry>
|
||
<entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename index="false">/log</filename> appended (for user managers).</entry>
|
||
</row>
|
||
<xi:include href="standard-specifiers.xml" xpointer="m"/>
|
||
<row>
|
||
<entry><literal>%n</literal></entry>
|
||
<entry>Full unit name</entry>
|
||
<entry></entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%N</literal></entry>
|
||
<entry>Full unit name</entry>
|
||
<entry>Same as <literal>%n</literal>, but with the type suffix removed.</entry>
|
||
</row>
|
||
<xi:include href="standard-specifiers.xml" xpointer="o"/>
|
||
<row>
|
||
<entry><literal>%p</literal></entry>
|
||
<entry>Prefix name</entry>
|
||
<entry>For instantiated units, this refers to the string before the first <literal>@</literal> character of the unit name. For non-instantiated units, same as <literal>%N</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%P</literal></entry>
|
||
<entry>Unescaped prefix name</entry>
|
||
<entry>Same as <literal>%p</literal>, but with escaping undone.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%s</literal></entry>
|
||
<entry>User shell</entry>
|
||
<entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%S</literal></entry>
|
||
<entry>State directory root</entry>
|
||
<entry>This is either <filename>/var/lib</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%t</literal></entry>
|
||
<entry>Runtime directory root</entry>
|
||
<entry>This is either <filename>/run/</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry>
|
||
</row>
|
||
<xi:include href="standard-specifiers.xml" xpointer="T"/>
|
||
<row>
|
||
<entry><literal>%u</literal></entry>
|
||
<entry>User name</entry>
|
||
<entry>This is the name of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>root</literal>.
|
||
|
||
Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%U</literal></entry>
|
||
<entry>User UID</entry>
|
||
<entry>This is the numeric UID of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>0</literal>.
|
||
|
||
Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry>
|
||
</row>
|
||
<xi:include href="standard-specifiers.xml" xpointer="v"/>
|
||
<xi:include href="standard-specifiers.xml" xpointer="V"/>
|
||
<xi:include href="standard-specifiers.xml" xpointer="w"/>
|
||
<xi:include href="standard-specifiers.xml" xpointer="W"/>
|
||
<xi:include href="standard-specifiers.xml" xpointer="percent"/>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Examples</title>
|
||
|
||
<example>
|
||
<title>Allowing units to be enabled</title>
|
||
|
||
<para>The following snippet (highlighted) allows a unit (e.g.
|
||
<filename>foo.service</filename>) to be enabled via
|
||
<command>systemctl enable</command>:</para>
|
||
|
||
<programlisting>[Unit]
|
||
Description=Foo
|
||
|
||
[Service]
|
||
ExecStart=/usr/sbin/foo-daemon
|
||
|
||
<emphasis>[Install]</emphasis>
|
||
<emphasis>WantedBy=multi-user.target</emphasis></programlisting>
|
||
|
||
<para>After running <command>systemctl enable</command>, a
|
||
symlink
|
||
<filename index="false">/etc/systemd/system/multi-user.target.wants/foo.service</filename>
|
||
linking to the actual unit will be created. It tells systemd to
|
||
pull in the unit when starting
|
||
<filename>multi-user.target</filename>. The inverse
|
||
<command>systemctl disable</command> will remove that symlink
|
||
again.</para>
|
||
</example>
|
||
|
||
<example>
|
||
<title>Overriding vendor settings</title>
|
||
|
||
<para>There are two methods of overriding vendor settings in
|
||
unit files: copying the unit file from
|
||
<filename>/usr/lib/systemd/system</filename> to
|
||
<filename>/etc/systemd/system</filename> and modifying the
|
||
chosen settings. Alternatively, one can create a directory named
|
||
<filename><replaceable>unit</replaceable>.d/</filename> within
|
||
<filename>/etc/systemd/system</filename> and place a drop-in
|
||
file <filename><replaceable>name</replaceable>.conf</filename>
|
||
there that only changes the specific settings one is interested
|
||
in. Note that multiple such drop-in files are read if
|
||
present, processed in lexicographic order of their filename.</para>
|
||
|
||
<para>The advantage of the first method is that one easily
|
||
overrides the complete unit, the vendor unit is not parsed at
|
||
all anymore. It has the disadvantage that improvements to the
|
||
unit file by the vendor are not automatically incorporated on
|
||
updates.</para>
|
||
|
||
<para>The advantage of the second method is that one only
|
||
overrides the settings one specifically wants, where updates to
|
||
the unit by the vendor automatically apply. This has the
|
||
disadvantage that some future updates by the vendor might be
|
||
incompatible with the local changes.</para>
|
||
|
||
<para>This also applies for user instances of systemd, but with
|
||
different locations for the unit files. See the section on unit
|
||
load paths for further details.</para>
|
||
|
||
<para>Suppose there is a vendor-supplied unit
|
||
<filename>/usr/lib/systemd/system/httpd.service</filename> with
|
||
the following contents:</para>
|
||
|
||
<programlisting>[Unit]
|
||
Description=Some HTTP server
|
||
After=remote-fs.target sqldb.service
|
||
Requires=sqldb.service
|
||
AssertPathExists=/srv/webserver
|
||
|
||
[Service]
|
||
Type=notify
|
||
ExecStart=/usr/sbin/some-fancy-httpd-server
|
||
Nice=5
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target</programlisting>
|
||
|
||
<para>Now one wants to change some settings as an administrator:
|
||
firstly, in the local setup, <filename>/srv/webserver</filename>
|
||
might not exist, because the HTTP server is configured to use
|
||
<filename>/srv/www</filename> instead. Secondly, the local
|
||
configuration makes the HTTP server also depend on a memory
|
||
cache service, <filename>memcached.service</filename>, that
|
||
should be pulled in (<varname>Requires=</varname>) and also be
|
||
ordered appropriately (<varname>After=</varname>). Thirdly, in
|
||
order to harden the service a bit more, the administrator would
|
||
like to set the <varname>PrivateTmp=</varname> setting (see
|
||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details). And lastly, the administrator would like to reset
|
||
the niceness of the service to its default value of 0.</para>
|
||
|
||
<para>The first possibility is to copy the unit file to
|
||
<filename>/etc/systemd/system/httpd.service</filename> and
|
||
change the chosen settings:</para>
|
||
|
||
<programlisting>[Unit]
|
||
Description=Some HTTP server
|
||
After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis>
|
||
Requires=sqldb.service <emphasis>memcached.service</emphasis>
|
||
AssertPathExists=<emphasis>/srv/www</emphasis>
|
||
|
||
[Service]
|
||
Type=notify
|
||
ExecStart=/usr/sbin/some-fancy-httpd-server
|
||
<emphasis>Nice=0</emphasis>
|
||
<emphasis>PrivateTmp=yes</emphasis>
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target</programlisting>
|
||
|
||
<para>Alternatively, the administrator could create a drop-in
|
||
file
|
||
<filename>/etc/systemd/system/httpd.service.d/local.conf</filename>
|
||
with the following contents:</para>
|
||
|
||
<programlisting>[Unit]
|
||
After=memcached.service
|
||
Requires=memcached.service
|
||
# Reset all assertions and then re-add the condition we want
|
||
AssertPathExists=
|
||
AssertPathExists=/srv/www
|
||
|
||
[Service]
|
||
Nice=0
|
||
PrivateTmp=yes</programlisting>
|
||
|
||
<para>Note that for drop-in files, if one wants to remove
|
||
entries from a setting that is parsed as a list (and is not a
|
||
dependency), such as <varname>AssertPathExists=</varname> (or
|
||
e.g. <varname>ExecStart=</varname> in service units), one needs
|
||
to first clear the list before re-adding all entries except the
|
||
one that is to be removed. Dependencies (<varname>After=</varname>, etc.)
|
||
cannot be reset to an empty list, so dependencies can only be
|
||
added in drop-ins. If you want to remove dependencies, you have
|
||
to override the entire unit.</para>
|
||
|
||
</example>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>See Also</title>
|
||
<para>
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
</para>
|
||
</refsect1>
|
||
|
||
</refentry>
|