]>
Commit | Line | Data |
---|---|---|
514094f9 | 1 | <?xml version='1.0'?> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
798d3a52 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ |
1a13e31d ZJS |
4 | <!ENTITY % entities SYSTEM "custom-entities.ent" > |
5 | %entities; | |
6 | ]> | |
0307f791 | 7 | <!-- SPDX-License-Identifier: LGPL-2.1+ --> |
d1ab0ca0 LP |
8 | |
9 | <refentry id="systemd.unit"> | |
10 | ||
798d3a52 ZJS |
11 | <refentryinfo> |
12 | <title>systemd.unit</title> | |
13 | <productname>systemd</productname> | |
798d3a52 ZJS |
14 | </refentryinfo> |
15 | ||
16 | <refmeta> | |
17 | <refentrytitle>systemd.unit</refentrytitle> | |
18 | <manvolnum>5</manvolnum> | |
19 | </refmeta> | |
20 | ||
21 | <refnamediv> | |
22 | <refname>systemd.unit</refname> | |
23 | <refpurpose>Unit configuration</refpurpose> | |
24 | </refnamediv> | |
25 | ||
26 | <refsynopsisdiv> | |
27 | <para><filename><replaceable>service</replaceable>.service</filename>, | |
28 | <filename><replaceable>socket</replaceable>.socket</filename>, | |
29 | <filename><replaceable>device</replaceable>.device</filename>, | |
30 | <filename><replaceable>mount</replaceable>.mount</filename>, | |
31 | <filename><replaceable>automount</replaceable>.automount</filename>, | |
32 | <filename><replaceable>swap</replaceable>.swap</filename>, | |
33 | <filename><replaceable>target</replaceable>.target</filename>, | |
34 | <filename><replaceable>path</replaceable>.path</filename>, | |
35 | <filename><replaceable>timer</replaceable>.timer</filename>, | |
798d3a52 ZJS |
36 | <filename><replaceable>slice</replaceable>.slice</filename>, |
37 | <filename><replaceable>scope</replaceable>.scope</filename></para> | |
38 | ||
2ace445d LP |
39 | <refsect2> |
40 | <title>System Unit Search Path</title> | |
41 | ||
42 | <para><literallayout><filename>/etc/systemd/system.control/*</filename> | |
b82f27e7 ZJS |
43 | <filename>/run/systemd/system.control/*</filename> |
44 | <filename>/run/systemd/transient/*</filename> | |
45 | <filename>/run/systemd/generator.early/*</filename> | |
46 | <filename>/etc/systemd/system/*</filename> | |
83f72cd6 | 47 | <filename>/etc/systemd/systemd.attached/*</filename> |
13219b7f | 48 | <filename>/run/systemd/system/*</filename> |
83f72cd6 | 49 | <filename>/run/systemd/systemd.attached/*</filename> |
b82f27e7 | 50 | <filename>/run/systemd/generator/*</filename> |
f6e1bd2c | 51 | <filename>…</filename> |
b82f27e7 | 52 | <filename>/usr/lib/systemd/system/*</filename> |
2ace445d LP |
53 | <filename>/run/systemd/generator.late/*</filename></literallayout></para> |
54 | </refsect2> | |
13219b7f | 55 | |
2ace445d LP |
56 | <refsect2> |
57 | <title>User Unit Search Path</title> | |
58 | <para><literallayout><filename>~/.config/systemd/user.control/*</filename> | |
b82f27e7 ZJS |
59 | <filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename> |
60 | <filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename> | |
61 | <filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename> | |
62 | <filename>~/.config/systemd/user/*</filename> | |
12b42c76 | 63 | <filename>/etc/systemd/user/*</filename> |
aa08982d | 64 | <filename>$XDG_RUNTIME_DIR/systemd/user/*</filename> |
13219b7f | 65 | <filename>/run/systemd/user/*</filename> |
b82f27e7 | 66 | <filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename> |
f6e1bd2c | 67 | <filename>~/.local/share/systemd/user/*</filename> |
f6e1bd2c | 68 | <filename>…</filename> |
b82f27e7 | 69 | <filename>/usr/lib/systemd/user/*</filename> |
2ace445d LP |
70 | <filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></literallayout></para> |
71 | </refsect2> | |
72 | ||
798d3a52 ZJS |
73 | </refsynopsisdiv> |
74 | ||
75 | <refsect1> | |
76 | <title>Description</title> | |
77 | ||
0f943ae4 ZJS |
78 | <para>A unit file is a plain text ini-style file that encodes information about a service, a |
79 | socket, a device, a mount point, an automount point, a swap file or partition, a start-up | |
80 | target, a watched file system path, a timer controlled and supervised by | |
81 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, a | |
82 | resource management slice or a group of externally created processes. See | |
83 | <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
84 | for a general description of the syntax.</para> | |
798d3a52 ZJS |
85 | |
86 | <para>This man page lists the common configuration options of all | |
87 | the unit types. These options need to be configured in the [Unit] | |
88 | or [Install] sections of the unit files.</para> | |
89 | ||
90 | <para>In addition to the generic [Unit] and [Install] sections | |
91 | described here, each unit may have a type-specific section, e.g. | |
92 | [Service] for a service unit. See the respective man pages for | |
93 | more information: | |
94 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
95 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
96 | <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
97 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
98 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
99 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
100 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
101 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
102 | <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
36b4a7ba | 103 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
798d3a52 ZJS |
104 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>. |
105 | </para> | |
106 | ||
798d3a52 ZJS |
107 | <para>Unit files are loaded from a set of paths determined during |
108 | compilation, described in the next section.</para> | |
109 | ||
75695fb7 ZJS |
110 | <para>Unit files can be parameterized by a single argument called the "instance name". The unit |
111 | is then constructed based on a "template file" which serves as the definition of multiple | |
112 | services or other units. A template unit must have a single <literal>@</literal> at the end of | |
113 | the name (right before the type suffix). The name of the full unit is formed by inserting the | |
114 | instance name between <literal>@</literal> and the unit type suffix. In the unit file itself, | |
115 | the instance parameter may be referred to using <literal>%i</literal> and other specifiers, see | |
116 | below.</para> | |
117 | ||
798d3a52 ZJS |
118 | <para>Unit files may contain additional options on top of those |
119 | listed here. If systemd encounters an unknown option, it will | |
120 | write a warning log message but continue loading the unit. If an | |
121 | option or section name is prefixed with <option>X-</option>, it is | |
122 | ignored completely by systemd. Options within an ignored section | |
123 | do not need the prefix. Applications may use this to include | |
124 | additional information in the unit files.</para> | |
125 | ||
bac150e9 ZJS |
126 | <para>Units can be aliased (have an alternative name), by creating a symlink from the new name |
127 | to the existing name in one of the unit search paths. For example, | |
128 | <filename>systemd-networkd.service</filename> has the alias | |
129 | <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the | |
130 | symlink <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In | |
131 | addition, unit files may specify aliases through the <varname>Alias=</varname> directive in the | |
132 | [Install] section; those aliases are only effective when the unit is enabled. When the unit is | |
133 | enabled, symlinks will be created for those names, and removed when the unit is disabled. For | |
134 | example, <filename>reboot.target</filename> specifies | |
135 | <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever | |
136 | CTRL+ALT+DEL is pressed. Alias names may be used in commands like <command>enable</command>, | |
137 | <command>disable</command>, <command>start</command>, <command>stop</command>, | |
138 | <command>status</command>, …, and in unit dependency directives <varname>Wants=</varname>, | |
139 | <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …, with the | |
140 | limitation that aliases specified through <varname>Alias=</varname> are only effective when the | |
141 | unit is enabled. Aliases cannot be used with the <command>preset</command> command.</para> | |
142 | ||
143 | <para>Along with a unit file <filename>foo.service</filename>, the directory | |
144 | <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a | |
145 | directory are implicitly added as dependencies of type <varname>Wants=</varname> to the unit. | |
146 | This is useful to hook units into the start-up of other units, without having to modify their | |
147 | unit files. For details about the semantics of <varname>Wants=</varname>, see below. The | |
148 | preferred way to create symlinks in the <filename>.wants/</filename> directory of a unit file is | |
149 | with the <command>enable</command> command of the | |
798d3a52 | 150 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
bac150e9 ZJS |
151 | tool which reads information from the [Install] section of unit files (see below). A similar |
152 | functionality exists for <varname>Requires=</varname> type dependencies as well, the directory | |
153 | suffix is <filename>.requires/</filename> in this case.</para> | |
798d3a52 | 154 | |
be73bb48 | 155 | <para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory |
6c0a7795 LP |
156 | <filename>foo.service.d/</filename> may exist. All files with the suffix <literal>.conf</literal> from this |
157 | directory will be parsed after the unit file itself is parsed. This is useful to alter or add configuration | |
158 | settings for a unit, without having to modify unit files. Drop-in files must contain appropriate section | |
159 | headers. For instantiated units, this logic will first look for the instance <literal>.d/</literal> subdirectory | |
160 | (e.g. <literal>foo@bar.service.d/</literal>) and read its <literal>.conf</literal> files, followed by the template | |
161 | <literal>.d/</literal> subdirectory (e.g. <literal>foo@.service.d/</literal>) and the <literal>.conf</literal> | |
162 | files there. Moreover for units names containing dashes (<literal>-</literal>), the set of directories generated by | |
163 | truncating the unit name after all dashes is searched too. Specifically, for a unit name | |
1b2ad5d9 | 164 | <filename>foo-bar-baz.service</filename> not only the regular drop-in directory |
6c0a7795 LP |
165 | <filename>foo-bar-baz.service.d/</filename> is searched but also both <filename>foo-bar-.service.d/</filename> and |
166 | <filename>foo-.service.d/</filename>. This is useful for defining common drop-ins for a set of related units, whose | |
167 | names begin with a common prefix. This scheme is particularly useful for mount, automount and slice units, whose | |
168 | systematic naming structure is built around dashes as component separators. Note that equally named drop-in files | |
169 | further down the prefix hierarchy override those further up, | |
170 | i.e. <filename>foo-bar-.service.d/10-override.conf</filename> overrides | |
171 | <filename>foo-.service.d/10-override.conf</filename>.</para> | |
172 | ||
173 | <para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d/</literal> | |
bac150e9 ZJS |
174 | directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or |
175 | <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename> | |
176 | take precedence over those in <filename>/run</filename> which in turn take precedence over those | |
177 | in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence | |
8331eaab LW |
178 | over unit files wherever located. Multiple drop-in files with different names are applied in |
179 | lexicographic order, regardless of which of the directories they reside in.</para> | |
bac150e9 ZJS |
180 | |
181 | <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want | |
182 | people to use .d/ drop-ins instead. --> | |
798d3a52 | 183 | |
bbe0b4a8 JL |
184 | <para>Note that while systemd offers a flexible dependency system |
185 | between units it is recommended to use this functionality only | |
186 | sparingly and instead rely on techniques such as bus-based or | |
187 | socket-based activation which make dependencies implicit, | |
188 | resulting in a both simpler and more flexible system.</para> | |
189 | ||
75695fb7 ZJS |
190 | <para>As mentioned above, a unit may be instantiated from a template file. This allows creation |
191 | of multiple units from a single configuration file. If systemd looks for a unit configuration | |
192 | file, it will first search for the literal unit name in the file system. If that yields no | |
193 | success and the unit name contains an <literal>@</literal> character, systemd will look for a | |
194 | unit template that shares the same name but with the instance string (i.e. the part between the | |
195 | <literal>@</literal> character and the suffix) removed. Example: if a service | |
196 | <filename>getty@tty3.service</filename> is requested and no file by that name is found, systemd | |
197 | will look for <filename>getty@.service</filename> and instantiate a service from that | |
198 | configuration file if it is found.</para> | |
798d3a52 ZJS |
199 | |
200 | <para>To refer to the instance string from within the | |
201 | configuration file you may use the special <literal>%i</literal> | |
202 | specifier in many of the configuration options. See below for | |
203 | details.</para> | |
204 | ||
205 | <para>If a unit file is empty (i.e. has the file size 0) or is | |
206 | symlinked to <filename>/dev/null</filename>, its configuration | |
207 | will not be loaded and it appears with a load state of | |
208 | <literal>masked</literal>, and cannot be activated. Use this as an | |
209 | effective way to fully disable a unit, making it impossible to | |
210 | start it even manually.</para> | |
211 | ||
212 | <para>The unit file format is covered by the | |
213 | <ulink | |
28a0ad81 | 214 | url="https://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise">Interface |
798d3a52 ZJS |
215 | Stability Promise</ulink>.</para> |
216 | ||
217 | </refsect1> | |
218 | ||
2651d037 LP |
219 | <refsect1> |
220 | <title>String Escaping for Inclusion in Unit Names</title> | |
221 | ||
222 | <para>Sometimes it is useful to convert arbitrary strings into unit names. To facilitate this, a method of string | |
223 | escaping is used, in order to map strings containing arbitrary byte values (except NUL) into valid unit names and | |
224 | their restricted character set. A common special case are unit names that reflect paths to objects in the file | |
225 | system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device with the device | |
226 | node <filename noindex='true'>/dev/sda</filename> in the file system.</para> | |
227 | ||
228 | <para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is replaced by | |
229 | <literal>-</literal>, and all other characters which are not ASCII alphanumerics or <literal>_</literal> are | |
230 | replaced by C-style <literal>\x2d</literal> escapes. In addition, <literal>.</literal> is replaced with such a | |
231 | C-style escape when it would appear as the first character in the escaped string.</para> | |
232 | ||
233 | <para>When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the | |
234 | root directory <literal>/</literal> is encoded as single dash <literal>-</literal>. In addition, any leading, | |
235 | trailing or duplicate <literal>/</literal> characters are removed from the string before transformation. Example: | |
236 | <filename>/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para> | |
237 | ||
238 | <para>This escaping is fully reversible, as long as it is known whether the escaped string was a path (the | |
239 | unescaping results are different for paths and non-path strings). The | |
240 | <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> command may be | |
241 | used to apply and reverse escaping on arbitrary strings. Use <command>systemd-escape --path</command> to escape | |
242 | path strings, and <command>systemd-escape</command> without <option>--path</option> otherwise.</para> | |
243 | </refsect1> | |
244 | ||
c129bd5d | 245 | <refsect1> |
aed5cb03 ZJS |
246 | <title>Automatic dependencies</title> |
247 | ||
248 | <refsect2> | |
249 | <title>Implicit Dependencies</title> | |
250 | ||
251 | <para>A number of unit dependencies are implicitly established, depending on unit type and | |
252 | unit configuration. These implicit dependencies can make unit configuration file cleaner. For | |
253 | the implicit dependencies in each unit type, please refer to section "Implicit Dependencies" | |
254 | in respective man pages.</para> | |
255 | ||
256 | <para>For example, service units with <varname>Type=dbus</varname> automatically acquire | |
257 | dependencies of type <varname>Requires=</varname> and <varname>After=</varname> on | |
258 | <filename>dbus.socket</filename>. See | |
259 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
260 | for details.</para> | |
261 | </refsect2> | |
262 | ||
263 | <refsect2> | |
264 | <title>Default Dependencies</title> | |
265 | ||
266 | <para>Default dependencies are similar to implicit dependencies, but can be turned on and off | |
267 | by setting <varname>DefaultDependencies=</varname> to <varname>yes</varname> (the default) and | |
268 | <varname>no</varname>, while implicit dependencies are always in effect. See section "Default | |
269 | Dependencies" in respective man pages for the effect of enabling | |
270 | <varname>DefaultDependencies=</varname> in each unit types.</para> | |
271 | ||
272 | <para>For example, target units will complement all configured dependencies of type | |
273 | <varname>Wants=</varname> or <varname>Requires=</varname> with dependencies of type | |
274 | <varname>After=</varname> unless <varname>DefaultDependencies=no</varname> is set in the | |
275 | specified units. See | |
276 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
277 | for details. Note that this behavior can be turned off by setting | |
278 | <varname>DefaultDependencies=no</varname>.</para> | |
279 | </refsect2> | |
45f09f93 JL |
280 | </refsect1> |
281 | ||
798d3a52 | 282 | <refsect1> |
f757855e | 283 | <title>Unit File Load Path</title> |
798d3a52 ZJS |
284 | |
285 | <para>Unit files are loaded from a set of paths determined during | |
286 | compilation, described in the two tables below. Unit files found | |
287 | in directories listed earlier override files with the same name in | |
288 | directories lower in the list.</para> | |
289 | ||
aa3e4400 EV |
290 | <para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set, |
291 | the contents of this variable overrides the unit load path. If | |
798d3a52 ZJS |
292 | <varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component |
293 | (<literal>:</literal>), the usual unit load path will be appended | |
294 | to the contents of the variable.</para> | |
295 | ||
296 | <table> | |
297 | <title> | |
298 | Load path when running in system mode (<option>--system</option>). | |
299 | </title> | |
300 | ||
301 | <tgroup cols='2'> | |
302 | <colspec colname='path' /> | |
303 | <colspec colname='expl' /> | |
304 | <thead> | |
305 | <row> | |
5a15caf4 ZJS |
306 | <entry>Path</entry> |
307 | <entry>Description</entry> | |
798d3a52 ZJS |
308 | </row> |
309 | </thead> | |
310 | <tbody> | |
b82f27e7 ZJS |
311 | <row> |
312 | <entry><filename>/etc/systemd/system.control</filename></entry> | |
313 | <entry morerows="1">Persistent and transient configuration created using the dbus API</entry> | |
314 | </row> | |
315 | <row> | |
316 | <entry><filename>/run/systemd/system.control</filename></entry> | |
317 | </row> | |
318 | <row> | |
319 | <entry><filename>/run/systemd/transient</filename></entry> | |
320 | <entry>Dynamic configuration for transient units</entry> | |
321 | </row> | |
322 | <row> | |
323 | <entry><filename>/run/systemd/generator.early</filename></entry> | |
324 | <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry | |
631e393a | 325 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
b82f27e7 | 326 | </row> |
798d3a52 | 327 | <row> |
5a15caf4 ZJS |
328 | <entry><filename>/etc/systemd/system</filename></entry> |
329 | <entry>Local configuration</entry> | |
798d3a52 ZJS |
330 | </row> |
331 | <row> | |
5a15caf4 ZJS |
332 | <entry><filename>/run/systemd/system</filename></entry> |
333 | <entry>Runtime units</entry> | |
798d3a52 | 334 | </row> |
b82f27e7 ZJS |
335 | <row> |
336 | <entry><filename>/run/systemd/generator</filename></entry> | |
337 | <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry | |
631e393a | 338 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
b82f27e7 ZJS |
339 | </row> |
340 | <row> | |
341 | <entry><filename>/usr/local/lib/systemd/system</filename></entry> | |
342 | <entry morerows="1">Units of installed packages</entry> | |
343 | </row> | |
798d3a52 | 344 | <row> |
5a15caf4 | 345 | <entry><filename>/usr/lib/systemd/system</filename></entry> |
b82f27e7 ZJS |
346 | </row> |
347 | <row> | |
348 | <entry><filename>/run/systemd/generator.late</filename></entry> | |
349 | <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry | |
631e393a | 350 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
351 | </row> |
352 | </tbody> | |
353 | </tgroup> | |
354 | </table> | |
355 | ||
356 | <table> | |
357 | <title> | |
358 | Load path when running in user mode (<option>--user</option>). | |
359 | </title> | |
360 | ||
361 | <tgroup cols='2'> | |
362 | <colspec colname='path' /> | |
363 | <colspec colname='expl' /> | |
364 | <thead> | |
365 | <row> | |
5a15caf4 ZJS |
366 | <entry>Path</entry> |
367 | <entry>Description</entry> | |
798d3a52 ZJS |
368 | </row> |
369 | </thead> | |
370 | <tbody> | |
371 | <row> | |
b82f27e7 ZJS |
372 | <entry><filename>$XDG_CONFIG_HOME/systemd/user.control</filename> or <filename |
373 | >~/.config/systemd/user.control</filename></entry> | |
374 | <entry morerows="1">Persistent and transient configuration created using the dbus API (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry> | |
375 | </row> | |
376 | <row> | |
377 | <entry><filename>$XDG_RUNTIME_DIR/systemd/user.control</filename></entry> | |
378 | </row> | |
379 | <row> | |
380 | <entry><filename>/run/systemd/transient</filename></entry> | |
381 | <entry>Dynamic configuration for transient units</entry> | |
382 | </row> | |
383 | <row> | |
384 | <entry><filename>/run/systemd/generator.early</filename></entry> | |
385 | <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry | |
631e393a | 386 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
387 | </row> |
388 | <row> | |
b82f27e7 ZJS |
389 | <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename> or <filename>$HOME/.config/systemd/user</filename></entry> |
390 | <entry>User configuration (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry> | |
798d3a52 ZJS |
391 | </row> |
392 | <row> | |
5a15caf4 ZJS |
393 | <entry><filename>/etc/systemd/user</filename></entry> |
394 | <entry>Local configuration</entry> | |
798d3a52 ZJS |
395 | </row> |
396 | <row> | |
5a15caf4 ZJS |
397 | <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry> |
398 | <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry> | |
798d3a52 ZJS |
399 | </row> |
400 | <row> | |
5a15caf4 ZJS |
401 | <entry><filename>/run/systemd/user</filename></entry> |
402 | <entry>Runtime units</entry> | |
798d3a52 ZJS |
403 | </row> |
404 | <row> | |
b82f27e7 ZJS |
405 | <entry><filename>$XDG_RUNTIME_DIR/systemd/generator</filename></entry> |
406 | <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry | |
631e393a | 407 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
408 | </row> |
409 | <row> | |
b82f27e7 ZJS |
410 | <entry><filename>$XDG_DATA_HOME/systemd/user</filename> or <filename>$HOME/.local/share/systemd/user</filename></entry> |
411 | <entry>Units of packages that have been installed in the home directory (<varname>$XDG_DATA_HOME</varname> is used if set, <filename>~/.local/share</filename> otherwise)</entry> | |
412 | </row> | |
413 | <row> | |
414 | <entry><filename>$dir/systemd/user</filename> for each <varname noindex='true'>$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry> | |
415 | <entry>Additional locations for installed user units, one for each entry in <varname>$XDG_DATA_DIRS</varname></entry> | |
416 | </row> | |
417 | <row> | |
418 | <entry><filename>/usr/local/lib/systemd/user</filename></entry> | |
419 | <entry morerows="1">Units of packages that have been installed system-wide</entry> | |
798d3a52 ZJS |
420 | </row> |
421 | <row> | |
5a15caf4 | 422 | <entry><filename>/usr/lib/systemd/user</filename></entry> |
b82f27e7 ZJS |
423 | </row> |
424 | <row> | |
425 | <entry><filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename></entry> | |
426 | <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry | |
631e393a | 427 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
428 | </row> |
429 | </tbody> | |
430 | </tgroup> | |
431 | </table> | |
432 | ||
b82f27e7 ZJS |
433 | <para>The set of load paths for the user manager instance may be augmented or |
434 | changed using various environment variables. And environment variables may in | |
435 | turn be set using environment generators, see | |
930362ab | 436 | <citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>. |
b82f27e7 ZJS |
437 | In particular, <varname>$XDG_DATA_HOME</varname> and |
438 | <varname>$XDG_DATA_DIRS</varname> may be easily set using | |
439 | <citerefentry><refentrytitle>systemd-environment-d-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
440 | Thus, directories listed here are just the defaults. To see the actual list that | |
441 | would be used based on compilation options and current environment use | |
442 | <programlisting>systemd-analyze --user unit-paths</programlisting> | |
443 | </para> | |
444 | ||
445 | <para>Moreover, additional units might be loaded into systemd ("linked") from | |
446 | directories not on the unit load path. See the <command>link</command> command | |
447 | for | |
798d3a52 | 448 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
798d3a52 ZJS |
449 | </para> |
450 | </refsect1> | |
451 | ||
5afe510c LP |
452 | <refsect1> |
453 | <title>Unit Garbage Collection</title> | |
454 | ||
455 | <para>The system and service manager loads a unit's configuration automatically when a unit is referenced for the | |
456 | first time. It will automatically unload the unit configuration and state again when the unit is not needed anymore | |
457 | ("garbage collection"). A unit may be referenced through a number of different mechanisms:</para> | |
458 | ||
459 | <orderedlist> | |
460 | <listitem><para>Another loaded unit references it with a dependency such as <varname>After=</varname>, | |
461 | <varname>Wants=</varname>, …</para></listitem> | |
462 | ||
463 | <listitem><para>The unit is currently starting, running, reloading or stopping.</para></listitem> | |
464 | ||
465 | <listitem><para>The unit is currently in the <constant>failed</constant> state. (But see below.)</para></listitem> | |
466 | ||
467 | <listitem><para>A job for the unit is pending.</para></listitem> | |
468 | ||
469 | <listitem><para>The unit is pinned by an active IPC client program.</para></listitem> | |
470 | ||
471 | <listitem><para>The unit is a special "perpetual" unit that is always active and loaded. Examples for perpetual | |
472 | units are the root mount unit <filename>-.mount</filename> or the scope unit <filename>init.scope</filename> that | |
473 | the service manager itself lives in.</para></listitem> | |
474 | ||
475 | <listitem><para>The unit has running processes associated with it.</para></listitem> | |
476 | </orderedlist> | |
477 | ||
478 | <para>The garbage collection logic may be altered with the <varname>CollectMode=</varname> option, which allows | |
479 | configuration whether automatic unloading of units that are in <constant>failed</constant> state is permissible, | |
480 | see below.</para> | |
481 | ||
482 | <para>Note that when a unit's configuration and state is unloaded, all execution results, such as exit codes, exit | |
483 | signals, resource consumption and other statistics are lost, except for what is stored in the log subsystem.</para> | |
484 | ||
485 | <para>Use <command>systemctl daemon-reload</command> or an equivalent command to reload unit configuration while | |
486 | the unit is already loaded. In this case all configuration settings are flushed out and replaced with the new | |
487 | configuration (which however might not be in effect immediately), however all runtime state is | |
488 | saved/restored.</para> | |
489 | </refsect1> | |
490 | ||
798d3a52 ZJS |
491 | <refsect1> |
492 | <title>[Unit] Section Options</title> | |
493 | ||
a8eaaee7 | 494 | <para>The unit file may include a [Unit] section, which carries |
798d3a52 ZJS |
495 | generic information about the unit that is not dependent on the |
496 | type of unit:</para> | |
497 | ||
498 | <variablelist class='unit-directives'> | |
499 | ||
500 | <varlistentry> | |
501 | <term><varname>Description=</varname></term> | |
c43acf69 ZJS |
502 | <listitem><para>A human readable name for the unit. This is used by |
503 | <command>systemd</command> (and other UIs) as the label for the unit, so this string should | |
504 | identify the unit rather than describe it, despite the name. <literal>Apache2 Web | |
505 | Server</literal> is a good example. Bad examples are <literal>high-performance light-weight | |
506 | HTTP server</literal> (too generic) or <literal>Apache2</literal> (too specific and | |
507 | meaningless for people who do not know Apache). <command>systemd</command> will use this | |
508 | string as a noun in status messages (<literal>Starting | |
509 | <replaceable>description</replaceable>...</literal>, <literal>Started | |
510 | <replaceable>description</replaceable>.</literal>, <literal>Reached target | |
511 | <replaceable>description</replaceable>.</literal>, <literal>Failed to start | |
512 | <replaceable>description</replaceable>.</literal>), so it should be capitalized, and should | |
513 | not be a full sentence or a phrase with a continous verb. Bad examples include | |
514 | <literal>exiting the container</literal> or <literal>updating the database once per | |
515 | day.</literal>.</para> | |
516 | </listitem> | |
798d3a52 ZJS |
517 | </varlistentry> |
518 | ||
519 | <varlistentry> | |
520 | <term><varname>Documentation=</varname></term> | |
521 | <listitem><para>A space-separated list of URIs referencing | |
522 | documentation for this unit or its configuration. Accepted are | |
523 | only URIs of the types <literal>http://</literal>, | |
524 | <literal>https://</literal>, <literal>file:</literal>, | |
525 | <literal>info:</literal>, <literal>man:</literal>. For more | |
526 | information about the syntax of these URIs, see <citerefentry | |
527 | project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>. | |
528 | The URIs should be listed in order of relevance, starting with | |
529 | the most relevant. It is a good idea to first reference | |
530 | documentation that explains what the unit's purpose is, | |
531 | followed by how it is configured, followed by any other | |
532 | related documentation. This option may be specified more than | |
533 | once, in which case the specified list of URIs is merged. If | |
534 | the empty string is assigned to this option, the list is reset | |
535 | and all prior assignments will have no | |
536 | effect.</para></listitem> | |
537 | </varlistentry> | |
538 | ||
539 | <varlistentry> | |
540 | <term><varname>Requires=</varname></term> | |
541 | ||
62d3ca24 | 542 | <listitem><para>Configures requirement dependencies on other units. If this unit gets activated, the units |
a195dd8e | 543 | listed here will be activated as well. If one of the other units fails to activate, and an ordering dependency |
e79eabdb | 544 | <varname>After=</varname> on the failing unit is set, this unit will not be started. Besides, with or without |
22a70563 ZJS |
545 | specifying <varname>After=</varname>, this unit will be stopped if one of the other units is explicitly |
546 | stopped. This option may be specified more than once or multiple space-separated units may be | |
62d3ca24 LP |
547 | specified in one option in which case requirement dependencies for all listed names will be created. Note that |
548 | requirement dependencies do not influence the order in which services are started or stopped. This has to be | |
549 | configured independently with the <varname>After=</varname> or <varname>Before=</varname> options. If a unit | |
550 | <filename>foo.service</filename> requires a unit <filename>bar.service</filename> as configured with | |
551 | <varname>Requires=</varname> and no ordering is configured with <varname>After=</varname> or | |
552 | <varname>Before=</varname>, then both units will be started simultaneously and without any delay between them | |
553 | if <filename>foo.service</filename> is activated. Often, it is a better choice to use <varname>Wants=</varname> | |
554 | instead of <varname>Requires=</varname> in order to achieve a system that is more robust when dealing with | |
555 | failing services.</para> | |
556 | ||
557 | <para>Note that this dependency type does not imply that the other unit always has to be in active state when | |
558 | this unit is running. Specifically: failing condition checks (such as <varname>ConditionPathExists=</varname>, | |
6b5bb2f9 | 559 | <varname>ConditionPathIsSymbolicLink=</varname>, … — see below) do not cause the start job of a unit with a |
62d3ca24 LP |
560 | <varname>Requires=</varname> dependency on it to fail. Also, some unit types may deactivate on their own (for |
561 | example, a service process may decide to exit cleanly, or a device may be unplugged by the user), which is not | |
562 | propagated to units having a <varname>Requires=</varname> dependency. Use the <varname>BindsTo=</varname> | |
563 | dependency type together with <varname>After=</varname> to ensure that a unit may never be in active state | |
564 | without a specific other unit also in active state (see below).</para> | |
565 | ||
566 | <para>Note that dependencies of this type may also be configured outside of the unit configuration file by | |
567 | adding a symlink to a <filename>.requires/</filename> directory accompanying the unit file. For details, see | |
798d3a52 ZJS |
568 | above.</para></listitem> |
569 | </varlistentry> | |
570 | ||
798d3a52 ZJS |
571 | <varlistentry> |
572 | <term><varname>Requisite=</varname></term> | |
798d3a52 | 573 | |
706a3df4 ZJS |
574 | <listitem><para>Similar to <varname>Requires=</varname>. However, if the units listed here |
575 | are not started already, they will not be started and the starting of this unit will fail | |
576 | immediately. <varname>Requisite=</varname> does not imply an ordering dependency, even if | |
577 | both units are started in the same transaction. Hence this setting should usually be | |
578 | combined with <varname>After=</varname>, to ensure this unit is not started before the other | |
579 | unit.</para> | |
b2920668 ZJS |
580 | |
581 | <para>When <varname>Requisite=b.service</varname> is used on | |
582 | <filename>a.service</filename>, this dependency will show as | |
583 | <varname>RequisiteOf=a.service</varname> in property listing of | |
584 | <filename>b.service</filename>. <varname>RequisiteOf=</varname> | |
585 | dependency cannot be specified directly.</para> | |
586 | </listitem> | |
798d3a52 ZJS |
587 | </varlistentry> |
588 | ||
589 | <varlistentry> | |
590 | <term><varname>Wants=</varname></term> | |
591 | ||
592 | <listitem><para>A weaker version of | |
593 | <varname>Requires=</varname>. Units listed in this option will | |
594 | be started if the configuring unit is. However, if the listed | |
595 | units fail to start or cannot be added to the transaction, | |
596 | this has no impact on the validity of the transaction as a | |
597 | whole. This is the recommended way to hook start-up of one | |
598 | unit to the start-up of another unit.</para> | |
599 | ||
600 | <para>Note that dependencies of this type may also be | |
601 | configured outside of the unit configuration file by adding | |
602 | symlinks to a <filename>.wants/</filename> directory | |
603 | accompanying the unit file. For details, see | |
604 | above.</para></listitem> | |
605 | </varlistentry> | |
606 | ||
607 | <varlistentry> | |
608 | <term><varname>BindsTo=</varname></term> | |
609 | ||
62d3ca24 LP |
610 | <listitem><para>Configures requirement dependencies, very similar in style to |
611 | <varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effect of | |
612 | <varname>Requires=</varname> it declares that if the unit bound to is stopped, this unit will be stopped | |
613 | too. This means a unit bound to another unit that suddenly enters inactive state will be stopped too. | |
614 | Units can suddenly, unexpectedly enter inactive state for different reasons: the main process of a service unit | |
615 | might terminate on its own choice, the backing device of a device unit might be unplugged or the mount point of | |
616 | a mount unit might be unmounted without involvement of the system and service manager.</para> | |
617 | ||
618 | <para>When used in conjunction with <varname>After=</varname> on the same unit the behaviour of | |
619 | <varname>BindsTo=</varname> is even stronger. In this case, the unit bound to strictly has to be in active | |
620 | state for this unit to also be in active state. This not only means a unit bound to another unit that suddenly | |
621 | enters inactive state, but also one that is bound to another unit that gets skipped due to a failed condition | |
622 | check (such as <varname>ConditionPathExists=</varname>, <varname>ConditionPathIsSymbolicLink=</varname>, … — | |
623 | see below) will be stopped, should it be running. Hence, in many cases it is best to combine | |
b2920668 ZJS |
624 | <varname>BindsTo=</varname> with <varname>After=</varname>.</para> |
625 | ||
626 | <para>When <varname>BindsTo=b.service</varname> is used on | |
627 | <filename>a.service</filename>, this dependency will show as | |
628 | <varname>BoundBy=a.service</varname> in property listing of | |
629 | <filename>b.service</filename>. <varname>BoundBy=</varname> | |
630 | dependency cannot be specified directly.</para> | |
631 | </listitem> | |
798d3a52 ZJS |
632 | </varlistentry> |
633 | ||
634 | <varlistentry> | |
635 | <term><varname>PartOf=</varname></term> | |
636 | ||
637 | <listitem><para>Configures dependencies similar to | |
638 | <varname>Requires=</varname>, but limited to stopping and | |
639 | restarting of units. When systemd stops or restarts the units | |
640 | listed here, the action is propagated to this unit. Note that | |
641 | this is a one-way dependency — changes to this unit do not | |
b2920668 ZJS |
642 | affect the listed units.</para> |
643 | ||
644 | <para>When <varname>PartOf=b.service</varname> is used on | |
645 | <filename>a.service</filename>, this dependency will show as | |
646 | <varname>ConsistsOf=a.service</varname> in property listing of | |
647 | <filename>b.service</filename>. <varname>ConsistsOf=</varname> | |
648 | dependency cannot be specified directly.</para> | |
649 | </listitem> | |
798d3a52 ZJS |
650 | </varlistentry> |
651 | ||
652 | <varlistentry> | |
653 | <term><varname>Conflicts=</varname></term> | |
654 | ||
655 | <listitem><para>A space-separated list of unit names. | |
656 | Configures negative requirement dependencies. If a unit has a | |
657 | <varname>Conflicts=</varname> setting on another unit, | |
658 | starting the former will stop the latter and vice versa. Note | |
659 | that this setting is independent of and orthogonal to the | |
660 | <varname>After=</varname> and <varname>Before=</varname> | |
661 | ordering dependencies.</para> | |
662 | ||
663 | <para>If a unit A that conflicts with a unit B is scheduled to | |
664 | be started at the same time as B, the transaction will either | |
46054ac0 | 665 | fail (in case both are required parts of the transaction) or be |
798d3a52 ZJS |
666 | modified to be fixed (in case one or both jobs are not a |
667 | required part of the transaction). In the latter case, the job | |
46054ac0 | 668 | that is not required will be removed, or in case both are |
798d3a52 ZJS |
669 | not required, the unit that conflicts will be started and the |
670 | unit that is conflicted is stopped.</para></listitem> | |
671 | </varlistentry> | |
672 | ||
673 | <varlistentry> | |
674 | <term><varname>Before=</varname></term> | |
675 | <term><varname>After=</varname></term> | |
676 | ||
2eb6ff5e LP |
677 | <listitem><para>These two settings expect a space-separated list of unit names. They configure ordering |
678 | dependencies between units. If a unit <filename>foo.service</filename> contains a setting | |
679 | <option>Before=bar.service</option> and both units are being started, <filename>bar.service</filename>'s | |
680 | start-up is delayed until <filename>foo.service</filename> has finished starting up. Note that this setting is | |
681 | independent of and orthogonal to the requirement dependencies as configured by <varname>Requires=</varname>, | |
682 | <varname>Wants=</varname> or <varname>BindsTo=</varname>. It is a common pattern to include a unit name in both | |
683 | the <varname>After=</varname> and <varname>Requires=</varname> options, in which case the unit listed will be | |
684 | started before the unit that is configured with these options. This option may be specified more than once, in | |
685 | which case ordering dependencies for all listed names are created. <varname>After=</varname> is the inverse of | |
686 | <varname>Before=</varname>, i.e. while <varname>After=</varname> ensures that the configured unit is started | |
687 | after the listed unit finished starting up, <varname>Before=</varname> ensures the opposite, that the | |
688 | configured unit is fully started up before the listed unit is started. Note that when two units with an | |
689 | ordering dependency between them are shut down, the inverse of the start-up order is applied. i.e. if a unit is | |
690 | configured with <varname>After=</varname> on another unit, the former is stopped before the latter if both are | |
691 | shut down. Given two units with any ordering dependency between them, if one unit is shut down and the other is | |
692 | started up, the shutdown is ordered before the start-up. It doesn't matter if the ordering dependency is | |
693 | <varname>After=</varname> or <varname>Before=</varname>, in this case. It also doesn't matter which of the two | |
694 | is shut down, as long as one is shut down and the other is started up. The shutdown is ordered before the | |
695 | start-up in all cases. If two units have no ordering dependencies between them, they are shut down or started | |
696 | up simultaneously, and no ordering takes place. It depends on the unit type when precisely a unit has finished | |
697 | starting up. Most importantly, for service units start-up is considered completed for the purpose of | |
698 | <varname>Before=</varname>/<varname>After=</varname> when all its configured start-up commands have been | |
699 | invoked and they either failed or reported start-up success.</para></listitem> | |
798d3a52 ZJS |
700 | </varlistentry> |
701 | ||
702 | <varlistentry> | |
703 | <term><varname>OnFailure=</varname></term> | |
704 | ||
705 | <listitem><para>A space-separated list of one or more units | |
706 | that are activated when this unit enters the | |
bd2538b5 KBM |
707 | <literal>failed</literal> state. A service unit using |
708 | <varname>Restart=</varname> enters the failed state only after | |
709 | the start limits are reached.</para></listitem> | |
798d3a52 ZJS |
710 | </varlistentry> |
711 | ||
712 | <varlistentry> | |
713 | <term><varname>PropagatesReloadTo=</varname></term> | |
714 | <term><varname>ReloadPropagatedFrom=</varname></term> | |
715 | ||
716 | <listitem><para>A space-separated list of one or more units | |
717 | where reload requests on this unit will be propagated to, or | |
718 | reload requests on the other unit will be propagated to this | |
719 | unit, respectively. Issuing a reload request on a unit will | |
720 | automatically also enqueue a reload request on all units that | |
721 | the reload request shall be propagated to via these two | |
722 | settings.</para></listitem> | |
723 | </varlistentry> | |
724 | ||
725 | <varlistentry> | |
726 | <term><varname>JoinsNamespaceOf=</varname></term> | |
727 | ||
4107452e LP |
728 | <listitem><para>For units that start processes (such as service units), lists one or more other units |
729 | whose network and/or temporary file namespace to join. This only applies to unit types which support | |
730 | the <varname>PrivateNetwork=</varname>, <varname>NetworkNamespacePath=</varname> and | |
798d3a52 | 731 | <varname>PrivateTmp=</varname> directives (see |
4107452e LP |
732 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for |
733 | details). If a unit that has this setting set is started, its processes will see the same | |
734 | <filename>/tmp</filename>, <filename>/var/tmp</filename> and network namespace as one listed unit | |
735 | that is started. If multiple listed units are already started, it is not defined which namespace is | |
736 | joined. Note that this setting only has an effect if | |
737 | <varname>PrivateNetwork=</varname>/<varname>NetworkNamespacePath=</varname> and/or | |
738 | <varname>PrivateTmp=</varname> is enabled for both the unit that joins the namespace and the unit | |
739 | whose namespace is joined.</para></listitem> | |
798d3a52 ZJS |
740 | </varlistentry> |
741 | ||
742 | <varlistentry> | |
743 | <term><varname>RequiresMountsFor=</varname></term> | |
744 | ||
745 | <listitem><para>Takes a space-separated list of absolute | |
746 | paths. Automatically adds dependencies of type | |
747 | <varname>Requires=</varname> and <varname>After=</varname> for | |
748 | all mount units required to access the specified path.</para> | |
749 | ||
750 | <para>Mount points marked with <option>noauto</option> are not | |
88e328fd ZJS |
751 | mounted automatically through <filename>local-fs.target</filename>, |
752 | but are still honored for the purposes of this option, i.e. they | |
753 | will be pulled in by this unit.</para></listitem> | |
798d3a52 ZJS |
754 | </varlistentry> |
755 | ||
756 | <varlistentry> | |
757 | <term><varname>OnFailureJobMode=</varname></term> | |
758 | ||
759 | <listitem><para>Takes a value of | |
760 | <literal>fail</literal>, | |
761 | <literal>replace</literal>, | |
762 | <literal>replace-irreversibly</literal>, | |
763 | <literal>isolate</literal>, | |
764 | <literal>flush</literal>, | |
765 | <literal>ignore-dependencies</literal> or | |
766 | <literal>ignore-requirements</literal>. Defaults to | |
767 | <literal>replace</literal>. Specifies how the units listed in | |
768 | <varname>OnFailure=</varname> will be enqueued. See | |
769 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s | |
770 | <option>--job-mode=</option> option for details on the | |
771 | possible values. If this is set to <literal>isolate</literal>, | |
772 | only a single unit may be listed in | |
773 | <varname>OnFailure=</varname>..</para></listitem> | |
774 | </varlistentry> | |
775 | ||
776 | <varlistentry> | |
777 | <term><varname>IgnoreOnIsolate=</varname></term> | |
778 | ||
26adf774 ZJS |
779 | <listitem><para>Takes a boolean argument. If <option>true</option>, this unit |
780 | will not be stopped when isolating another unit. Defaults to | |
781 | <option>false</option> for service, target, socket, busname, timer, and path | |
782 | units, and <option>true</option> for slice, scope, device, swap, mount, and | |
783 | automount units.</para></listitem> | |
798d3a52 ZJS |
784 | </varlistentry> |
785 | ||
798d3a52 ZJS |
786 | <varlistentry> |
787 | <term><varname>StopWhenUnneeded=</varname></term> | |
788 | ||
789 | <listitem><para>Takes a boolean argument. If | |
790 | <option>true</option>, this unit will be stopped when it is no | |
b938cb90 | 791 | longer used. Note that, in order to minimize the work to be |
798d3a52 ZJS |
792 | executed, systemd will not stop units by default unless they |
793 | are conflicting with other units, or the user explicitly | |
794 | requested their shut down. If this option is set, a unit will | |
795 | be automatically cleaned up if no other active unit requires | |
796 | it. Defaults to <option>false</option>.</para></listitem> | |
797 | </varlistentry> | |
798 | ||
799 | <varlistentry> | |
800 | <term><varname>RefuseManualStart=</varname></term> | |
801 | <term><varname>RefuseManualStop=</varname></term> | |
802 | ||
803 | <listitem><para>Takes a boolean argument. If | |
804 | <option>true</option>, this unit can only be activated or | |
805 | deactivated indirectly. In this case, explicit start-up or | |
806 | termination requested by the user is denied, however if it is | |
807 | started or stopped as a dependency of another unit, start-up | |
808 | or termination will succeed. This is mostly a safety feature | |
809 | to ensure that the user does not accidentally activate units | |
810 | that are not intended to be activated explicitly, and not | |
811 | accidentally deactivate units that are not intended to be | |
812 | deactivated. These options default to | |
813 | <option>false</option>.</para></listitem> | |
814 | </varlistentry> | |
815 | ||
816 | <varlistentry> | |
817 | <term><varname>AllowIsolate=</varname></term> | |
818 | ||
819 | <listitem><para>Takes a boolean argument. If | |
820 | <option>true</option>, this unit may be used with the | |
821 | <command>systemctl isolate</command> command. Otherwise, this | |
822 | will be refused. It probably is a good idea to leave this | |
823 | disabled except for target units that shall be used similar to | |
824 | runlevels in SysV init systems, just as a precaution to avoid | |
825 | unusable system states. This option defaults to | |
826 | <option>false</option>.</para></listitem> | |
827 | </varlistentry> | |
828 | ||
829 | <varlistentry> | |
830 | <term><varname>DefaultDependencies=</varname></term> | |
831 | ||
832 | <listitem><para>Takes a boolean argument. If | |
833 | <option>true</option>, (the default), a few default | |
834 | dependencies will implicitly be created for the unit. The | |
835 | actual dependencies created depend on the unit type. For | |
836 | example, for service units, these dependencies ensure that the | |
837 | service is started only after basic system initialization is | |
838 | completed and is properly terminated on system shutdown. See | |
839 | the respective man pages for details. Generally, only services | |
840 | involved with early boot or late shutdown should set this | |
841 | option to <option>false</option>. It is highly recommended to | |
842 | leave this option enabled for the majority of common units. If | |
843 | set to <option>false</option>, this option does not disable | |
844 | all implicit dependencies, just non-essential | |
845 | ones.</para></listitem> | |
846 | </varlistentry> | |
847 | ||
5afe510c LP |
848 | <varlistentry> |
849 | <term><varname>CollectMode=</varname></term> | |
850 | ||
851 | <listitem><para>Tweaks the "garbage collection" algorithm for this unit. Takes one of <option>inactive</option> | |
852 | or <option>inactive-or-failed</option>. If set to <option>inactive</option> the unit will be unloaded if it is | |
853 | in the <constant>inactive</constant> state and is not referenced by clients, jobs or other units — however it | |
854 | is not unloaded if it is in the <constant>failed</constant> state. In <option>failed</option> mode, failed | |
855 | units are not unloaded until the user invoked <command>systemctl reset-failed</command> on them to reset the | |
856 | <constant>failed</constant> state, or an equivalent command. This behaviour is altered if this option is set to | |
857 | <option>inactive-or-failed</option>: in this case the unit is unloaded even if the unit is in a | |
858 | <constant>failed</constant> state, and thus an explicitly resetting of the <constant>failed</constant> state is | |
859 | not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed | |
860 | resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging | |
861 | subsystem. Defaults to <option>inactive</option>.</para> | |
862 | </listitem> | |
863 | </varlistentry> | |
864 | ||
454dd6ce ZJS |
865 | <varlistentry> |
866 | <term><varname>FailureAction=</varname></term> | |
867 | <term><varname>SuccessAction=</varname></term> | |
868 | ||
54fcb619 ZJS |
869 | <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state. |
870 | Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>, | |
871 | <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>, | |
872 | <option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode, | |
a400bd8c ZJS |
873 | all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and |
874 | <option>exit-force</option> are allowed. Both options default to <option>none</option>.</para> | |
54fcb619 ZJS |
875 | |
876 | <para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot | |
877 | following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>). | |
878 | <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should | |
879 | cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and | |
880 | <option>reboot-immediate</option> causes immediate execution of the | |
454dd6ce | 881 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which |
6a4e939d LP |
882 | might result in data loss (i.e. equivalent to <command>systemctl reboot -ff</command>). Similarly, |
883 | <option>poweroff</option>, <option>poweroff-force</option>, <option>poweroff-immediate</option> have the effect | |
884 | of powering down the system with similar semantics. <option>exit</option> causes the manager to exit following | |
885 | the normal shutdown procedure, and <option>exit-force</option> causes it terminate without shutting down | |
886 | services. When <option>exit</option> or <option>exit-force</option> is used by default the exit status of the | |
887 | main process of the unit (if this applies) is returned from the service manager. However, this may be overriden | |
888 | with <varname>FailureActionExitStatus=</varname>/<varname>SuccessActionExitStatus=</varname>, see | |
889 | below.</para></listitem> | |
890 | </varlistentry> | |
891 | ||
892 | <varlistentry> | |
893 | <term><varname>FailureActionExitStatus=</varname></term> | |
894 | <term><varname>SuccessActionExitStatus=</varname></term> | |
895 | ||
896 | <listitem><para>Controls the exit status to propagate back to an invoking container manager (in case of a | |
897 | system service) or service manager (in case of a user manager) when the | |
898 | <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> are set to <option>exit</option> or | |
899 | <option>exit-force</option> and the action is triggered. By default the exit status of the main process of the | |
900 | triggering unit (if this applies) is propagated. Takes a value in the range 0…255 or the empty string to | |
901 | request default behaviour.</para></listitem> | |
454dd6ce ZJS |
902 | </varlistentry> |
903 | ||
798d3a52 ZJS |
904 | <varlistentry> |
905 | <term><varname>JobTimeoutSec=</varname></term> | |
a2df3ea4 | 906 | <term><varname>JobRunningTimeoutSec=</varname></term> |
798d3a52 | 907 | |
3f9a0a52 | 908 | <listitem><para>When a job for this unit is queued, a timeout <varname>JobTimeoutSec=</varname> may be |
a2df3ea4 MK |
909 | configured. Similarly, <varname>JobRunningTimeoutSec=</varname> starts counting when the queued job is actually |
910 | started. If either time limit is reached, the job will be cancelled, the unit however will not change state or | |
911 | even enter the <literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts | |
912 | disabled), except for device units (<varname>JobRunningTimeoutSec=</varname> defaults to | |
913 | <varname>DefaultTimeoutStartSec=</varname>). NB: this timeout is independent from any unit-specific timeout | |
914 | (for example, the timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has | |
915 | no effect on the unit itself, only on the job that might be pending for it. Or in other words: unit-specific | |
916 | timeouts are useful to abort unit state changes, and revert them. The job timeout set with this option however | |
917 | is useful to abort only the job waiting for the unit state to change.</para> | |
de597248 ZJS |
918 | </listitem> |
919 | </varlistentry> | |
920 | ||
921 | <varlistentry> | |
922 | <term><varname>JobTimeoutAction=</varname></term> | |
923 | <term><varname>JobTimeoutRebootArgument=</varname></term> | |
798d3a52 | 924 | |
de597248 | 925 | <listitem><para><varname>JobTimeoutAction=</varname> optionally configures an additional action to take when |
3f9a0a52 | 926 | the timeout is hit, see description of <varname>JobTimeoutSec=</varname> and |
de597248 ZJS |
927 | <varname>JobRunningTimeoutSec=</varname> above. It takes the same values as |
928 | <varname>StartLimitAction=</varname>. Defaults to <option>none</option>. | |
0aabe747 | 929 | <varname>JobTimeoutRebootArgument=</varname> configures an optional reboot string to pass to the |
de597248 ZJS |
930 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call. |
931 | </para></listitem> | |
798d3a52 ZJS |
932 | </varlistentry> |
933 | ||
6bf0f408 | 934 | <varlistentry> |
fc5ffacd ZJS |
935 | <term><varname>StartLimitIntervalSec=<replaceable>interval</replaceable></varname></term> |
936 | <term><varname>StartLimitBurst=<replaceable>burst</replaceable></varname></term> | |
6bf0f408 | 937 | |
fc5ffacd | 938 | <listitem><para>Configure unit start rate limiting. Units which are started more than |
b94f4313 LP |
939 | <replaceable>burst</replaceable> times within an <replaceable>interval</replaceable> time interval are not |
940 | permitted to start any more. Use <varname>StartLimitIntervalSec=</varname> to configure the checking interval | |
941 | (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, set it to 0 to | |
942 | disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many starts per | |
943 | interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager configuration | |
944 | file). These configuration options are particularly useful in conjunction with the service setting | |
945 | <varname>Restart=</varname> (see | |
6bf0f408 LP |
946 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however, |
947 | they apply to all kinds of starts (including manual), not just those triggered by the | |
948 | <varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and | |
949 | which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted | |
b94f4313 LP |
950 | manually at a later point, after the <replaceable>interval</replaceable> has passed. From this point on, the |
951 | restart logic is activated again. Note that <command>systemctl reset-failed</command> will cause the restart | |
952 | rate counter for a service to be flushed, which is useful if the administrator wants to manually start a unit | |
953 | and the start limit interferes with that. Note that this rate-limiting is enforced after any unit condition | |
954 | checks are executed, and hence unit activations with failing conditions do not count towards this rate | |
955 | limit. This setting does not apply to slice, target, device, and scope units, since they are unit types whose | |
956 | activation may either never fail, or may succeed only a single time.</para> | |
957 | ||
958 | <para>When a unit is unloaded due to the garbage collection logic (see above) its rate limit counters are | |
1b2ad5d9 | 959 | flushed out too. This means that configuring start rate limiting for a unit that is not referenced continuously |
b94f4313 | 960 | has no effect.</para></listitem> |
6bf0f408 LP |
961 | </varlistentry> |
962 | ||
963 | <varlistentry> | |
964 | <term><varname>StartLimitAction=</varname></term> | |
965 | ||
454dd6ce ZJS |
966 | <listitem><para>Configure an additional action to take if the rate limit configured with |
967 | <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same | |
968 | values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes | |
969 | the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that | |
970 | the start will not be permitted. Defaults to <option>none</option>.</para></listitem> | |
6bf0f408 LP |
971 | </varlistentry> |
972 | ||
53c35a76 | 973 | |
6bf0f408 LP |
974 | <varlistentry> |
975 | <term><varname>RebootArgument=</varname></term> | |
976 | <listitem><para>Configure the optional argument for the | |
977 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if | |
53c35a76 | 978 | <varname>StartLimitAction=</varname> or <varname>FailureAction=</varname> is a reboot action. This |
6bf0f408 LP |
979 | works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem> |
980 | </varlistentry> | |
981 | ||
798d3a52 ZJS |
982 | <varlistentry> |
983 | <term><varname>ConditionArchitecture=</varname></term> | |
984 | <term><varname>ConditionVirtualization=</varname></term> | |
985 | <term><varname>ConditionHost=</varname></term> | |
986 | <term><varname>ConditionKernelCommandLine=</varname></term> | |
5022f08a | 987 | <term><varname>ConditionKernelVersion=</varname></term> |
798d3a52 ZJS |
988 | <term><varname>ConditionSecurity=</varname></term> |
989 | <term><varname>ConditionCapability=</varname></term> | |
990 | <term><varname>ConditionACPower=</varname></term> | |
991 | <term><varname>ConditionNeedsUpdate=</varname></term> | |
992 | <term><varname>ConditionFirstBoot=</varname></term> | |
993 | <term><varname>ConditionPathExists=</varname></term> | |
994 | <term><varname>ConditionPathExistsGlob=</varname></term> | |
995 | <term><varname>ConditionPathIsDirectory=</varname></term> | |
996 | <term><varname>ConditionPathIsSymbolicLink=</varname></term> | |
997 | <term><varname>ConditionPathIsMountPoint=</varname></term> | |
998 | <term><varname>ConditionPathIsReadWrite=</varname></term> | |
999 | <term><varname>ConditionDirectoryNotEmpty=</varname></term> | |
1000 | <term><varname>ConditionFileNotEmpty=</varname></term> | |
1001 | <term><varname>ConditionFileIsExecutable=</varname></term> | |
c465a29f FS |
1002 | <term><varname>ConditionUser=</varname></term> |
1003 | <term><varname>ConditionGroup=</varname></term> | |
e16647c3 | 1004 | <term><varname>ConditionControlGroupController=</varname></term> |
798d3a52 | 1005 | |
7ca41557 | 1006 | <!-- We do not document ConditionNull= |
b938cb90 | 1007 | here, as it is not particularly |
798d3a52 ZJS |
1008 | useful and probably just |
1009 | confusing. --> | |
1010 | ||
41448597 LP |
1011 | <listitem><para>Before starting a unit, verify that the specified condition is true. If it is not true, the |
1012 | starting of the unit will be (mostly silently) skipped, however all ordering dependencies of it are still | |
53bd20ea LP |
1013 | respected. A failing condition will not result in the unit being moved into the <literal>failed</literal> |
1014 | state. The condition is checked at the time the queued start job is to be executed. Use condition expressions | |
1015 | in order to silently skip units that do not apply to the local running system, for example because the kernel | |
1016 | or runtime environment doesn't require their functionality. Use the various | |
1017 | <varname>AssertArchitecture=</varname>, <varname>AssertVirtualization=</varname>, … options for a similar | |
1018 | mechanism that causes the job to fail (instead of being skipped) and results in logging about the failed check | |
1019 | (instead of being silently processed). For details about assertion conditions see below.</para> | |
798d3a52 ZJS |
1020 | |
1021 | <para><varname>ConditionArchitecture=</varname> may be used to | |
1022 | check whether the system is running on a specific | |
1023 | architecture. Takes one of | |
1024 | <varname>x86</varname>, | |
1025 | <varname>x86-64</varname>, | |
1026 | <varname>ppc</varname>, | |
1027 | <varname>ppc-le</varname>, | |
1028 | <varname>ppc64</varname>, | |
1029 | <varname>ppc64-le</varname>, | |
1030 | <varname>ia64</varname>, | |
1031 | <varname>parisc</varname>, | |
1032 | <varname>parisc64</varname>, | |
1033 | <varname>s390</varname>, | |
1034 | <varname>s390x</varname>, | |
1035 | <varname>sparc</varname>, | |
1036 | <varname>sparc64</varname>, | |
1037 | <varname>mips</varname>, | |
1038 | <varname>mips-le</varname>, | |
1039 | <varname>mips64</varname>, | |
1040 | <varname>mips64-le</varname>, | |
1041 | <varname>alpha</varname>, | |
1042 | <varname>arm</varname>, | |
1043 | <varname>arm-be</varname>, | |
1044 | <varname>arm64</varname>, | |
1045 | <varname>arm64-be</varname>, | |
1046 | <varname>sh</varname>, | |
1047 | <varname>sh64</varname>, | |
215a2db4 | 1048 | <varname>m68k</varname>, |
798d3a52 | 1049 | <varname>tilegx</varname>, |
27b09f1f AB |
1050 | <varname>cris</varname>, |
1051 | <varname>arc</varname>, | |
1052 | <varname>arc-be</varname> to test | |
798d3a52 ZJS |
1053 | against a specific architecture. The architecture is |
1054 | determined from the information returned by | |
3ba3a79d | 1055 | <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
798d3a52 ZJS |
1056 | and is thus subject to |
1057 | <citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>. | |
1058 | Note that a <varname>Personality=</varname> setting in the | |
1059 | same unit file has no effect on this condition. A special | |
1060 | architecture name <varname>native</varname> is mapped to the | |
1061 | architecture the system manager itself is compiled for. The | |
1062 | test may be negated by prepending an exclamation mark.</para> | |
1063 | ||
1064 | <para><varname>ConditionVirtualization=</varname> may be used | |
1065 | to check whether the system is executed in a virtualized | |
1066 | environment and optionally test whether it is a specific | |
1067 | implementation. Takes either boolean value to check if being | |
1068 | executed in any virtualized environment, or one of | |
1069 | <varname>vm</varname> and | |
1070 | <varname>container</varname> to test against a generic type of | |
1071 | virtualization solution, or one of | |
1072 | <varname>qemu</varname>, | |
1073 | <varname>kvm</varname>, | |
1074 | <varname>zvm</varname>, | |
1075 | <varname>vmware</varname>, | |
1076 | <varname>microsoft</varname>, | |
1077 | <varname>oracle</varname>, | |
1078 | <varname>xen</varname>, | |
1079 | <varname>bochs</varname>, | |
1080 | <varname>uml</varname>, | |
9bfaf6ea | 1081 | <varname>bhyve</varname>, |
1fdf07f5 | 1082 | <varname>qnx</varname>, |
798d3a52 ZJS |
1083 | <varname>openvz</varname>, |
1084 | <varname>lxc</varname>, | |
1085 | <varname>lxc-libvirt</varname>, | |
1086 | <varname>systemd-nspawn</varname>, | |
9fb16425 | 1087 | <varname>docker</varname>, |
0f0e30ad | 1088 | <varname>rkt</varname>, |
6c8a2c67 | 1089 | <varname>wsl</varname>, |
0f0e30ad | 1090 | <varname>acrn</varname> to test |
299a34c1 ZJS |
1091 | against a specific implementation, or |
1092 | <varname>private-users</varname> to check whether we are running in a user namespace. See | |
798d3a52 ZJS |
1093 | <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
1094 | for a full list of known virtualization technologies and their | |
1095 | identifiers. If multiple virtualization technologies are | |
1096 | nested, only the innermost is considered. The test may be | |
1097 | negated by prepending an exclamation mark.</para> | |
1098 | ||
1099 | <para><varname>ConditionHost=</varname> may be used to match | |
1100 | against the hostname or machine ID of the host. This either | |
1101 | takes a hostname string (optionally with shell style globs) | |
1102 | which is tested against the locally set hostname as returned | |
1103 | by | |
1104 | <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>, | |
1105 | or a machine ID formatted as string (see | |
1106 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>). | |
1107 | The test may be negated by prepending an exclamation | |
1108 | mark.</para> | |
1109 | ||
1110 | <para><varname>ConditionKernelCommandLine=</varname> may be | |
1111 | used to check whether a specific kernel command line option is | |
1112 | set (or if prefixed with the exclamation mark unset). The | |
1113 | argument must either be a single word, or an assignment (i.e. | |
1114 | two words, separated <literal>=</literal>). In the former case | |
1115 | the kernel command line is searched for the word appearing as | |
1116 | is, or as left hand side of an assignment. In the latter case, | |
1117 | the exact assignment is looked for with right and left hand | |
1118 | side matching.</para> | |
1119 | ||
5022f08a LP |
1120 | <para><varname>ConditionKernelVersion=</varname> may be used to check whether the kernel version (as reported |
1121 | by <command>uname -r</command>) matches a certain expression (or if prefixed with the exclamation mark does not | |
68c58c67 LP |
1122 | match it). The argument must be a single string. If the string starts with one of <literal><</literal>, |
1123 | <literal><=</literal>, <literal>=</literal>, <literal>>=</literal>, <literal>></literal> a relative | |
1124 | version comparison is done, otherwise the specified string is matched with shell-style globs.</para> | |
5022f08a | 1125 | |
871c6d54 ZJS |
1126 | <para>Note that using the kernel version string is an unreliable way to determine which features are supported |
1127 | by a kernel, because of the widespread practice of backporting drivers, features, and fixes from newer upstream | |
1128 | kernels into older versions provided by distributions. Hence, this check is inherently unportable and should | |
1129 | not be used for units which may be used on different distributions.</para> | |
1130 | ||
be405b90 LP |
1131 | <para><varname>ConditionSecurity=</varname> may be used to check |
1132 | whether the given security technology is enabled on the | |
b8e1d4d1 | 1133 | system. Currently, the recognized values are |
be405b90 LP |
1134 | <varname>selinux</varname>, <varname>apparmor</varname>, |
1135 | <varname>tomoyo</varname>, <varname>ima</varname>, | |
1136 | <varname>smack</varname>, <varname>audit</varname> and | |
1137 | <varname>uefi-secureboot</varname>. The test may be negated by | |
798d3a52 ZJS |
1138 | prepending an exclamation mark.</para> |
1139 | ||
1140 | <para><varname>ConditionCapability=</varname> may be used to | |
1141 | check whether the given capability exists in the capability | |
1142 | bounding set of the service manager (i.e. this does not check | |
1143 | whether capability is actually available in the permitted or | |
1144 | effective sets, see | |
1145 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
1146 | for details). Pass a capability name such as | |
1147 | <literal>CAP_MKNOD</literal>, possibly prefixed with an | |
1148 | exclamation mark to negate the check.</para> | |
1149 | ||
1150 | <para><varname>ConditionACPower=</varname> may be used to | |
1151 | check whether the system has AC power, or is exclusively | |
1152 | battery powered at the time of activation of the unit. This | |
1153 | takes a boolean argument. If set to <varname>true</varname>, | |
1154 | the condition will hold only if at least one AC connector of | |
1155 | the system is connected to a power source, or if no AC | |
1156 | connectors are known. Conversely, if set to | |
1157 | <varname>false</varname>, the condition will hold only if | |
1158 | there is at least one AC connector known and all AC connectors | |
1159 | are disconnected from a power source.</para> | |
1160 | ||
1161 | <para><varname>ConditionNeedsUpdate=</varname> takes one of | |
1162 | <filename>/var</filename> or <filename>/etc</filename> as | |
1163 | argument, possibly prefixed with a <literal>!</literal> (for | |
1164 | inverting the condition). This condition may be used to | |
1165 | conditionalize units on whether the specified directory | |
1166 | requires an update because <filename>/usr</filename>'s | |
1167 | modification time is newer than the stamp file | |
1168 | <filename>.updated</filename> in the specified directory. This | |
1169 | is useful to implement offline updates of the vendor operating | |
1170 | system resources in <filename>/usr</filename> that require | |
1171 | updating of <filename>/etc</filename> or | |
1172 | <filename>/var</filename> on the next following boot. Units | |
1173 | making use of this condition should order themselves before | |
1174 | <citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
7f3fdb7f | 1175 | to make sure they run before the stamp file's modification |
798d3a52 ZJS |
1176 | time gets reset indicating a completed update.</para> |
1177 | ||
23254af1 LP |
1178 | <para><varname>ConditionFirstBoot=</varname> takes a boolean argument. This condition may be used to |
1179 | conditionalize units on whether the system is booting up with an unpopulated <filename>/etc</filename> | |
1180 | directory (specifically: an <filename>/etc</filename> with no <filename>/etc/machine-id</filename>). This may | |
1181 | be used to populate <filename>/etc</filename> on the first boot after factory reset, or when a new system | |
1182 | instance boots up for the first time.</para> | |
798d3a52 ZJS |
1183 | |
1184 | <para>With <varname>ConditionPathExists=</varname> a file | |
1185 | existence condition is checked before a unit is started. If | |
1186 | the specified absolute path name does not exist, the condition | |
1187 | will fail. If the absolute path name passed to | |
1188 | <varname>ConditionPathExists=</varname> is prefixed with an | |
1189 | exclamation mark (<literal>!</literal>), the test is negated, | |
1190 | and the unit is only started if the path does not | |
1191 | exist.</para> | |
1192 | ||
1193 | <para><varname>ConditionPathExistsGlob=</varname> is similar | |
1194 | to <varname>ConditionPathExists=</varname>, but checks for the | |
1195 | existence of at least one file or directory matching the | |
1196 | specified globbing pattern.</para> | |
1197 | ||
1198 | <para><varname>ConditionPathIsDirectory=</varname> is similar | |
1199 | to <varname>ConditionPathExists=</varname> but verifies | |
1200 | whether a certain path exists and is a directory.</para> | |
1201 | ||
1202 | <para><varname>ConditionPathIsSymbolicLink=</varname> is | |
1203 | similar to <varname>ConditionPathExists=</varname> but | |
1204 | verifies whether a certain path exists and is a symbolic | |
1205 | link.</para> | |
1206 | ||
1207 | <para><varname>ConditionPathIsMountPoint=</varname> is similar | |
1208 | to <varname>ConditionPathExists=</varname> but verifies | |
1209 | whether a certain path exists and is a mount point.</para> | |
1210 | ||
1211 | <para><varname>ConditionPathIsReadWrite=</varname> is similar | |
1212 | to <varname>ConditionPathExists=</varname> but verifies | |
1213 | whether the underlying file system is readable and writable | |
1214 | (i.e. not mounted read-only).</para> | |
1215 | ||
1216 | <para><varname>ConditionDirectoryNotEmpty=</varname> is | |
1217 | similar to <varname>ConditionPathExists=</varname> but | |
1218 | verifies whether a certain path exists and is a non-empty | |
1219 | directory.</para> | |
1220 | ||
1221 | <para><varname>ConditionFileNotEmpty=</varname> is similar to | |
1222 | <varname>ConditionPathExists=</varname> but verifies whether a | |
1223 | certain path exists and refers to a regular file with a | |
1224 | non-zero size.</para> | |
1225 | ||
1226 | <para><varname>ConditionFileIsExecutable=</varname> is similar | |
1227 | to <varname>ConditionPathExists=</varname> but verifies | |
1228 | whether a certain path exists, is a regular file and marked | |
1229 | executable.</para> | |
1230 | ||
c465a29f | 1231 | <para><varname>ConditionUser=</varname> takes a numeric |
534bab66 FS |
1232 | <literal>UID</literal>, a UNIX user name, or the special value |
1233 | <literal>@system</literal>. This condition may be used to check | |
1234 | whether the service manager is running as the given user. The | |
1235 | special value <literal>@system</literal> can be used to check | |
1236 | if the user id is within the system user range. This option is not | |
c465a29f FS |
1237 | useful for system services, as the system manager exclusively |
1238 | runs as the root user, and thus the test result is constant.</para> | |
1239 | ||
1240 | <para><varname>ConditionGroup=</varname> is similar | |
1241 | to <varname>ConditionUser=</varname> but verifies that the | |
1242 | service manager's real or effective group, or any of its | |
534bab66 FS |
1243 | auxiliary groups match the specified group or GID. This setting |
1244 | does not have a special value <literal>@system</literal>.</para> | |
c465a29f | 1245 | |
e16647c3 CD |
1246 | <para><varname>ConditionControlGroupController=</varname> takes a |
1247 | cgroup controller name (eg. <option>cpu</option>), verifying that it is | |
1248 | available for use on the system. For example, a particular controller | |
1249 | may not be available if it was disabled on the kernel command line with | |
aad1e6be CD |
1250 | <varname>cgroup_disable=controller</varname>. Multiple controllers may |
1251 | be passed with a space separating them; in this case the condition will | |
1252 | only pass if all listed controllers are available for use. Controllers | |
1253 | unknown to systemd are ignored. Valid controllers are | |
1254 | <option>cpu</option>, <option>cpuacct</option>, <option>io</option>, | |
1255 | <option>blkio</option>, <option>memory</option>, | |
e16647c3 CD |
1256 | <option>devices</option>, and <option>pids</option>.</para> |
1257 | ||
798d3a52 ZJS |
1258 | <para>If multiple conditions are specified, the unit will be |
1259 | executed if all of them apply (i.e. a logical AND is applied). | |
1260 | Condition checks can be prefixed with a pipe symbol (|) in | |
1261 | which case a condition becomes a triggering condition. If at | |
1262 | least one triggering condition is defined for a unit, then the | |
1263 | unit will be executed if at least one of the triggering | |
1264 | conditions apply and all of the non-triggering conditions. If | |
1265 | you prefix an argument with the pipe symbol and an exclamation | |
1266 | mark, the pipe symbol must be passed first, the exclamation | |
1267 | second. Except for | |
1268 | <varname>ConditionPathIsSymbolicLink=</varname>, all path | |
1269 | checks follow symlinks. If any of these options is assigned | |
1270 | the empty string, the list of conditions is reset completely, | |
1271 | all previous condition settings (of any kind) will have no | |
1272 | effect.</para></listitem> | |
1273 | </varlistentry> | |
1274 | ||
1275 | <varlistentry> | |
1276 | <term><varname>AssertArchitecture=</varname></term> | |
1277 | <term><varname>AssertVirtualization=</varname></term> | |
1278 | <term><varname>AssertHost=</varname></term> | |
1279 | <term><varname>AssertKernelCommandLine=</varname></term> | |
5022f08a | 1280 | <term><varname>AssertKernelVersion=</varname></term> |
798d3a52 ZJS |
1281 | <term><varname>AssertSecurity=</varname></term> |
1282 | <term><varname>AssertCapability=</varname></term> | |
1283 | <term><varname>AssertACPower=</varname></term> | |
1284 | <term><varname>AssertNeedsUpdate=</varname></term> | |
1285 | <term><varname>AssertFirstBoot=</varname></term> | |
1286 | <term><varname>AssertPathExists=</varname></term> | |
1287 | <term><varname>AssertPathExistsGlob=</varname></term> | |
1288 | <term><varname>AssertPathIsDirectory=</varname></term> | |
1289 | <term><varname>AssertPathIsSymbolicLink=</varname></term> | |
1290 | <term><varname>AssertPathIsMountPoint=</varname></term> | |
1291 | <term><varname>AssertPathIsReadWrite=</varname></term> | |
1292 | <term><varname>AssertDirectoryNotEmpty=</varname></term> | |
1293 | <term><varname>AssertFileNotEmpty=</varname></term> | |
1294 | <term><varname>AssertFileIsExecutable=</varname></term> | |
c465a29f FS |
1295 | <term><varname>AssertUser=</varname></term> |
1296 | <term><varname>AssertGroup=</varname></term> | |
e16647c3 | 1297 | <term><varname>AssertControlGroupController=</varname></term> |
798d3a52 | 1298 | |
41448597 LP |
1299 | <listitem><para>Similar to the <varname>ConditionArchitecture=</varname>, |
1300 | <varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add | |
1301 | assertion checks to the start-up of the unit. However, unlike the conditions settings, any assertion setting | |
53bd20ea LP |
1302 | that is not met results in failure of the start job (which means this is logged loudly). Note that hitting a |
1303 | configured assertion does not cause the unit to enter the <literal>failed</literal> state (or in fact result in | |
1304 | any state change of the unit), it affects only the job queued for it. Use assertion expressions for units that | |
1305 | cannot operate when specific requirements are not met, and when this is something the administrator or user | |
1306 | should look into.</para> | |
1307 | ||
1308 | <para>Note that neither assertion nor condition expressions result in unit state changes. Also note that both | |
1309 | are checked at the time the job is to be executed, i.e. long after depending jobs and it itself were | |
1310 | queued. Thus, neither condition nor assertion expressions are suitable for conditionalizing unit | |
1311 | dependencies.</para></listitem> | |
798d3a52 ZJS |
1312 | </varlistentry> |
1313 | ||
1314 | <varlistentry> | |
1315 | <term><varname>SourcePath=</varname></term> | |
1316 | <listitem><para>A path to a configuration file this unit has | |
1317 | been generated from. This is primarily useful for | |
1318 | implementation of generator tools that convert configuration | |
1319 | from an external configuration file format into native unit | |
1320 | files. This functionality should not be used in normal | |
1321 | units.</para></listitem> | |
1322 | </varlistentry> | |
1323 | </variablelist> | |
2bf92506 ZJS |
1324 | </refsect1> |
1325 | ||
1326 | <refsect1> | |
1327 | <title>Mapping of unit properties to their inverses</title> | |
1328 | ||
1329 | <para>Unit settings that create a relationship with a second unit usually show up | |
1330 | in properties of both units, for example in <command>systemctl show</command> | |
1331 | output. In some cases the name of the property is the same as the name of the | |
2116134b | 1332 | configuration setting, but not always. This table lists the properties |
2bf92506 ZJS |
1333 | that are shown on two units which are connected through some dependency, and shows |
1334 | which property on "source" unit corresponds to which property on the "target" unit. | |
1335 | </para> | |
1336 | ||
1337 | <table> | |
1338 | <title> | |
1339 | "Forward" and "reverse" unit properties | |
1340 | </title> | |
1341 | ||
1342 | <tgroup cols='2'> | |
1343 | <colspec colname='forward' /> | |
1344 | <colspec colname='reverse' /> | |
1345 | <colspec colname='notes' /> | |
1346 | <thead> | |
1347 | <row> | |
1348 | <entry>"Forward" property</entry> | |
1349 | <entry>"Reverse" property</entry> | |
1350 | <entry>Where used</entry> | |
1351 | </row> | |
1352 | </thead> | |
1353 | <tbody> | |
1354 | <row> | |
1355 | <entry><varname>Before=</varname></entry> | |
1356 | <entry><varname>After=</varname></entry> | |
1357 | <entry morerows='1' valign='middle'>Both are unit file options</entry> | |
1358 | </row> | |
1359 | <row> | |
1360 | <entry><varname>After=</varname></entry> | |
1361 | <entry><varname>Before=</varname></entry> | |
1362 | </row> | |
1363 | <row> | |
1364 | <entry><varname>Requires=</varname></entry> | |
1365 | <entry><varname>RequiredBy=</varname></entry> | |
1366 | <entry>A unit file option; an option in the [Install] section</entry> | |
1367 | </row> | |
1368 | <row> | |
1369 | <entry><varname>Wants=</varname></entry> | |
1370 | <entry><varname>WantedBy=</varname></entry> | |
1371 | <entry>A unit file option; an option in the [Install] section</entry> | |
1372 | </row> | |
1373 | <row> | |
1374 | <entry><varname>PartOf=</varname></entry> | |
1375 | <entry><varname>ConsistsOf=</varname></entry> | |
1376 | <entry>A unit file option; an automatic property</entry> | |
1377 | </row> | |
1378 | <row> | |
1379 | <entry><varname>BindsTo=</varname></entry> | |
1380 | <entry><varname>BoundBy=</varname></entry> | |
1381 | <entry>A unit file option; an automatic property</entry> | |
1382 | </row> | |
1383 | <row> | |
1384 | <entry><varname>Requisite=</varname></entry> | |
1385 | <entry><varname>RequisiteOf=</varname></entry> | |
1386 | <entry>A unit file option; an automatic property</entry> | |
1387 | </row> | |
1388 | <row> | |
1389 | <entry><varname>Triggers=</varname></entry> | |
1390 | <entry><varname>TriggeredBy=</varname></entry> | |
1391 | <entry>Automatic properties, see notes below</entry> | |
1392 | </row> | |
1393 | <row> | |
1394 | <entry><varname>Conflicts=</varname></entry> | |
1395 | <entry><varname>ConflictedBy=</varname></entry> | |
1396 | <entry>A unit file option; an automatic property</entry> | |
1397 | </row> | |
1398 | <row> | |
1399 | <entry><varname>PropagatesReloadTo=</varname></entry> | |
1400 | <entry><varname>ReloadPropagatedFrom=</varname></entry> | |
1401 | <entry morerows='1' valign='middle'>Both are unit file options</entry> | |
1402 | </row> | |
1403 | <row> | |
1404 | <entry><varname>ReloadPropagatedFrom=</varname></entry> | |
1405 | <entry><varname>PropagatesReloadTo=</varname></entry> | |
1406 | </row> | |
2116134b ZJS |
1407 | <row> |
1408 | <entry><varname>Following=</varname></entry> | |
1409 | <entry>n/a</entry> | |
1410 | <entry>An automatic property</entry> | |
1411 | </row> | |
2bf92506 ZJS |
1412 | </tbody> |
1413 | </tgroup> | |
1414 | </table> | |
798d3a52 | 1415 | |
2bf92506 ZJS |
1416 | <para>Note: <varname>WantedBy=</varname> and <varname>RequiredBy=</varname> are |
1417 | used in the [Install] section to create symlinks in <filename>.wants/</filename> | |
1418 | and <filename>.requires/</filename> directories. They cannot be used directly as a | |
1419 | unit configuration setting.</para> | |
1420 | ||
1421 | <para>Note: <varname>ConsistsOf=</varname>, <varname>BoundBy=</varname>, | |
1422 | <varname>RequisiteOf=</varname>, <varname>ConflictedBy=</varname> are created | |
1423 | implicitly along with their reverse and cannot be specified directly.</para> | |
1424 | ||
1425 | <para>Note: <varname>Triggers=</varname> is created implicitly between a socket, | |
1426 | path unit, or an automount unit, and the unit they activate. By default a unit | |
1b2ad5d9 | 1427 | with the same name is triggered, but this can be overridden using |
2bf92506 ZJS |
1428 | <varname>Sockets=</varname>, <varname>Service=</varname>, and <varname>Unit=</varname> |
1429 | settings. See | |
1430 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1431 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1432 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1433 | and | |
1434 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
1435 | for details. <varname>TriggersBy=</varname> is created implicitly on the | |
1436 | triggered unit.</para> | |
2116134b ZJS |
1437 | |
1438 | <para>Note: <varname>Following=</varname> is used to group device aliases and points to the | |
1439 | "primary" device unit that systemd is using to track device state, usually corresponding to a | |
1440 | sysfs path. It does not show up in the "target" unit.</para> | |
798d3a52 ZJS |
1441 | </refsect1> |
1442 | ||
1443 | <refsect1> | |
1444 | <title>[Install] Section Options</title> | |
1445 | ||
be73bb48 LP |
1446 | <para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for |
1447 | the unit. This section is not interpreted by | |
1448 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is | |
1449 | used by the <command>enable</command> and <command>disable</command> commands of the | |
1450 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during | |
caa45f5b | 1451 | installation of a unit.</para> |
798d3a52 ZJS |
1452 | |
1453 | <variablelist class='unit-directives'> | |
1454 | <varlistentry> | |
1455 | <term><varname>Alias=</varname></term> | |
1456 | ||
f4bf8d2f | 1457 | <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed |
1245e413 | 1458 | here must have the same suffix (i.e. type) as the unit filename. This option may be specified more than once, |
f4bf8d2f LP |
1459 | in which case all listed names are used. At installation time, <command>systemctl enable</command> will create |
1460 | symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this | |
1461 | setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support | |
1462 | aliasing.</para></listitem> | |
798d3a52 ZJS |
1463 | </varlistentry> |
1464 | ||
1465 | <varlistentry> | |
1466 | <term><varname>WantedBy=</varname></term> | |
1467 | <term><varname>RequiredBy=</varname></term> | |
1468 | ||
1469 | <listitem><para>This option may be used more than once, or a | |
1470 | space-separated list of unit names may be given. A symbolic | |
1471 | link is created in the <filename>.wants/</filename> or | |
1472 | <filename>.requires/</filename> directory of each of the | |
1473 | listed units when this unit is installed by <command>systemctl | |
1474 | enable</command>. This has the effect that a dependency of | |
1475 | type <varname>Wants=</varname> or <varname>Requires=</varname> | |
1476 | is added from the listed unit to the current unit. The primary | |
1477 | result is that the current unit will be started when the | |
1478 | listed unit is started. See the description of | |
1479 | <varname>Wants=</varname> and <varname>Requires=</varname> in | |
1480 | the [Unit] section for details.</para> | |
1481 | ||
1482 | <para><command>WantedBy=foo.service</command> in a service | |
1483 | <filename>bar.service</filename> is mostly equivalent to | |
1484 | <command>Alias=foo.service.wants/bar.service</command> in the | |
1485 | same file. In case of template units, <command>systemctl | |
1486 | enable</command> must be called with an instance name, and | |
1487 | this instance will be added to the | |
1488 | <filename>.wants/</filename> or | |
1489 | <filename>.requires/</filename> list of the listed unit. E.g. | |
1490 | <command>WantedBy=getty.target</command> in a service | |
1491 | <filename>getty@.service</filename> will result in | |
1492 | <command>systemctl enable getty@tty2.service</command> | |
1493 | creating a | |
1494 | <filename>getty.target.wants/getty@tty2.service</filename> | |
1495 | link to <filename>getty@.service</filename>. | |
1496 | </para></listitem> | |
1497 | </varlistentry> | |
1498 | ||
1499 | <varlistentry> | |
1500 | <term><varname>Also=</varname></term> | |
1501 | ||
1502 | <listitem><para>Additional units to install/deinstall when | |
1503 | this unit is installed/deinstalled. If the user requests | |
1504 | installation/deinstallation of a unit with this option | |
1505 | configured, <command>systemctl enable</command> and | |
1506 | <command>systemctl disable</command> will automatically | |
1507 | install/uninstall units listed in this option as well.</para> | |
1508 | ||
1509 | <para>This option may be used more than once, or a | |
1510 | space-separated list of unit names may be | |
1511 | given.</para></listitem> | |
1512 | </varlistentry> | |
1513 | ||
1514 | <varlistentry> | |
1515 | <term><varname>DefaultInstance=</varname></term> | |
1516 | ||
1517 | <listitem><para>In template unit files, this specifies for | |
1518 | which instance the unit shall be enabled if the template is | |
1519 | enabled without any explicitly set instance. This option has | |
1520 | no effect in non-template unit files. The specified string | |
1521 | must be usable as instance identifier.</para></listitem> | |
1522 | </varlistentry> | |
1523 | </variablelist> | |
1524 | ||
1525 | <para>The following specifiers are interpreted in the Install | |
b75f0c69 DC |
1526 | section: %n, %N, %p, %i, %j, %g, %G, %U, %u, %m, %H, %b, %v. For their |
1527 | meaning see the next section. | |
798d3a52 ZJS |
1528 | </para> |
1529 | </refsect1> | |
1530 | ||
1531 | <refsect1> | |
1532 | <title>Specifiers</title> | |
1533 | ||
1534 | <para>Many settings resolve specifiers which may be used to write | |
1535 | generic unit files referring to runtime or unit parameters that | |
751223fe ZJS |
1536 | are replaced when the unit files are loaded. Specifiers must be known |
1537 | and resolvable for the setting to be valid. The following | |
798d3a52 ZJS |
1538 | specifiers are understood:</para> |
1539 | ||
1540 | <table> | |
1541 | <title>Specifiers available in unit files</title> | |
1542 | <tgroup cols='3' align='left' colsep='1' rowsep='1'> | |
1543 | <colspec colname="spec" /> | |
1544 | <colspec colname="mean" /> | |
1545 | <colspec colname="detail" /> | |
1546 | <thead> | |
1547 | <row> | |
5a15caf4 ZJS |
1548 | <entry>Specifier</entry> |
1549 | <entry>Meaning</entry> | |
1550 | <entry>Details</entry> | |
798d3a52 ZJS |
1551 | </row> |
1552 | </thead> | |
1553 | <tbody> | |
1554 | <row> | |
709f4c47 LP |
1555 | <entry><literal>%b</literal></entry> |
1556 | <entry>Boot ID</entry> | |
1557 | <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry> | |
798d3a52 ZJS |
1558 | </row> |
1559 | <row> | |
709f4c47 LP |
1560 | <entry><literal>%C</literal></entry> |
1561 | <entry>Cache directory root</entry> | |
1562 | <entry>This is either <filename>/var/cache</filename> (for the system manager) or the path <literal>$XDG_CACHE_HOME</literal> resolves to (for user managers).</entry> | |
798d3a52 | 1563 | </row> |
969309c2 YW |
1564 | <row> |
1565 | <entry><literal>%E</literal></entry> | |
1566 | <entry>Configuration directory root</entry> | |
1567 | <entry>This is either <filename>/etc</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry> | |
1568 | </row> | |
798d3a52 | 1569 | <row> |
709f4c47 LP |
1570 | <entry><literal>%f</literal></entry> |
1571 | <entry>Unescaped filename</entry> | |
1572 | <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>. This implements unescaping according to the rules for escaping absolute file system paths discussed above.</entry> | |
798d3a52 ZJS |
1573 | </row> |
1574 | <row> | |
709f4c47 LP |
1575 | <entry><literal>%h</literal></entry> |
1576 | <entry>User home directory</entry> | |
1577 | <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry> | |
1578 | </row> | |
1579 | <row> | |
1580 | <entry><literal>%H</literal></entry> | |
1581 | <entry>Host name</entry> | |
1582 | <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry> | |
798d3a52 ZJS |
1583 | </row> |
1584 | <row> | |
5a15caf4 ZJS |
1585 | <entry><literal>%i</literal></entry> |
1586 | <entry>Instance name</entry> | |
e1a7f622 | 1587 | <entry>For instantiated units this is the string between the first <literal>@</literal> character and the type suffix. Empty for non-instantiated units.</entry> |
798d3a52 ZJS |
1588 | </row> |
1589 | <row> | |
5a15caf4 ZJS |
1590 | <entry><literal>%I</literal></entry> |
1591 | <entry>Unescaped instance name</entry> | |
e1a7f622 | 1592 | <entry>Same as <literal>%i</literal>, but with escaping undone.</entry> |
798d3a52 | 1593 | </row> |
250e9fad ZJS |
1594 | <row> |
1595 | <entry><literal>%j</literal></entry> | |
1596 | <entry>Final component of the prefix</entry> | |
1597 | <entry>This is the string between the last <literal>-</literal> and the end of the prefix name. If there is no <literal>-</literal>, this is the same as <literal>%p</literal>.</entry> | |
1598 | </row> | |
1599 | <row> | |
1600 | <entry><literal>%J</literal></entry> | |
1601 | <entry>Unescaped final component of the prefix</entry> | |
1602 | <entry>Same as <literal>%j</literal>, but with escaping undone.</entry> | |
1603 | </row> | |
798d3a52 | 1604 | <row> |
709f4c47 LP |
1605 | <entry><literal>%L</literal></entry> |
1606 | <entry>Log directory root</entry> | |
1607 | <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename noindex='true'>/log</filename> appended (for user managers).</entry> | |
14068e17 LP |
1608 | </row> |
1609 | <row> | |
709f4c47 LP |
1610 | <entry><literal>%m</literal></entry> |
1611 | <entry>Machine ID</entry> | |
1612 | <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry> | |
14068e17 LP |
1613 | </row> |
1614 | <row> | |
709f4c47 LP |
1615 | <entry><literal>%n</literal></entry> |
1616 | <entry>Full unit name</entry> | |
1617 | <entry></entry> | |
14068e17 LP |
1618 | </row> |
1619 | <row> | |
709f4c47 LP |
1620 | <entry><literal>%N</literal></entry> |
1621 | <entry>Full unit name</entry> | |
1622 | <entry>Same as <literal>%n</literal>, but with the type suffix removed.</entry> | |
798d3a52 ZJS |
1623 | </row> |
1624 | <row> | |
709f4c47 LP |
1625 | <entry><literal>%p</literal></entry> |
1626 | <entry>Prefix name</entry> | |
1627 | <entry>For instantiated units, this refers to the string before the first <literal>@</literal> character of the unit name. For non-instantiated units, same as <literal>%N</literal>.</entry> | |
798d3a52 ZJS |
1628 | </row> |
1629 | <row> | |
709f4c47 LP |
1630 | <entry><literal>%P</literal></entry> |
1631 | <entry>Unescaped prefix name</entry> | |
1632 | <entry>Same as <literal>%p</literal>, but with escaping undone.</entry> | |
798d3a52 ZJS |
1633 | </row> |
1634 | <row> | |
5a15caf4 ZJS |
1635 | <entry><literal>%s</literal></entry> |
1636 | <entry>User shell</entry> | |
1637 | <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry> | |
798d3a52 ZJS |
1638 | </row> |
1639 | <row> | |
709f4c47 LP |
1640 | <entry><literal>%S</literal></entry> |
1641 | <entry>State directory root</entry> | |
1642 | <entry>This is either <filename>/var/lib</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry> | |
798d3a52 ZJS |
1643 | </row> |
1644 | <row> | |
709f4c47 LP |
1645 | <entry><literal>%t</literal></entry> |
1646 | <entry>Runtime directory root</entry> | |
1647 | <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry> | |
798d3a52 | 1648 | </row> |
b294e594 LP |
1649 | <row> |
1650 | <entry><literal>%T</literal></entry> | |
1651 | <entry>Directory for temporary files</entry> | |
1652 | <entry>This is either <filename>/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> | |
1653 | </row> | |
b75f0c69 DC |
1654 | <row> |
1655 | <entry><literal>%g</literal></entry> | |
1656 | <entry>User group</entry> | |
1657 | <entry>This is the name of the group running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> | |
1658 | </row> | |
1659 | <row> | |
1660 | <entry><literal>%G</literal></entry> | |
1661 | <entry>User GID</entry> | |
1662 | <entry>This is the numeric GID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> | |
1663 | </row> | |
798d3a52 | 1664 | <row> |
709f4c47 LP |
1665 | <entry><literal>%u</literal></entry> |
1666 | <entry>User name</entry> | |
1667 | <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> | |
1668 | </row> | |
1669 | <row> | |
1670 | <entry><literal>%U</literal></entry> | |
1671 | <entry>User UID</entry> | |
1672 | <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> | |
798d3a52 ZJS |
1673 | </row> |
1674 | <row> | |
5a15caf4 ZJS |
1675 | <entry><literal>%v</literal></entry> |
1676 | <entry>Kernel release</entry> | |
1677 | <entry>Identical to <command>uname -r</command> output</entry> | |
798d3a52 | 1678 | </row> |
b294e594 LP |
1679 | <row> |
1680 | <entry><literal>%V</literal></entry> | |
1681 | <entry>Directory for larger and persistent temporary files</entry> | |
1682 | <entry>This is either <filename>/var/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> | |
1683 | </row> | |
798d3a52 | 1684 | <row> |
5a15caf4 ZJS |
1685 | <entry><literal>%%</literal></entry> |
1686 | <entry>Single percent sign</entry> | |
1687 | <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry> | |
798d3a52 ZJS |
1688 | </row> |
1689 | </tbody> | |
1690 | </tgroup> | |
1691 | </table> | |
798d3a52 ZJS |
1692 | </refsect1> |
1693 | ||
1694 | <refsect1> | |
1695 | <title>Examples</title> | |
1696 | ||
1697 | <example> | |
1698 | <title>Allowing units to be enabled</title> | |
1699 | ||
1700 | <para>The following snippet (highlighted) allows a unit (e.g. | |
1701 | <filename>foo.service</filename>) to be enabled via | |
1702 | <command>systemctl enable</command>:</para> | |
1703 | ||
1704 | <programlisting>[Unit] | |
92b1e225 CS |
1705 | Description=Foo |
1706 | ||
1707 | [Service] | |
1708 | ExecStart=/usr/sbin/foo-daemon | |
1709 | ||
1710 | <emphasis>[Install]</emphasis> | |
1711 | <emphasis>WantedBy=multi-user.target</emphasis></programlisting> | |
1712 | ||
798d3a52 ZJS |
1713 | <para>After running <command>systemctl enable</command>, a |
1714 | symlink | |
12b42c76 | 1715 | <filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename> |
798d3a52 ZJS |
1716 | linking to the actual unit will be created. It tells systemd to |
1717 | pull in the unit when starting | |
1718 | <filename>multi-user.target</filename>. The inverse | |
1719 | <command>systemctl disable</command> will remove that symlink | |
1720 | again.</para> | |
1721 | </example> | |
1722 | ||
1723 | <example> | |
1724 | <title>Overriding vendor settings</title> | |
1725 | ||
1726 | <para>There are two methods of overriding vendor settings in | |
1727 | unit files: copying the unit file from | |
12b42c76 TG |
1728 | <filename>/usr/lib/systemd/system</filename> to |
1729 | <filename>/etc/systemd/system</filename> and modifying the | |
798d3a52 ZJS |
1730 | chosen settings. Alternatively, one can create a directory named |
1731 | <filename><replaceable>unit</replaceable>.d/</filename> within | |
12b42c76 | 1732 | <filename>/etc/systemd/system</filename> and place a drop-in |
798d3a52 ZJS |
1733 | file <filename><replaceable>name</replaceable>.conf</filename> |
1734 | there that only changes the specific settings one is interested | |
1735 | in. Note that multiple such drop-in files are read if | |
8331eaab | 1736 | present, processed in lexicographic order of their filename.</para> |
798d3a52 ZJS |
1737 | |
1738 | <para>The advantage of the first method is that one easily | |
1739 | overrides the complete unit, the vendor unit is not parsed at | |
1740 | all anymore. It has the disadvantage that improvements to the | |
1741 | unit file by the vendor are not automatically incorporated on | |
1742 | updates.</para> | |
1743 | ||
1744 | <para>The advantage of the second method is that one only | |
1745 | overrides the settings one specifically wants, where updates to | |
1746 | the unit by the vendor automatically apply. This has the | |
1747 | disadvantage that some future updates by the vendor might be | |
1748 | incompatible with the local changes.</para> | |
1749 | ||
798d3a52 ZJS |
1750 | <para>This also applies for user instances of systemd, but with |
1751 | different locations for the unit files. See the section on unit | |
1752 | load paths for further details.</para> | |
1753 | ||
1754 | <para>Suppose there is a vendor-supplied unit | |
12b42c76 | 1755 | <filename>/usr/lib/systemd/system/httpd.service</filename> with |
798d3a52 ZJS |
1756 | the following contents:</para> |
1757 | ||
1758 | <programlisting>[Unit] | |
92b1e225 CS |
1759 | Description=Some HTTP server |
1760 | After=remote-fs.target sqldb.service | |
1761 | Requires=sqldb.service | |
1762 | AssertPathExists=/srv/webserver | |
1763 | ||
1764 | [Service] | |
1765 | Type=notify | |
1766 | ExecStart=/usr/sbin/some-fancy-httpd-server | |
1767 | Nice=5 | |
1768 | ||
1769 | [Install] | |
1770 | WantedBy=multi-user.target</programlisting> | |
1771 | ||
798d3a52 ZJS |
1772 | <para>Now one wants to change some settings as an administrator: |
1773 | firstly, in the local setup, <filename>/srv/webserver</filename> | |
e2acdb6b | 1774 | might not exist, because the HTTP server is configured to use |
798d3a52 ZJS |
1775 | <filename>/srv/www</filename> instead. Secondly, the local |
1776 | configuration makes the HTTP server also depend on a memory | |
1777 | cache service, <filename>memcached.service</filename>, that | |
1778 | should be pulled in (<varname>Requires=</varname>) and also be | |
1779 | ordered appropriately (<varname>After=</varname>). Thirdly, in | |
1780 | order to harden the service a bit more, the administrator would | |
1781 | like to set the <varname>PrivateTmp=</varname> setting (see | |
912f003f | 1782 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
798d3a52 ZJS |
1783 | for details). And lastly, the administrator would like to reset |
1784 | the niceness of the service to its default value of 0.</para> | |
1785 | ||
1786 | <para>The first possibility is to copy the unit file to | |
12b42c76 | 1787 | <filename>/etc/systemd/system/httpd.service</filename> and |
798d3a52 ZJS |
1788 | change the chosen settings:</para> |
1789 | ||
1790 | <programlisting>[Unit] | |
92b1e225 CS |
1791 | Description=Some HTTP server |
1792 | After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis> | |
1793 | Requires=sqldb.service <emphasis>memcached.service</emphasis> | |
1794 | AssertPathExists=<emphasis>/srv/www</emphasis> | |
1795 | ||
1796 | [Service] | |
1797 | Type=notify | |
1798 | ExecStart=/usr/sbin/some-fancy-httpd-server | |
1799 | <emphasis>Nice=0</emphasis> | |
1800 | <emphasis>PrivateTmp=yes</emphasis> | |
1801 | ||
1802 | [Install] | |
1803 | WantedBy=multi-user.target</programlisting> | |
1804 | ||
798d3a52 ZJS |
1805 | <para>Alternatively, the administrator could create a drop-in |
1806 | file | |
12b42c76 | 1807 | <filename>/etc/systemd/system/httpd.service.d/local.conf</filename> |
798d3a52 | 1808 | with the following contents:</para> |
92b1e225 | 1809 | |
798d3a52 | 1810 | <programlisting>[Unit] |
92b1e225 CS |
1811 | After=memcached.service |
1812 | Requires=memcached.service | |
1813 | # Reset all assertions and then re-add the condition we want | |
1814 | AssertPathExists= | |
1815 | AssertPathExists=/srv/www | |
1816 | ||
1817 | [Service] | |
1818 | Nice=0 | |
1819 | PrivateTmp=yes</programlisting> | |
1820 | ||
afbc75e6 DB |
1821 | <para>Note that for drop-in files, if one wants to remove |
1822 | entries from a setting that is parsed as a list (and is not a | |
1823 | dependency), such as <varname>AssertPathExists=</varname> (or | |
1824 | e.g. <varname>ExecStart=</varname> in service units), one needs | |
1825 | to first clear the list before re-adding all entries except the | |
1826 | one that is to be removed. Dependencies (<varname>After=</varname>, etc.) | |
798d3a52 ZJS |
1827 | cannot be reset to an empty list, so dependencies can only be |
1828 | added in drop-ins. If you want to remove dependencies, you have | |
1829 | to override the entire unit.</para> | |
0cf4c0d1 | 1830 | |
798d3a52 ZJS |
1831 | </example> |
1832 | </refsect1> | |
1833 | ||
1834 | <refsect1> | |
1835 | <title>See Also</title> | |
1836 | <para> | |
1837 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
1838 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
d1698b82 | 1839 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
798d3a52 ZJS |
1840 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
1841 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1842 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1843 | <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1844 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1845 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1846 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1847 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1848 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1849 | <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
798d3a52 ZJS |
1850 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
1851 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1852 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
1853 | <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
1854 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
1855 | <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
3ba3a79d | 1856 | <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
798d3a52 ZJS |
1857 | </para> |
1858 | </refsect1> | |
d1ab0ca0 LP |
1859 | |
1860 | </refentry> |