]>
Commit | Line | Data |
---|---|---|
c129bd5d | 1 | <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
d1ab0ca0 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
798d3a52 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ |
1a13e31d ZJS |
4 | <!ENTITY % entities SYSTEM "custom-entities.ent" > |
5 | %entities; | |
6 | ]> | |
d1ab0ca0 LP |
7 | |
8 | <!-- | |
9 | This file is part of systemd. | |
10 | ||
11 | Copyright 2010 Lennart Poettering | |
12 | ||
13 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
14 | under the terms of the GNU Lesser General Public License as published by |
15 | the Free Software Foundation; either version 2.1 of the License, or | |
d1ab0ca0 LP |
16 | (at your option) any later version. |
17 | ||
18 | systemd is distributed in the hope that it will be useful, but | |
19 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 21 | Lesser General Public License for more details. |
d1ab0ca0 | 22 | |
5430f7f2 | 23 | You should have received a copy of the GNU Lesser General Public License |
d1ab0ca0 LP |
24 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
25 | --> | |
26 | ||
27 | <refentry id="systemd.unit"> | |
28 | ||
798d3a52 ZJS |
29 | <refentryinfo> |
30 | <title>systemd.unit</title> | |
31 | <productname>systemd</productname> | |
32 | ||
33 | <authorgroup> | |
34 | <author> | |
35 | <contrib>Developer</contrib> | |
36 | <firstname>Lennart</firstname> | |
37 | <surname>Poettering</surname> | |
38 | <email>lennart@poettering.net</email> | |
39 | </author> | |
40 | </authorgroup> | |
41 | </refentryinfo> | |
42 | ||
43 | <refmeta> | |
44 | <refentrytitle>systemd.unit</refentrytitle> | |
45 | <manvolnum>5</manvolnum> | |
46 | </refmeta> | |
47 | ||
48 | <refnamediv> | |
49 | <refname>systemd.unit</refname> | |
50 | <refpurpose>Unit configuration</refpurpose> | |
51 | </refnamediv> | |
52 | ||
53 | <refsynopsisdiv> | |
54 | <para><filename><replaceable>service</replaceable>.service</filename>, | |
55 | <filename><replaceable>socket</replaceable>.socket</filename>, | |
56 | <filename><replaceable>device</replaceable>.device</filename>, | |
57 | <filename><replaceable>mount</replaceable>.mount</filename>, | |
58 | <filename><replaceable>automount</replaceable>.automount</filename>, | |
59 | <filename><replaceable>swap</replaceable>.swap</filename>, | |
60 | <filename><replaceable>target</replaceable>.target</filename>, | |
61 | <filename><replaceable>path</replaceable>.path</filename>, | |
62 | <filename><replaceable>timer</replaceable>.timer</filename>, | |
798d3a52 ZJS |
63 | <filename><replaceable>slice</replaceable>.slice</filename>, |
64 | <filename><replaceable>scope</replaceable>.scope</filename></para> | |
65 | ||
12b42c76 | 66 | <para><literallayout><filename>/etc/systemd/system/*</filename> |
13219b7f | 67 | <filename>/run/systemd/system/*</filename> |
12b42c76 | 68 | <filename>/usr/lib/systemd/system/*</filename> |
f6e1bd2c | 69 | <filename>…</filename> |
798d3a52 | 70 | </literallayout></para> |
13219b7f | 71 | |
f6e1bd2c | 72 | <para><literallayout><filename>~/.config/systemd/user/*</filename> |
12b42c76 | 73 | <filename>/etc/systemd/user/*</filename> |
aa08982d | 74 | <filename>$XDG_RUNTIME_DIR/systemd/user/*</filename> |
13219b7f | 75 | <filename>/run/systemd/user/*</filename> |
f6e1bd2c | 76 | <filename>~/.local/share/systemd/user/*</filename> |
12b42c76 | 77 | <filename>/usr/lib/systemd/user/*</filename> |
f6e1bd2c | 78 | <filename>…</filename> |
798d3a52 ZJS |
79 | </literallayout></para> |
80 | </refsynopsisdiv> | |
81 | ||
82 | <refsect1> | |
83 | <title>Description</title> | |
84 | ||
85 | <para>A unit configuration file encodes information about a | |
86 | service, a socket, a device, a mount point, an automount point, a | |
87 | swap file or partition, a start-up target, a watched file system | |
88 | path, a timer controlled and supervised by | |
89 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
36b4a7ba | 90 | a resource management slice or |
798d3a52 ZJS |
91 | a group of externally created processes. The syntax is inspired by |
92 | <ulink | |
93 | url="http://standards.freedesktop.org/desktop-entry-spec/latest/">XDG | |
94 | Desktop Entry Specification</ulink> <filename>.desktop</filename> | |
95 | files, which are in turn inspired by Microsoft Windows | |
96 | <filename>.ini</filename> files.</para> | |
97 | ||
98 | <para>This man page lists the common configuration options of all | |
99 | the unit types. These options need to be configured in the [Unit] | |
100 | or [Install] sections of the unit files.</para> | |
101 | ||
102 | <para>In addition to the generic [Unit] and [Install] sections | |
103 | described here, each unit may have a type-specific section, e.g. | |
104 | [Service] for a service unit. See the respective man pages for | |
105 | more information: | |
106 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
107 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
108 | <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
109 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
110 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
111 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
112 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
113 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
114 | <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
36b4a7ba | 115 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
798d3a52 ZJS |
116 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>. |
117 | </para> | |
118 | ||
119 | <para>Various settings are allowed to be specified more than once, | |
120 | in which case the interpretation depends on the setting. Often, | |
121 | multiple settings form a list, and setting to an empty value | |
122 | "resets", which means that previous assignments are ignored. When | |
123 | this is allowed, it is mentioned in the description of the | |
124 | setting. Note that using multiple assignments to the same value | |
125 | makes the unit file incompatible with parsers for the XDG | |
126 | <filename>.desktop</filename> file format.</para> | |
127 | ||
128 | <para>Unit files are loaded from a set of paths determined during | |
129 | compilation, described in the next section.</para> | |
130 | ||
131 | <para>Unit files may contain additional options on top of those | |
132 | listed here. If systemd encounters an unknown option, it will | |
133 | write a warning log message but continue loading the unit. If an | |
134 | option or section name is prefixed with <option>X-</option>, it is | |
135 | ignored completely by systemd. Options within an ignored section | |
136 | do not need the prefix. Applications may use this to include | |
137 | additional information in the unit files.</para> | |
138 | ||
139 | <para>Boolean arguments used in unit files can be written in | |
140 | various formats. For positive settings the strings | |
141 | <option>1</option>, <option>yes</option>, <option>true</option> | |
142 | and <option>on</option> are equivalent. For negative settings, the | |
143 | strings <option>0</option>, <option>no</option>, | |
144 | <option>false</option> and <option>off</option> are | |
145 | equivalent.</para> | |
146 | ||
bac150e9 ZJS |
147 | <para>Time span values encoded in unit files can be written in various formats. A stand-alone |
148 | number specifies a time in seconds. If suffixed with a time unit, the unit is honored. A | |
149 | concatenation of multiple values with units is supported, in which case the values are added | |
150 | up. Example: <literal>50</literal> refers to 50 seconds; <literal>2min 200ms</literal> refers to | |
151 | 2 minutes and 200 milliseconds, i.e. 120200 ms. The following time units are understood: | |
152 | <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, <literal>d</literal>, | |
d923e42e | 153 | <literal>w</literal>, <literal>ms</literal>, <literal>us</literal>. For details see |
798d3a52 ZJS |
154 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> |
155 | ||
bac150e9 ZJS |
156 | <para>Empty lines and lines starting with <literal>#</literal> or <literal>;</literal> are |
157 | ignored. This may be used for commenting. Lines ending in a backslash are concatenated with the | |
158 | following line while reading and the backslash is replaced by a space character. This may be | |
159 | used to wrap long lines.</para> | |
160 | ||
161 | <para>Units can be aliased (have an alternative name), by creating a symlink from the new name | |
162 | to the existing name in one of the unit search paths. For example, | |
163 | <filename>systemd-networkd.service</filename> has the alias | |
164 | <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the | |
165 | symlink <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In | |
166 | addition, unit files may specify aliases through the <varname>Alias=</varname> directive in the | |
167 | [Install] section; those aliases are only effective when the unit is enabled. When the unit is | |
168 | enabled, symlinks will be created for those names, and removed when the unit is disabled. For | |
169 | example, <filename>reboot.target</filename> specifies | |
170 | <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever | |
171 | CTRL+ALT+DEL is pressed. Alias names may be used in commands like <command>enable</command>, | |
172 | <command>disable</command>, <command>start</command>, <command>stop</command>, | |
173 | <command>status</command>, …, and in unit dependency directives <varname>Wants=</varname>, | |
174 | <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …, with the | |
175 | limitation that aliases specified through <varname>Alias=</varname> are only effective when the | |
176 | unit is enabled. Aliases cannot be used with the <command>preset</command> command.</para> | |
177 | ||
178 | <para>Along with a unit file <filename>foo.service</filename>, the directory | |
179 | <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a | |
180 | directory are implicitly added as dependencies of type <varname>Wants=</varname> to the unit. | |
181 | This is useful to hook units into the start-up of other units, without having to modify their | |
182 | unit files. For details about the semantics of <varname>Wants=</varname>, see below. The | |
183 | preferred way to create symlinks in the <filename>.wants/</filename> directory of a unit file is | |
184 | with the <command>enable</command> command of the | |
798d3a52 | 185 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
bac150e9 ZJS |
186 | tool which reads information from the [Install] section of unit files (see below). A similar |
187 | functionality exists for <varname>Requires=</varname> type dependencies as well, the directory | |
188 | suffix is <filename>.requires/</filename> in this case.</para> | |
798d3a52 | 189 | |
be73bb48 | 190 | <para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory |
bac150e9 ZJS |
191 | <filename>foo.service.d/</filename> may exist. All files with the suffix |
192 | <literal>.conf</literal> from this directory will be parsed after the file itself is | |
193 | parsed. This is useful to alter or add configuration settings for a unit, without having to | |
194 | modify unit files. Each drop-in file must have appropriate section headers. Note that for | |
195 | instantiated units, this logic will first look for the instance <literal>.d/</literal> | |
196 | subdirectory and read its <literal>.conf</literal> files, followed by the template | |
197 | <literal>.d/</literal> subdirectory and the <literal>.conf</literal> files there. Also note that | |
2dd67817 | 198 | settings from the <literal>[Install]</literal> section are not honored in drop-in unit files, |
bac150e9 ZJS |
199 | and have no effect.</para> |
200 | ||
201 | <para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d</literal> | |
202 | directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or | |
203 | <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename> | |
204 | take precedence over those in <filename>/run</filename> which in turn take precedence over those | |
205 | in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence | |
8331eaab LW |
206 | over unit files wherever located. Multiple drop-in files with different names are applied in |
207 | lexicographic order, regardless of which of the directories they reside in.</para> | |
bac150e9 ZJS |
208 | |
209 | <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want | |
210 | people to use .d/ drop-ins instead. --> | |
798d3a52 | 211 | |
798d3a52 ZJS |
212 | <para>Some unit names reflect paths existing in the file system |
213 | namespace. Example: a device unit | |
214 | <filename>dev-sda.device</filename> refers to a device with the | |
215 | device node <filename noindex='true'>/dev/sda</filename> in the | |
216 | file system namespace. If this applies, a special way to escape | |
217 | the path name is used, so that the result is usable as part of a | |
b938cb90 | 218 | filename. Basically, given a path, "/" is replaced by "-", and all |
798d3a52 ZJS |
219 | other characters which are not ASCII alphanumerics are replaced by |
220 | C-style "\x2d" escapes (except that "_" is never replaced and "." | |
221 | is only replaced when it would be the first character in the | |
222 | escaped path). The root directory "/" is encoded as single dash, | |
223 | while otherwise the initial and ending "/" are removed from all | |
224 | paths during transformation. This escaping is reversible. Properly | |
225 | escaped paths can be generated using the | |
226 | <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
227 | command.</para> | |
228 | ||
229 | <para>Optionally, units may be instantiated from a | |
230 | template file at runtime. This allows creation of | |
231 | multiple units from a single configuration file. If | |
232 | systemd looks for a unit configuration file, it will | |
233 | first search for the literal unit name in the | |
234 | file system. If that yields no success and the unit | |
235 | name contains an <literal>@</literal> character, systemd will look for a | |
236 | unit template that shares the same name but with the | |
237 | instance string (i.e. the part between the <literal>@</literal> character | |
238 | and the suffix) removed. Example: if a service | |
239 | <filename>getty@tty3.service</filename> is requested | |
240 | and no file by that name is found, systemd will look | |
241 | for <filename>getty@.service</filename> and | |
242 | instantiate a service from that configuration file if | |
243 | it is found.</para> | |
244 | ||
245 | <para>To refer to the instance string from within the | |
246 | configuration file you may use the special <literal>%i</literal> | |
247 | specifier in many of the configuration options. See below for | |
248 | details.</para> | |
249 | ||
250 | <para>If a unit file is empty (i.e. has the file size 0) or is | |
251 | symlinked to <filename>/dev/null</filename>, its configuration | |
252 | will not be loaded and it appears with a load state of | |
253 | <literal>masked</literal>, and cannot be activated. Use this as an | |
254 | effective way to fully disable a unit, making it impossible to | |
255 | start it even manually.</para> | |
256 | ||
257 | <para>The unit file format is covered by the | |
258 | <ulink | |
259 | url="http://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise">Interface | |
260 | Stability Promise</ulink>.</para> | |
261 | ||
262 | </refsect1> | |
263 | ||
c129bd5d LP |
264 | <refsect1> |
265 | <title>Automatic Dependencies</title> | |
266 | ||
267 | <para>Note that while systemd offers a flexible dependency system | |
268 | between units it is recommended to use this functionality only | |
269 | sparingly and instead rely on techniques such as bus-based or | |
270 | socket-based activation which make dependencies implicit, | |
271 | resulting in a both simpler and more flexible system.</para> | |
272 | ||
273 | <para>A number of unit dependencies are automatically established, | |
274 | depending on unit configuration. On top of that, for units with | |
275 | <varname>DefaultDependencies=yes</varname> (the default) a couple | |
276 | of additional dependencies are added. The precise effect of | |
277 | <varname>DefaultDependencies=yes</varname> depends on the unit | |
278 | type (see below).</para> | |
279 | ||
280 | <para>If <varname>DefaultDependencies=yes</varname> is set, units | |
281 | that are referenced by other units of type | |
282 | <filename>.target</filename> via a <varname>Wants=</varname> or | |
283 | <varname>Requires=</varname> dependency might automatically gain | |
284 | an <varname>Before=</varname> dependency too. See | |
285 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
286 | for details.</para> | |
287 | </refsect1> | |
288 | ||
798d3a52 | 289 | <refsect1> |
f757855e | 290 | <title>Unit File Load Path</title> |
798d3a52 ZJS |
291 | |
292 | <para>Unit files are loaded from a set of paths determined during | |
293 | compilation, described in the two tables below. Unit files found | |
294 | in directories listed earlier override files with the same name in | |
295 | directories lower in the list.</para> | |
296 | ||
aa3e4400 EV |
297 | <para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set, |
298 | the contents of this variable overrides the unit load path. If | |
798d3a52 ZJS |
299 | <varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component |
300 | (<literal>:</literal>), the usual unit load path will be appended | |
301 | to the contents of the variable.</para> | |
302 | ||
303 | <table> | |
304 | <title> | |
305 | Load path when running in system mode (<option>--system</option>). | |
306 | </title> | |
307 | ||
308 | <tgroup cols='2'> | |
309 | <colspec colname='path' /> | |
310 | <colspec colname='expl' /> | |
311 | <thead> | |
312 | <row> | |
313 | <entry>Path</entry> | |
314 | <entry>Description</entry> | |
315 | </row> | |
316 | </thead> | |
317 | <tbody> | |
318 | <row> | |
12b42c76 | 319 | <entry><filename>/etc/systemd/system</filename></entry> |
798d3a52 ZJS |
320 | <entry>Local configuration</entry> |
321 | </row> | |
322 | <row> | |
323 | <entry><filename>/run/systemd/system</filename></entry> | |
324 | <entry>Runtime units</entry> | |
325 | </row> | |
326 | <row> | |
12b42c76 | 327 | <entry><filename>/usr/lib/systemd/system</filename></entry> |
798d3a52 ZJS |
328 | <entry>Units of installed packages</entry> |
329 | </row> | |
330 | </tbody> | |
331 | </tgroup> | |
332 | </table> | |
333 | ||
334 | <table> | |
335 | <title> | |
336 | Load path when running in user mode (<option>--user</option>). | |
337 | </title> | |
338 | ||
339 | <tgroup cols='2'> | |
340 | <colspec colname='path' /> | |
341 | <colspec colname='expl' /> | |
342 | <thead> | |
343 | <row> | |
344 | <entry>Path</entry> | |
345 | <entry>Description</entry> | |
346 | </row> | |
347 | </thead> | |
348 | <tbody> | |
349 | <row> | |
350 | <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename></entry> | |
351 | <entry>User configuration (only used when $XDG_CONFIG_HOME is set)</entry> | |
352 | </row> | |
353 | <row> | |
354 | <entry><filename>$HOME/.config/systemd/user</filename></entry> | |
355 | <entry>User configuration (only used when $XDG_CONFIG_HOME is not set)</entry> | |
356 | </row> | |
357 | <row> | |
12b42c76 | 358 | <entry><filename>/etc/systemd/user</filename></entry> |
798d3a52 ZJS |
359 | <entry>Local configuration</entry> |
360 | </row> | |
361 | <row> | |
362 | <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry> | |
363 | <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry> | |
364 | </row> | |
365 | <row> | |
366 | <entry><filename>/run/systemd/user</filename></entry> | |
367 | <entry>Runtime units</entry> | |
368 | </row> | |
369 | <row> | |
370 | <entry><filename>$XDG_DATA_HOME/systemd/user</filename></entry> | |
371 | <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is set)</entry> | |
372 | </row> | |
373 | <row> | |
374 | <entry><filename>$HOME/.local/share/systemd/user</filename></entry> | |
375 | <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is not set)</entry> | |
376 | </row> | |
377 | <row> | |
12b42c76 | 378 | <entry><filename>/usr/lib/systemd/user</filename></entry> |
798d3a52 ZJS |
379 | <entry>Units of packages that have been installed system-wide</entry> |
380 | </row> | |
381 | </tbody> | |
382 | </tgroup> | |
383 | </table> | |
384 | ||
385 | <para>Additional units might be loaded into systemd ("linked") | |
386 | from directories not on the unit load path. See the | |
387 | <command>link</command> command for | |
388 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
b1c1a519 ZC |
389 | Also, some units are dynamically created via a |
390 | <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>. | |
798d3a52 ZJS |
391 | </para> |
392 | </refsect1> | |
393 | ||
394 | <refsect1> | |
395 | <title>[Unit] Section Options</title> | |
396 | ||
a8eaaee7 | 397 | <para>The unit file may include a [Unit] section, which carries |
798d3a52 ZJS |
398 | generic information about the unit that is not dependent on the |
399 | type of unit:</para> | |
400 | ||
401 | <variablelist class='unit-directives'> | |
402 | ||
403 | <varlistentry> | |
404 | <term><varname>Description=</varname></term> | |
405 | <listitem><para>A free-form string describing the unit. This | |
406 | is intended for use in UIs to show descriptive information | |
407 | along with the unit name. The description should contain a | |
408 | name that means something to the end user. <literal>Apache2 | |
409 | Web Server</literal> is a good example. Bad examples are | |
410 | <literal>high-performance light-weight HTTP server</literal> | |
411 | (too generic) or <literal>Apache2</literal> (too specific and | |
412 | meaningless for people who do not know | |
413 | Apache).</para></listitem> | |
414 | </varlistentry> | |
415 | ||
416 | <varlistentry> | |
417 | <term><varname>Documentation=</varname></term> | |
418 | <listitem><para>A space-separated list of URIs referencing | |
419 | documentation for this unit or its configuration. Accepted are | |
420 | only URIs of the types <literal>http://</literal>, | |
421 | <literal>https://</literal>, <literal>file:</literal>, | |
422 | <literal>info:</literal>, <literal>man:</literal>. For more | |
423 | information about the syntax of these URIs, see <citerefentry | |
424 | project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>. | |
425 | The URIs should be listed in order of relevance, starting with | |
426 | the most relevant. It is a good idea to first reference | |
427 | documentation that explains what the unit's purpose is, | |
428 | followed by how it is configured, followed by any other | |
429 | related documentation. This option may be specified more than | |
430 | once, in which case the specified list of URIs is merged. If | |
431 | the empty string is assigned to this option, the list is reset | |
432 | and all prior assignments will have no | |
433 | effect.</para></listitem> | |
434 | </varlistentry> | |
435 | ||
436 | <varlistentry> | |
437 | <term><varname>Requires=</varname></term> | |
438 | ||
439 | <listitem><para>Configures requirement dependencies on other | |
440 | units. If this unit gets activated, the units listed here will | |
441 | be activated as well. If one of the other units gets | |
442 | deactivated or its activation fails, this unit will be | |
443 | deactivated. This option may be specified more than once or | |
444 | multiple space-separated units may be specified in one option | |
445 | in which case requirement dependencies for all listed names | |
446 | will be created. Note that requirement dependencies do not | |
447 | influence the order in which services are started or stopped. | |
448 | This has to be configured independently with the | |
449 | <varname>After=</varname> or <varname>Before=</varname> | |
450 | options. If a unit <filename>foo.service</filename> requires a | |
451 | unit <filename>bar.service</filename> as configured with | |
452 | <varname>Requires=</varname> and no ordering is configured | |
453 | with <varname>After=</varname> or <varname>Before=</varname>, | |
454 | then both units will be started simultaneously and without any | |
455 | delay between them if <filename>foo.service</filename> is | |
b938cb90 | 456 | activated. Often, it is a better choice to use |
798d3a52 ZJS |
457 | <varname>Wants=</varname> instead of |
458 | <varname>Requires=</varname> in order to achieve a system that | |
459 | is more robust when dealing with failing services.</para> | |
460 | ||
461 | <para>Note that dependencies of this type may also be | |
462 | configured outside of the unit configuration file by adding a | |
463 | symlink to a <filename>.requires/</filename> directory | |
b938cb90 | 464 | accompanying the unit file. For details, see |
798d3a52 ZJS |
465 | above.</para></listitem> |
466 | </varlistentry> | |
467 | ||
798d3a52 ZJS |
468 | <varlistentry> |
469 | <term><varname>Requisite=</varname></term> | |
798d3a52 | 470 | |
f32b43bd | 471 | <listitem><para>Similar to <varname>Requires=</varname>. |
798d3a52 ZJS |
472 | However, if the units listed here are not started already, |
473 | they will not be started and the transaction will fail | |
474 | immediately. </para></listitem> | |
475 | </varlistentry> | |
476 | ||
477 | <varlistentry> | |
478 | <term><varname>Wants=</varname></term> | |
479 | ||
480 | <listitem><para>A weaker version of | |
481 | <varname>Requires=</varname>. Units listed in this option will | |
482 | be started if the configuring unit is. However, if the listed | |
483 | units fail to start or cannot be added to the transaction, | |
484 | this has no impact on the validity of the transaction as a | |
485 | whole. This is the recommended way to hook start-up of one | |
486 | unit to the start-up of another unit.</para> | |
487 | ||
488 | <para>Note that dependencies of this type may also be | |
489 | configured outside of the unit configuration file by adding | |
490 | symlinks to a <filename>.wants/</filename> directory | |
491 | accompanying the unit file. For details, see | |
492 | above.</para></listitem> | |
493 | </varlistentry> | |
494 | ||
495 | <varlistentry> | |
496 | <term><varname>BindsTo=</varname></term> | |
497 | ||
498 | <listitem><para>Configures requirement dependencies, very | |
499 | similar in style to <varname>Requires=</varname>, however in | |
500 | addition to this behavior, it also declares that this unit is | |
501 | stopped when any of the units listed suddenly disappears. | |
502 | Units can suddenly, unexpectedly disappear if a service | |
503 | terminates on its own choice, a device is unplugged or a mount | |
504 | point unmounted without involvement of | |
505 | systemd.</para></listitem> | |
506 | </varlistentry> | |
507 | ||
508 | <varlistentry> | |
509 | <term><varname>PartOf=</varname></term> | |
510 | ||
511 | <listitem><para>Configures dependencies similar to | |
512 | <varname>Requires=</varname>, but limited to stopping and | |
513 | restarting of units. When systemd stops or restarts the units | |
514 | listed here, the action is propagated to this unit. Note that | |
515 | this is a one-way dependency — changes to this unit do not | |
516 | affect the listed units. </para></listitem> | |
517 | </varlistentry> | |
518 | ||
519 | <varlistentry> | |
520 | <term><varname>Conflicts=</varname></term> | |
521 | ||
522 | <listitem><para>A space-separated list of unit names. | |
523 | Configures negative requirement dependencies. If a unit has a | |
524 | <varname>Conflicts=</varname> setting on another unit, | |
525 | starting the former will stop the latter and vice versa. Note | |
526 | that this setting is independent of and orthogonal to the | |
527 | <varname>After=</varname> and <varname>Before=</varname> | |
528 | ordering dependencies.</para> | |
529 | ||
530 | <para>If a unit A that conflicts with a unit B is scheduled to | |
531 | be started at the same time as B, the transaction will either | |
532 | fail (in case both are required part of the transaction) or be | |
533 | modified to be fixed (in case one or both jobs are not a | |
534 | required part of the transaction). In the latter case, the job | |
535 | that is not the required will be removed, or in case both are | |
536 | not required, the unit that conflicts will be started and the | |
537 | unit that is conflicted is stopped.</para></listitem> | |
538 | </varlistentry> | |
539 | ||
540 | <varlistentry> | |
541 | <term><varname>Before=</varname></term> | |
542 | <term><varname>After=</varname></term> | |
543 | ||
544 | <listitem><para>A space-separated list of unit names. | |
545 | Configures ordering dependencies between units. If a unit | |
546 | <filename>foo.service</filename> contains a setting | |
547 | <option>Before=bar.service</option> and both units are being | |
548 | started, <filename>bar.service</filename>'s start-up is | |
549 | delayed until <filename>foo.service</filename> is started up. | |
550 | Note that this setting is independent of and orthogonal to the | |
551 | requirement dependencies as configured by | |
552 | <varname>Requires=</varname>. It is a common pattern to | |
553 | include a unit name in both the <varname>After=</varname> and | |
554 | <varname>Requires=</varname> option, in which case the unit | |
555 | listed will be started before the unit that is configured with | |
556 | these options. This option may be specified more than once, in | |
557 | which case ordering dependencies for all listed names are | |
558 | created. <varname>After=</varname> is the inverse of | |
559 | <varname>Before=</varname>, i.e. while | |
560 | <varname>After=</varname> ensures that the configured unit is | |
561 | started after the listed unit finished starting up, | |
562 | <varname>Before=</varname> ensures the opposite, i.e. that the | |
563 | configured unit is fully started up before the listed unit is | |
564 | started. Note that when two units with an ordering dependency | |
565 | between them are shut down, the inverse of the start-up order | |
566 | is applied. i.e. if a unit is configured with | |
567 | <varname>After=</varname> on another unit, the former is | |
21b0be6b IK |
568 | stopped before the latter if both are shut down. Given two units |
569 | with any ordering dependency between them, if one unit is shut | |
570 | down and the other is started up, the shutdown is ordered | |
571 | before the start-up. It doesn't matter if the ordering | |
572 | dependency is <varname>After=</varname> or | |
573 | <varname>Before=</varname>. It also doesn't matter which of the | |
574 | two is shut down, as long as one is shut down and the other is | |
575 | started up. The shutdown is ordered before the start-up in all | |
576 | cases. If two units have no ordering dependencies between them, | |
577 | they are shut down or started up simultaneously, and no ordering | |
578 | takes place. | |
798d3a52 ZJS |
579 | </para></listitem> |
580 | </varlistentry> | |
581 | ||
582 | <varlistentry> | |
583 | <term><varname>OnFailure=</varname></term> | |
584 | ||
585 | <listitem><para>A space-separated list of one or more units | |
586 | that are activated when this unit enters the | |
587 | <literal>failed</literal> state.</para></listitem> | |
588 | </varlistentry> | |
589 | ||
590 | <varlistentry> | |
591 | <term><varname>PropagatesReloadTo=</varname></term> | |
592 | <term><varname>ReloadPropagatedFrom=</varname></term> | |
593 | ||
594 | <listitem><para>A space-separated list of one or more units | |
595 | where reload requests on this unit will be propagated to, or | |
596 | reload requests on the other unit will be propagated to this | |
597 | unit, respectively. Issuing a reload request on a unit will | |
598 | automatically also enqueue a reload request on all units that | |
599 | the reload request shall be propagated to via these two | |
600 | settings.</para></listitem> | |
601 | </varlistentry> | |
602 | ||
603 | <varlistentry> | |
604 | <term><varname>JoinsNamespaceOf=</varname></term> | |
605 | ||
606 | <listitem><para>For units that start processes (such as | |
607 | service units), lists one or more other units whose network | |
608 | and/or temporary file namespace to join. This only applies to | |
609 | unit types which support the | |
610 | <varname>PrivateNetwork=</varname> and | |
611 | <varname>PrivateTmp=</varname> directives (see | |
612 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
613 | for details). If a unit that has this setting set is started, | |
614 | its processes will see the same <filename>/tmp</filename>, | |
80f524a4 | 615 | <filename>/var/tmp</filename> and network namespace as one |
798d3a52 ZJS |
616 | listed unit that is started. If multiple listed units are |
617 | already started, it is not defined which namespace is joined. | |
618 | Note that this setting only has an effect if | |
619 | <varname>PrivateNetwork=</varname> and/or | |
620 | <varname>PrivateTmp=</varname> is enabled for both the unit | |
621 | that joins the namespace and the unit whose namespace is | |
622 | joined.</para></listitem> | |
623 | </varlistentry> | |
624 | ||
625 | <varlistentry> | |
626 | <term><varname>RequiresMountsFor=</varname></term> | |
627 | ||
628 | <listitem><para>Takes a space-separated list of absolute | |
629 | paths. Automatically adds dependencies of type | |
630 | <varname>Requires=</varname> and <varname>After=</varname> for | |
631 | all mount units required to access the specified path.</para> | |
632 | ||
633 | <para>Mount points marked with <option>noauto</option> are not | |
88e328fd ZJS |
634 | mounted automatically through <filename>local-fs.target</filename>, |
635 | but are still honored for the purposes of this option, i.e. they | |
636 | will be pulled in by this unit.</para></listitem> | |
798d3a52 ZJS |
637 | </varlistentry> |
638 | ||
639 | <varlistentry> | |
640 | <term><varname>OnFailureJobMode=</varname></term> | |
641 | ||
642 | <listitem><para>Takes a value of | |
643 | <literal>fail</literal>, | |
644 | <literal>replace</literal>, | |
645 | <literal>replace-irreversibly</literal>, | |
646 | <literal>isolate</literal>, | |
647 | <literal>flush</literal>, | |
648 | <literal>ignore-dependencies</literal> or | |
649 | <literal>ignore-requirements</literal>. Defaults to | |
650 | <literal>replace</literal>. Specifies how the units listed in | |
651 | <varname>OnFailure=</varname> will be enqueued. See | |
652 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s | |
653 | <option>--job-mode=</option> option for details on the | |
654 | possible values. If this is set to <literal>isolate</literal>, | |
655 | only a single unit may be listed in | |
656 | <varname>OnFailure=</varname>..</para></listitem> | |
657 | </varlistentry> | |
658 | ||
659 | <varlistentry> | |
660 | <term><varname>IgnoreOnIsolate=</varname></term> | |
661 | ||
662 | <listitem><para>Takes a boolean argument. If | |
663 | <option>true</option>, this unit will not be stopped when | |
664 | isolating another unit. Defaults to | |
665 | <option>false</option>.</para></listitem> | |
666 | </varlistentry> | |
667 | ||
798d3a52 ZJS |
668 | <varlistentry> |
669 | <term><varname>StopWhenUnneeded=</varname></term> | |
670 | ||
671 | <listitem><para>Takes a boolean argument. If | |
672 | <option>true</option>, this unit will be stopped when it is no | |
b938cb90 | 673 | longer used. Note that, in order to minimize the work to be |
798d3a52 ZJS |
674 | executed, systemd will not stop units by default unless they |
675 | are conflicting with other units, or the user explicitly | |
676 | requested their shut down. If this option is set, a unit will | |
677 | be automatically cleaned up if no other active unit requires | |
678 | it. Defaults to <option>false</option>.</para></listitem> | |
679 | </varlistentry> | |
680 | ||
681 | <varlistentry> | |
682 | <term><varname>RefuseManualStart=</varname></term> | |
683 | <term><varname>RefuseManualStop=</varname></term> | |
684 | ||
685 | <listitem><para>Takes a boolean argument. If | |
686 | <option>true</option>, this unit can only be activated or | |
687 | deactivated indirectly. In this case, explicit start-up or | |
688 | termination requested by the user is denied, however if it is | |
689 | started or stopped as a dependency of another unit, start-up | |
690 | or termination will succeed. This is mostly a safety feature | |
691 | to ensure that the user does not accidentally activate units | |
692 | that are not intended to be activated explicitly, and not | |
693 | accidentally deactivate units that are not intended to be | |
694 | deactivated. These options default to | |
695 | <option>false</option>.</para></listitem> | |
696 | </varlistentry> | |
697 | ||
698 | <varlistentry> | |
699 | <term><varname>AllowIsolate=</varname></term> | |
700 | ||
701 | <listitem><para>Takes a boolean argument. If | |
702 | <option>true</option>, this unit may be used with the | |
703 | <command>systemctl isolate</command> command. Otherwise, this | |
704 | will be refused. It probably is a good idea to leave this | |
705 | disabled except for target units that shall be used similar to | |
706 | runlevels in SysV init systems, just as a precaution to avoid | |
707 | unusable system states. This option defaults to | |
708 | <option>false</option>.</para></listitem> | |
709 | </varlistentry> | |
710 | ||
711 | <varlistentry> | |
712 | <term><varname>DefaultDependencies=</varname></term> | |
713 | ||
714 | <listitem><para>Takes a boolean argument. If | |
715 | <option>true</option>, (the default), a few default | |
716 | dependencies will implicitly be created for the unit. The | |
717 | actual dependencies created depend on the unit type. For | |
718 | example, for service units, these dependencies ensure that the | |
719 | service is started only after basic system initialization is | |
720 | completed and is properly terminated on system shutdown. See | |
721 | the respective man pages for details. Generally, only services | |
722 | involved with early boot or late shutdown should set this | |
723 | option to <option>false</option>. It is highly recommended to | |
724 | leave this option enabled for the majority of common units. If | |
725 | set to <option>false</option>, this option does not disable | |
726 | all implicit dependencies, just non-essential | |
727 | ones.</para></listitem> | |
728 | </varlistentry> | |
729 | ||
730 | <varlistentry> | |
731 | <term><varname>JobTimeoutSec=</varname></term> | |
732 | <term><varname>JobTimeoutAction=</varname></term> | |
733 | <term><varname>JobTimeoutRebootArgument=</varname></term> | |
734 | ||
89beff89 LP |
735 | <listitem><para>When a job for this unit is queued, a time-out may be configured. If this time limit is |
736 | reached, the job will be cancelled, the unit however will not change state or even enter the | |
737 | <literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts disabled), | |
738 | except for device units. NB: this timeout is independent from any unit-specific timeout (for example, the | |
739 | timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has no effect on the | |
740 | unit itself, only on the job that might be pending for it. Or in other words: unit-specific timeouts are useful | |
741 | to abort unit state changes, and revert them. The job timeout set with this option however is useful to abort | |
742 | only the job waiting for the unit state to change.</para> | |
798d3a52 ZJS |
743 | |
744 | <para><varname>JobTimeoutAction=</varname> | |
745 | optionally configures an additional | |
746 | action to take when the time-out is | |
747 | hit. It takes the same values as the | |
748 | per-service | |
749 | <varname>StartLimitAction=</varname> | |
750 | setting, see | |
751 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
752 | for details. Defaults to | |
753 | <option>none</option>. <varname>JobTimeoutRebootArgument=</varname> | |
754 | configures an optional reboot string | |
755 | to pass to the | |
756 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
757 | system call.</para></listitem> | |
758 | </varlistentry> | |
759 | ||
6bf0f408 | 760 | <varlistentry> |
f0367da7 | 761 | <term><varname>StartLimitIntervalSec=</varname></term> |
6bf0f408 LP |
762 | <term><varname>StartLimitBurst=</varname></term> |
763 | ||
764 | <listitem><para>Configure unit start rate limiting. By default, units which are started more than 5 times | |
765 | within 10 seconds are not permitted to start any more times until the 10 second interval ends. With these two | |
f0367da7 LP |
766 | options, this rate limiting may be modified. Use <varname>StartLimitIntervalSec=</varname> to configure the |
767 | checking interval (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, | |
768 | set to 0 to disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many | |
6bf0f408 LP |
769 | starts per interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager |
770 | configuration file). These configuration options are particularly useful in conjunction with the service | |
771 | setting <varname>Restart=</varname> (see | |
772 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however, | |
773 | they apply to all kinds of starts (including manual), not just those triggered by the | |
774 | <varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and | |
775 | which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted | |
776 | manually at a later point, from which point on, the restart logic is again activated. Note that | |
777 | <command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed, | |
778 | which is useful if the administrator wants to manually start a unit and the start limit interferes with | |
7629ec46 | 779 | that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit |
07299350 LP |
780 | activations with failing conditions are not counted by this rate limiting. Slice, target, device and scope |
781 | units do not enforce this setting, as they are unit types whose activation may either never fail, or may | |
782 | succeed only a single time.</para></listitem> | |
6bf0f408 LP |
783 | </varlistentry> |
784 | ||
785 | <varlistentry> | |
786 | <term><varname>StartLimitAction=</varname></term> | |
787 | ||
788 | <listitem><para>Configure the action to take if the rate limit configured with | |
f0367da7 | 789 | <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of |
6bf0f408 LP |
790 | <option>none</option>, <option>reboot</option>, <option>reboot-force</option>, |
791 | <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or | |
792 | <option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no | |
793 | action besides that the start will not be permitted. <option>reboot</option> causes a reboot following the | |
794 | normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>). | |
795 | <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should | |
796 | cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and | |
797 | <option>reboot-immediate</option> causes immediate execution of the | |
798 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which | |
799 | might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>, | |
800 | <option>poweroff-immediate</option> have the effect of powering down the system with similar | |
801 | semantics. Defaults to <option>none</option>.</para></listitem> | |
802 | </varlistentry> | |
803 | ||
804 | <varlistentry> | |
805 | <term><varname>RebootArgument=</varname></term> | |
806 | <listitem><para>Configure the optional argument for the | |
807 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if | |
808 | <varname>StartLimitAction=</varname> or a service's <varname>FailureAction=</varname> is a reboot action. This | |
809 | works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem> | |
810 | </varlistentry> | |
811 | ||
798d3a52 ZJS |
812 | <varlistentry> |
813 | <term><varname>ConditionArchitecture=</varname></term> | |
814 | <term><varname>ConditionVirtualization=</varname></term> | |
815 | <term><varname>ConditionHost=</varname></term> | |
816 | <term><varname>ConditionKernelCommandLine=</varname></term> | |
817 | <term><varname>ConditionSecurity=</varname></term> | |
818 | <term><varname>ConditionCapability=</varname></term> | |
819 | <term><varname>ConditionACPower=</varname></term> | |
820 | <term><varname>ConditionNeedsUpdate=</varname></term> | |
821 | <term><varname>ConditionFirstBoot=</varname></term> | |
822 | <term><varname>ConditionPathExists=</varname></term> | |
823 | <term><varname>ConditionPathExistsGlob=</varname></term> | |
824 | <term><varname>ConditionPathIsDirectory=</varname></term> | |
825 | <term><varname>ConditionPathIsSymbolicLink=</varname></term> | |
826 | <term><varname>ConditionPathIsMountPoint=</varname></term> | |
827 | <term><varname>ConditionPathIsReadWrite=</varname></term> | |
828 | <term><varname>ConditionDirectoryNotEmpty=</varname></term> | |
829 | <term><varname>ConditionFileNotEmpty=</varname></term> | |
830 | <term><varname>ConditionFileIsExecutable=</varname></term> | |
831 | ||
7ca41557 | 832 | <!-- We do not document ConditionNull= |
b938cb90 | 833 | here, as it is not particularly |
798d3a52 ZJS |
834 | useful and probably just |
835 | confusing. --> | |
836 | ||
41448597 LP |
837 | <listitem><para>Before starting a unit, verify that the specified condition is true. If it is not true, the |
838 | starting of the unit will be (mostly silently) skipped, however all ordering dependencies of it are still | |
839 | respected. A failing condition will not result in the unit being moved into a failure state. The condition is | |
840 | checked at the time the queued start job is to be executed. Use condition expressions in order to silently skip | |
841 | units that do not apply to the local running system, for example because the kernel or runtime environment | |
842 | doesn't require its functionality. Use the various <varname>AssertArchitecture=</varname>, | |
843 | <varname>AssertVirtualization=</varname>, … options for a similar mechanism that puts the unit in a failure | |
844 | state and logs about the failed check (see below).</para> | |
798d3a52 ZJS |
845 | |
846 | <para><varname>ConditionArchitecture=</varname> may be used to | |
847 | check whether the system is running on a specific | |
848 | architecture. Takes one of | |
849 | <varname>x86</varname>, | |
850 | <varname>x86-64</varname>, | |
851 | <varname>ppc</varname>, | |
852 | <varname>ppc-le</varname>, | |
853 | <varname>ppc64</varname>, | |
854 | <varname>ppc64-le</varname>, | |
855 | <varname>ia64</varname>, | |
856 | <varname>parisc</varname>, | |
857 | <varname>parisc64</varname>, | |
858 | <varname>s390</varname>, | |
859 | <varname>s390x</varname>, | |
860 | <varname>sparc</varname>, | |
861 | <varname>sparc64</varname>, | |
862 | <varname>mips</varname>, | |
863 | <varname>mips-le</varname>, | |
864 | <varname>mips64</varname>, | |
865 | <varname>mips64-le</varname>, | |
866 | <varname>alpha</varname>, | |
867 | <varname>arm</varname>, | |
868 | <varname>arm-be</varname>, | |
869 | <varname>arm64</varname>, | |
870 | <varname>arm64-be</varname>, | |
871 | <varname>sh</varname>, | |
872 | <varname>sh64</varname>, | |
873 | <varname>m86k</varname>, | |
874 | <varname>tilegx</varname>, | |
875 | <varname>cris</varname> to test | |
876 | against a specific architecture. The architecture is | |
877 | determined from the information returned by | |
3ba3a79d | 878 | <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
798d3a52 ZJS |
879 | and is thus subject to |
880 | <citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>. | |
881 | Note that a <varname>Personality=</varname> setting in the | |
882 | same unit file has no effect on this condition. A special | |
883 | architecture name <varname>native</varname> is mapped to the | |
884 | architecture the system manager itself is compiled for. The | |
885 | test may be negated by prepending an exclamation mark.</para> | |
886 | ||
887 | <para><varname>ConditionVirtualization=</varname> may be used | |
888 | to check whether the system is executed in a virtualized | |
889 | environment and optionally test whether it is a specific | |
890 | implementation. Takes either boolean value to check if being | |
891 | executed in any virtualized environment, or one of | |
892 | <varname>vm</varname> and | |
893 | <varname>container</varname> to test against a generic type of | |
894 | virtualization solution, or one of | |
895 | <varname>qemu</varname>, | |
896 | <varname>kvm</varname>, | |
897 | <varname>zvm</varname>, | |
898 | <varname>vmware</varname>, | |
899 | <varname>microsoft</varname>, | |
900 | <varname>oracle</varname>, | |
901 | <varname>xen</varname>, | |
902 | <varname>bochs</varname>, | |
903 | <varname>uml</varname>, | |
904 | <varname>openvz</varname>, | |
905 | <varname>lxc</varname>, | |
906 | <varname>lxc-libvirt</varname>, | |
907 | <varname>systemd-nspawn</varname>, | |
9fb16425 ILG |
908 | <varname>docker</varname>, |
909 | <varname>rkt</varname> to test | |
299a34c1 ZJS |
910 | against a specific implementation, or |
911 | <varname>private-users</varname> to check whether we are running in a user namespace. See | |
798d3a52 ZJS |
912 | <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
913 | for a full list of known virtualization technologies and their | |
914 | identifiers. If multiple virtualization technologies are | |
915 | nested, only the innermost is considered. The test may be | |
916 | negated by prepending an exclamation mark.</para> | |
917 | ||
918 | <para><varname>ConditionHost=</varname> may be used to match | |
919 | against the hostname or machine ID of the host. This either | |
920 | takes a hostname string (optionally with shell style globs) | |
921 | which is tested against the locally set hostname as returned | |
922 | by | |
923 | <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>, | |
924 | or a machine ID formatted as string (see | |
925 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>). | |
926 | The test may be negated by prepending an exclamation | |
927 | mark.</para> | |
928 | ||
929 | <para><varname>ConditionKernelCommandLine=</varname> may be | |
930 | used to check whether a specific kernel command line option is | |
931 | set (or if prefixed with the exclamation mark unset). The | |
932 | argument must either be a single word, or an assignment (i.e. | |
933 | two words, separated <literal>=</literal>). In the former case | |
934 | the kernel command line is searched for the word appearing as | |
935 | is, or as left hand side of an assignment. In the latter case, | |
936 | the exact assignment is looked for with right and left hand | |
937 | side matching.</para> | |
938 | ||
939 | <para><varname>ConditionSecurity=</varname> may be used to | |
940 | check whether the given security module is enabled on the | |
b8e1d4d1 | 941 | system. Currently, the recognized values are |
798d3a52 ZJS |
942 | <varname>selinux</varname>, |
943 | <varname>apparmor</varname>, | |
944 | <varname>ima</varname>, | |
945 | <varname>smack</varname> and | |
946 | <varname>audit</varname>. The test may be negated by | |
947 | prepending an exclamation mark.</para> | |
948 | ||
949 | <para><varname>ConditionCapability=</varname> may be used to | |
950 | check whether the given capability exists in the capability | |
951 | bounding set of the service manager (i.e. this does not check | |
952 | whether capability is actually available in the permitted or | |
953 | effective sets, see | |
954 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
955 | for details). Pass a capability name such as | |
956 | <literal>CAP_MKNOD</literal>, possibly prefixed with an | |
957 | exclamation mark to negate the check.</para> | |
958 | ||
959 | <para><varname>ConditionACPower=</varname> may be used to | |
960 | check whether the system has AC power, or is exclusively | |
961 | battery powered at the time of activation of the unit. This | |
962 | takes a boolean argument. If set to <varname>true</varname>, | |
963 | the condition will hold only if at least one AC connector of | |
964 | the system is connected to a power source, or if no AC | |
965 | connectors are known. Conversely, if set to | |
966 | <varname>false</varname>, the condition will hold only if | |
967 | there is at least one AC connector known and all AC connectors | |
968 | are disconnected from a power source.</para> | |
969 | ||
970 | <para><varname>ConditionNeedsUpdate=</varname> takes one of | |
971 | <filename>/var</filename> or <filename>/etc</filename> as | |
972 | argument, possibly prefixed with a <literal>!</literal> (for | |
973 | inverting the condition). This condition may be used to | |
974 | conditionalize units on whether the specified directory | |
975 | requires an update because <filename>/usr</filename>'s | |
976 | modification time is newer than the stamp file | |
977 | <filename>.updated</filename> in the specified directory. This | |
978 | is useful to implement offline updates of the vendor operating | |
979 | system resources in <filename>/usr</filename> that require | |
980 | updating of <filename>/etc</filename> or | |
981 | <filename>/var</filename> on the next following boot. Units | |
982 | making use of this condition should order themselves before | |
983 | <citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
7f3fdb7f | 984 | to make sure they run before the stamp file's modification |
798d3a52 ZJS |
985 | time gets reset indicating a completed update.</para> |
986 | ||
987 | <para><varname>ConditionFirstBoot=</varname> takes a boolean | |
988 | argument. This condition may be used to conditionalize units | |
989 | on whether the system is booting up with an unpopulated | |
990 | <filename>/etc</filename> directory. This may be used to | |
991 | populate <filename>/etc</filename> on the first boot after | |
992 | factory reset, or when a new system instances boots up for the | |
993 | first time.</para> | |
994 | ||
995 | <para>With <varname>ConditionPathExists=</varname> a file | |
996 | existence condition is checked before a unit is started. If | |
997 | the specified absolute path name does not exist, the condition | |
998 | will fail. If the absolute path name passed to | |
999 | <varname>ConditionPathExists=</varname> is prefixed with an | |
1000 | exclamation mark (<literal>!</literal>), the test is negated, | |
1001 | and the unit is only started if the path does not | |
1002 | exist.</para> | |
1003 | ||
1004 | <para><varname>ConditionPathExistsGlob=</varname> is similar | |
1005 | to <varname>ConditionPathExists=</varname>, but checks for the | |
1006 | existence of at least one file or directory matching the | |
1007 | specified globbing pattern.</para> | |
1008 | ||
1009 | <para><varname>ConditionPathIsDirectory=</varname> is similar | |
1010 | to <varname>ConditionPathExists=</varname> but verifies | |
1011 | whether a certain path exists and is a directory.</para> | |
1012 | ||
1013 | <para><varname>ConditionPathIsSymbolicLink=</varname> is | |
1014 | similar to <varname>ConditionPathExists=</varname> but | |
1015 | verifies whether a certain path exists and is a symbolic | |
1016 | link.</para> | |
1017 | ||
1018 | <para><varname>ConditionPathIsMountPoint=</varname> is similar | |
1019 | to <varname>ConditionPathExists=</varname> but verifies | |
1020 | whether a certain path exists and is a mount point.</para> | |
1021 | ||
1022 | <para><varname>ConditionPathIsReadWrite=</varname> is similar | |
1023 | to <varname>ConditionPathExists=</varname> but verifies | |
1024 | whether the underlying file system is readable and writable | |
1025 | (i.e. not mounted read-only).</para> | |
1026 | ||
1027 | <para><varname>ConditionDirectoryNotEmpty=</varname> is | |
1028 | similar to <varname>ConditionPathExists=</varname> but | |
1029 | verifies whether a certain path exists and is a non-empty | |
1030 | directory.</para> | |
1031 | ||
1032 | <para><varname>ConditionFileNotEmpty=</varname> is similar to | |
1033 | <varname>ConditionPathExists=</varname> but verifies whether a | |
1034 | certain path exists and refers to a regular file with a | |
1035 | non-zero size.</para> | |
1036 | ||
1037 | <para><varname>ConditionFileIsExecutable=</varname> is similar | |
1038 | to <varname>ConditionPathExists=</varname> but verifies | |
1039 | whether a certain path exists, is a regular file and marked | |
1040 | executable.</para> | |
1041 | ||
1042 | <para>If multiple conditions are specified, the unit will be | |
1043 | executed if all of them apply (i.e. a logical AND is applied). | |
1044 | Condition checks can be prefixed with a pipe symbol (|) in | |
1045 | which case a condition becomes a triggering condition. If at | |
1046 | least one triggering condition is defined for a unit, then the | |
1047 | unit will be executed if at least one of the triggering | |
1048 | conditions apply and all of the non-triggering conditions. If | |
1049 | you prefix an argument with the pipe symbol and an exclamation | |
1050 | mark, the pipe symbol must be passed first, the exclamation | |
1051 | second. Except for | |
1052 | <varname>ConditionPathIsSymbolicLink=</varname>, all path | |
1053 | checks follow symlinks. If any of these options is assigned | |
1054 | the empty string, the list of conditions is reset completely, | |
1055 | all previous condition settings (of any kind) will have no | |
1056 | effect.</para></listitem> | |
1057 | </varlistentry> | |
1058 | ||
1059 | <varlistentry> | |
1060 | <term><varname>AssertArchitecture=</varname></term> | |
1061 | <term><varname>AssertVirtualization=</varname></term> | |
1062 | <term><varname>AssertHost=</varname></term> | |
1063 | <term><varname>AssertKernelCommandLine=</varname></term> | |
1064 | <term><varname>AssertSecurity=</varname></term> | |
1065 | <term><varname>AssertCapability=</varname></term> | |
1066 | <term><varname>AssertACPower=</varname></term> | |
1067 | <term><varname>AssertNeedsUpdate=</varname></term> | |
1068 | <term><varname>AssertFirstBoot=</varname></term> | |
1069 | <term><varname>AssertPathExists=</varname></term> | |
1070 | <term><varname>AssertPathExistsGlob=</varname></term> | |
1071 | <term><varname>AssertPathIsDirectory=</varname></term> | |
1072 | <term><varname>AssertPathIsSymbolicLink=</varname></term> | |
1073 | <term><varname>AssertPathIsMountPoint=</varname></term> | |
1074 | <term><varname>AssertPathIsReadWrite=</varname></term> | |
1075 | <term><varname>AssertDirectoryNotEmpty=</varname></term> | |
1076 | <term><varname>AssertFileNotEmpty=</varname></term> | |
1077 | <term><varname>AssertFileIsExecutable=</varname></term> | |
1078 | ||
41448597 LP |
1079 | <listitem><para>Similar to the <varname>ConditionArchitecture=</varname>, |
1080 | <varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add | |
1081 | assertion checks to the start-up of the unit. However, unlike the conditions settings, any assertion setting | |
da25e029 ZJS |
1082 | that is not met results in failure of the start job (which means this is logged loudly). Use assertion |
1083 | expressions for units that cannot operate when specific requirements are not met, and when this is something | |
1084 | the administrator or user should look into.</para></listitem> | |
798d3a52 ZJS |
1085 | </varlistentry> |
1086 | ||
1087 | <varlistentry> | |
1088 | <term><varname>SourcePath=</varname></term> | |
1089 | <listitem><para>A path to a configuration file this unit has | |
1090 | been generated from. This is primarily useful for | |
1091 | implementation of generator tools that convert configuration | |
1092 | from an external configuration file format into native unit | |
1093 | files. This functionality should not be used in normal | |
1094 | units.</para></listitem> | |
1095 | </varlistentry> | |
32ee7d33 | 1096 | |
798d3a52 ZJS |
1097 | </variablelist> |
1098 | ||
1099 | </refsect1> | |
1100 | ||
1101 | <refsect1> | |
1102 | <title>[Install] Section Options</title> | |
1103 | ||
be73bb48 LP |
1104 | <para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for |
1105 | the unit. This section is not interpreted by | |
1106 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is | |
1107 | used by the <command>enable</command> and <command>disable</command> commands of the | |
1108 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during | |
1109 | installation of a unit. Note that settings in the <literal>[Install]</literal> section may not appear in | |
1110 | <filename>.d/*.conf</filename> unit file drop-ins (see above).</para> | |
798d3a52 ZJS |
1111 | |
1112 | <variablelist class='unit-directives'> | |
1113 | <varlistentry> | |
1114 | <term><varname>Alias=</varname></term> | |
1115 | ||
f4bf8d2f LP |
1116 | <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed |
1117 | here must have the same suffix (i.e. type) as the unit file name. This option may be specified more than once, | |
1118 | in which case all listed names are used. At installation time, <command>systemctl enable</command> will create | |
1119 | symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this | |
1120 | setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support | |
1121 | aliasing.</para></listitem> | |
798d3a52 ZJS |
1122 | </varlistentry> |
1123 | ||
1124 | <varlistentry> | |
1125 | <term><varname>WantedBy=</varname></term> | |
1126 | <term><varname>RequiredBy=</varname></term> | |
1127 | ||
1128 | <listitem><para>This option may be used more than once, or a | |
1129 | space-separated list of unit names may be given. A symbolic | |
1130 | link is created in the <filename>.wants/</filename> or | |
1131 | <filename>.requires/</filename> directory of each of the | |
1132 | listed units when this unit is installed by <command>systemctl | |
1133 | enable</command>. This has the effect that a dependency of | |
1134 | type <varname>Wants=</varname> or <varname>Requires=</varname> | |
1135 | is added from the listed unit to the current unit. The primary | |
1136 | result is that the current unit will be started when the | |
1137 | listed unit is started. See the description of | |
1138 | <varname>Wants=</varname> and <varname>Requires=</varname> in | |
1139 | the [Unit] section for details.</para> | |
1140 | ||
1141 | <para><command>WantedBy=foo.service</command> in a service | |
1142 | <filename>bar.service</filename> is mostly equivalent to | |
1143 | <command>Alias=foo.service.wants/bar.service</command> in the | |
1144 | same file. In case of template units, <command>systemctl | |
1145 | enable</command> must be called with an instance name, and | |
1146 | this instance will be added to the | |
1147 | <filename>.wants/</filename> or | |
1148 | <filename>.requires/</filename> list of the listed unit. E.g. | |
1149 | <command>WantedBy=getty.target</command> in a service | |
1150 | <filename>getty@.service</filename> will result in | |
1151 | <command>systemctl enable getty@tty2.service</command> | |
1152 | creating a | |
1153 | <filename>getty.target.wants/getty@tty2.service</filename> | |
1154 | link to <filename>getty@.service</filename>. | |
1155 | </para></listitem> | |
1156 | </varlistentry> | |
1157 | ||
1158 | <varlistentry> | |
1159 | <term><varname>Also=</varname></term> | |
1160 | ||
1161 | <listitem><para>Additional units to install/deinstall when | |
1162 | this unit is installed/deinstalled. If the user requests | |
1163 | installation/deinstallation of a unit with this option | |
1164 | configured, <command>systemctl enable</command> and | |
1165 | <command>systemctl disable</command> will automatically | |
1166 | install/uninstall units listed in this option as well.</para> | |
1167 | ||
1168 | <para>This option may be used more than once, or a | |
1169 | space-separated list of unit names may be | |
1170 | given.</para></listitem> | |
1171 | </varlistentry> | |
1172 | ||
1173 | <varlistentry> | |
1174 | <term><varname>DefaultInstance=</varname></term> | |
1175 | ||
1176 | <listitem><para>In template unit files, this specifies for | |
1177 | which instance the unit shall be enabled if the template is | |
1178 | enabled without any explicitly set instance. This option has | |
1179 | no effect in non-template unit files. The specified string | |
1180 | must be usable as instance identifier.</para></listitem> | |
1181 | </varlistentry> | |
1182 | </variablelist> | |
1183 | ||
1184 | <para>The following specifiers are interpreted in the Install | |
1185 | section: %n, %N, %p, %i, %U, %u, %m, %H, %b, %v. For their meaning | |
1186 | see the next section. | |
1187 | </para> | |
1188 | </refsect1> | |
1189 | ||
1190 | <refsect1> | |
1191 | <title>Specifiers</title> | |
1192 | ||
1193 | <para>Many settings resolve specifiers which may be used to write | |
1194 | generic unit files referring to runtime or unit parameters that | |
1195 | are replaced when the unit files are loaded. The following | |
1196 | specifiers are understood:</para> | |
1197 | ||
1198 | <table> | |
1199 | <title>Specifiers available in unit files</title> | |
1200 | <tgroup cols='3' align='left' colsep='1' rowsep='1'> | |
1201 | <colspec colname="spec" /> | |
1202 | <colspec colname="mean" /> | |
1203 | <colspec colname="detail" /> | |
1204 | <thead> | |
1205 | <row> | |
1206 | <entry>Specifier</entry> | |
1207 | <entry>Meaning</entry> | |
1208 | <entry>Details</entry> | |
1209 | </row> | |
1210 | </thead> | |
1211 | <tbody> | |
1212 | <row> | |
1213 | <entry><literal>%n</literal></entry> | |
1214 | <entry>Full unit name</entry> | |
1215 | <entry></entry> | |
1216 | </row> | |
1217 | <row> | |
1218 | <entry><literal>%N</literal></entry> | |
1219 | <entry>Unescaped full unit name</entry> | |
1220 | <entry>Same as <literal>%n</literal>, but with escaping undone</entry> | |
1221 | </row> | |
1222 | <row> | |
1223 | <entry><literal>%p</literal></entry> | |
1224 | <entry>Prefix name</entry> | |
1225 | <entry>For instantiated units, this refers to the string before the <literal>@</literal> character of the unit name. For non-instantiated units, this refers to the name of the unit with the type suffix removed.</entry> | |
1226 | </row> | |
1227 | <row> | |
1228 | <entry><literal>%P</literal></entry> | |
1229 | <entry>Unescaped prefix name</entry> | |
1230 | <entry>Same as <literal>%p</literal>, but with escaping undone</entry> | |
1231 | </row> | |
1232 | <row> | |
1233 | <entry><literal>%i</literal></entry> | |
1234 | <entry>Instance name</entry> | |
1235 | <entry>For instantiated units: this is the string between the <literal>@</literal> character and the suffix of the unit name.</entry> | |
1236 | </row> | |
1237 | <row> | |
1238 | <entry><literal>%I</literal></entry> | |
1239 | <entry>Unescaped instance name</entry> | |
1240 | <entry>Same as <literal>%i</literal>, but with escaping undone</entry> | |
1241 | </row> | |
1242 | <row> | |
1243 | <entry><literal>%f</literal></entry> | |
1244 | <entry>Unescaped filename</entry> | |
d1562103 | 1245 | <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>.</entry> |
798d3a52 ZJS |
1246 | </row> |
1247 | <row> | |
798d3a52 ZJS |
1248 | <entry><literal>%t</literal></entry> |
1249 | <entry>Runtime directory</entry> | |
1250 | <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry> | |
1251 | </row> | |
1252 | <row> | |
1253 | <entry><literal>%u</literal></entry> | |
1254 | <entry>User name</entry> | |
79413b67 | 1255 | <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> |
798d3a52 ZJS |
1256 | </row> |
1257 | <row> | |
1258 | <entry><literal>%U</literal></entry> | |
1259 | <entry>User UID</entry> | |
79413b67 | 1260 | <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> |
798d3a52 ZJS |
1261 | </row> |
1262 | <row> | |
1263 | <entry><literal>%h</literal></entry> | |
1264 | <entry>User home directory</entry> | |
79413b67 | 1265 | <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry> |
798d3a52 ZJS |
1266 | </row> |
1267 | <row> | |
1268 | <entry><literal>%s</literal></entry> | |
1269 | <entry>User shell</entry> | |
79413b67 | 1270 | <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry> |
798d3a52 ZJS |
1271 | </row> |
1272 | <row> | |
1273 | <entry><literal>%m</literal></entry> | |
1274 | <entry>Machine ID</entry> | |
1275 | <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry> | |
1276 | </row> | |
1277 | <row> | |
1278 | <entry><literal>%b</literal></entry> | |
1279 | <entry>Boot ID</entry> | |
1280 | <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry> | |
1281 | </row> | |
1282 | <row> | |
1283 | <entry><literal>%H</literal></entry> | |
1284 | <entry>Host name</entry> | |
e5f270f5 | 1285 | <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry> |
798d3a52 ZJS |
1286 | </row> |
1287 | <row> | |
1288 | <entry><literal>%v</literal></entry> | |
1289 | <entry>Kernel release</entry> | |
1290 | <entry>Identical to <command>uname -r</command> output</entry> | |
1291 | </row> | |
1292 | <row> | |
1293 | <entry><literal>%%</literal></entry> | |
1294 | <entry>Single percent sign</entry> | |
1295 | <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry> | |
1296 | </row> | |
1297 | </tbody> | |
1298 | </tgroup> | |
1299 | </table> | |
1300 | ||
798d3a52 ZJS |
1301 | </refsect1> |
1302 | ||
1303 | <refsect1> | |
1304 | <title>Examples</title> | |
1305 | ||
1306 | <example> | |
1307 | <title>Allowing units to be enabled</title> | |
1308 | ||
1309 | <para>The following snippet (highlighted) allows a unit (e.g. | |
1310 | <filename>foo.service</filename>) to be enabled via | |
1311 | <command>systemctl enable</command>:</para> | |
1312 | ||
1313 | <programlisting>[Unit] | |
92b1e225 CS |
1314 | Description=Foo |
1315 | ||
1316 | [Service] | |
1317 | ExecStart=/usr/sbin/foo-daemon | |
1318 | ||
1319 | <emphasis>[Install]</emphasis> | |
1320 | <emphasis>WantedBy=multi-user.target</emphasis></programlisting> | |
1321 | ||
798d3a52 ZJS |
1322 | <para>After running <command>systemctl enable</command>, a |
1323 | symlink | |
12b42c76 | 1324 | <filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename> |
798d3a52 ZJS |
1325 | linking to the actual unit will be created. It tells systemd to |
1326 | pull in the unit when starting | |
1327 | <filename>multi-user.target</filename>. The inverse | |
1328 | <command>systemctl disable</command> will remove that symlink | |
1329 | again.</para> | |
1330 | </example> | |
1331 | ||
1332 | <example> | |
1333 | <title>Overriding vendor settings</title> | |
1334 | ||
1335 | <para>There are two methods of overriding vendor settings in | |
1336 | unit files: copying the unit file from | |
12b42c76 TG |
1337 | <filename>/usr/lib/systemd/system</filename> to |
1338 | <filename>/etc/systemd/system</filename> and modifying the | |
798d3a52 ZJS |
1339 | chosen settings. Alternatively, one can create a directory named |
1340 | <filename><replaceable>unit</replaceable>.d/</filename> within | |
12b42c76 | 1341 | <filename>/etc/systemd/system</filename> and place a drop-in |
798d3a52 ZJS |
1342 | file <filename><replaceable>name</replaceable>.conf</filename> |
1343 | there that only changes the specific settings one is interested | |
1344 | in. Note that multiple such drop-in files are read if | |
8331eaab | 1345 | present, processed in lexicographic order of their filename.</para> |
798d3a52 ZJS |
1346 | |
1347 | <para>The advantage of the first method is that one easily | |
1348 | overrides the complete unit, the vendor unit is not parsed at | |
1349 | all anymore. It has the disadvantage that improvements to the | |
1350 | unit file by the vendor are not automatically incorporated on | |
1351 | updates.</para> | |
1352 | ||
1353 | <para>The advantage of the second method is that one only | |
1354 | overrides the settings one specifically wants, where updates to | |
1355 | the unit by the vendor automatically apply. This has the | |
1356 | disadvantage that some future updates by the vendor might be | |
1357 | incompatible with the local changes.</para> | |
1358 | ||
1359 | <para>Note that for drop-in files, if one wants to remove | |
1360 | entries from a setting that is parsed as a list (and is not a | |
1361 | dependency), such as <varname>ConditionPathExists=</varname> (or | |
1362 | e.g. <varname>ExecStart=</varname> in service units), one needs | |
1363 | to first clear the list before re-adding all entries except the | |
1364 | one that is to be removed. See below for an example.</para> | |
1365 | ||
1366 | <para>This also applies for user instances of systemd, but with | |
1367 | different locations for the unit files. See the section on unit | |
1368 | load paths for further details.</para> | |
1369 | ||
1370 | <para>Suppose there is a vendor-supplied unit | |
12b42c76 | 1371 | <filename>/usr/lib/systemd/system/httpd.service</filename> with |
798d3a52 ZJS |
1372 | the following contents:</para> |
1373 | ||
1374 | <programlisting>[Unit] | |
92b1e225 CS |
1375 | Description=Some HTTP server |
1376 | After=remote-fs.target sqldb.service | |
1377 | Requires=sqldb.service | |
1378 | AssertPathExists=/srv/webserver | |
1379 | ||
1380 | [Service] | |
1381 | Type=notify | |
1382 | ExecStart=/usr/sbin/some-fancy-httpd-server | |
1383 | Nice=5 | |
1384 | ||
1385 | [Install] | |
1386 | WantedBy=multi-user.target</programlisting> | |
1387 | ||
798d3a52 ZJS |
1388 | <para>Now one wants to change some settings as an administrator: |
1389 | firstly, in the local setup, <filename>/srv/webserver</filename> | |
e2acdb6b | 1390 | might not exist, because the HTTP server is configured to use |
798d3a52 ZJS |
1391 | <filename>/srv/www</filename> instead. Secondly, the local |
1392 | configuration makes the HTTP server also depend on a memory | |
1393 | cache service, <filename>memcached.service</filename>, that | |
1394 | should be pulled in (<varname>Requires=</varname>) and also be | |
1395 | ordered appropriately (<varname>After=</varname>). Thirdly, in | |
1396 | order to harden the service a bit more, the administrator would | |
1397 | like to set the <varname>PrivateTmp=</varname> setting (see | |
1398 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
1399 | for details). And lastly, the administrator would like to reset | |
1400 | the niceness of the service to its default value of 0.</para> | |
1401 | ||
1402 | <para>The first possibility is to copy the unit file to | |
12b42c76 | 1403 | <filename>/etc/systemd/system/httpd.service</filename> and |
798d3a52 ZJS |
1404 | change the chosen settings:</para> |
1405 | ||
1406 | <programlisting>[Unit] | |
92b1e225 CS |
1407 | Description=Some HTTP server |
1408 | After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis> | |
1409 | Requires=sqldb.service <emphasis>memcached.service</emphasis> | |
1410 | AssertPathExists=<emphasis>/srv/www</emphasis> | |
1411 | ||
1412 | [Service] | |
1413 | Type=notify | |
1414 | ExecStart=/usr/sbin/some-fancy-httpd-server | |
1415 | <emphasis>Nice=0</emphasis> | |
1416 | <emphasis>PrivateTmp=yes</emphasis> | |
1417 | ||
1418 | [Install] | |
1419 | WantedBy=multi-user.target</programlisting> | |
1420 | ||
798d3a52 ZJS |
1421 | <para>Alternatively, the administrator could create a drop-in |
1422 | file | |
12b42c76 | 1423 | <filename>/etc/systemd/system/httpd.service.d/local.conf</filename> |
798d3a52 | 1424 | with the following contents:</para> |
92b1e225 | 1425 | |
798d3a52 | 1426 | <programlisting>[Unit] |
92b1e225 CS |
1427 | After=memcached.service |
1428 | Requires=memcached.service | |
1429 | # Reset all assertions and then re-add the condition we want | |
1430 | AssertPathExists= | |
1431 | AssertPathExists=/srv/www | |
1432 | ||
1433 | [Service] | |
1434 | Nice=0 | |
1435 | PrivateTmp=yes</programlisting> | |
1436 | ||
798d3a52 ZJS |
1437 | <para>Note that dependencies (<varname>After=</varname>, etc.) |
1438 | cannot be reset to an empty list, so dependencies can only be | |
1439 | added in drop-ins. If you want to remove dependencies, you have | |
1440 | to override the entire unit.</para> | |
0cf4c0d1 | 1441 | |
798d3a52 ZJS |
1442 | </example> |
1443 | </refsect1> | |
1444 | ||
1445 | <refsect1> | |
1446 | <title>See Also</title> | |
1447 | <para> | |
1448 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
1449 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
1450 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
1451 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1452 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1453 | <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1454 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1455 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1456 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1457 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1458 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1459 | <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
798d3a52 ZJS |
1460 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
1461 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1462 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
1463 | <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
1464 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
1465 | <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
3ba3a79d | 1466 | <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
798d3a52 ZJS |
1467 | </para> |
1468 | </refsect1> | |
d1ab0ca0 LP |
1469 | |
1470 | </refentry> |