Merge pull request #9115 from yuwata/rfe-8491

[thirdparty/systemd.git] / man / systemd-run.xml

<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  SPDX-License-Identifier: LGPL-2.1+

  This file is part of systemd.

  Copyright 2013 Zbigniew Jędrzejewski-Szmek
-->

<refentry id="systemd-run"
          xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-run</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Lennart</firstname>
        <surname>Poettering</surname>
        <email>lennart@poettering.net</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-run</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-run</refname>
    <refpurpose>Run programs in transient scope units, service units, or path-, socket-, or timer-triggered service units</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-run</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="plain"><replaceable>COMMAND</replaceable>
      <arg choice="opt" rep="repeat">ARGS</arg>
      </arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>systemd-run</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="repeat">PATH OPTIONS</arg>
      <arg choice="req"><replaceable>COMMAND</replaceable></arg>
      <arg choice="opt" rep="repeat">ARGS</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>systemd-run</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="repeat">SOCKET OPTIONS</arg>
      <arg choice="req"><replaceable>COMMAND</replaceable></arg>
      <arg choice="opt" rep="repeat">ARGS</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>systemd-run</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="repeat">TIMER OPTIONS</arg>
      <arg choice="req"><replaceable>COMMAND</replaceable></arg>
      <arg choice="opt" rep="repeat">ARGS</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-run</command> may be used to create and start a transient <filename>.service</filename> or
    <filename>.scope</filename> unit and run the specified <replaceable>COMMAND</replaceable> in it. It may also be
    used to create and start a transient <filename>.path</filename>, <filename>.socket</filename>, or
    <filename>.timer</filename> unit, that activates a <filename>.service</filename> unit when elapsing.</para>

    <para>If a command is run as transient service unit, it will be started and managed by the service manager like any
    other service, and thus shows up in the output of <command>systemctl list-units</command> like any other unit. It
    will run in a clean and detached execution environment, with the service manager as its parent process. In this
    mode, <command>systemd-run</command> will start the service asynchronously in the background and return after the
    command has begun execution (unless <option>--no-block</option> or <option>--wait</option> are specified, see
    below).</para>

    <para>If a command is run as transient scope unit, it will be executed by <command>systemd-run</command> itself as
    parent process and will thus inherit the execution environment of the caller. However, the processes of the command
    are managed by the service manager similar to normal services, and will show up in the output of <command>systemctl
    list-units</command>. Execution in this case is synchronous, and will return only when the command finishes. This
    mode is enabled via the <option>--scope</option> switch (see below). </para>

    <para>If a command is run with path, socket, or timer options such as <option>--on-calendar=</option> (see below),
    a transient path, socket, or timer unit is created alongside the service unit for the specified command. Only the
    transient path, socket, or timer unit is started immediately, the transient service unit will be triggered by the
    path, socket, or timer unit. If the <option>--unit=</option> option is specified, the
    <replaceable>COMMAND</replaceable> may be omitted. In this case, <command>systemd-run</command> creates only a
    <filename>.path</filename>, <filename>.socket</filename>, or <filename>.timer</filename> unit that triggers the
    specified unit.</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <para>The following options are understood:</para>

    <variablelist>
      <varlistentry>
        <term><option>--no-ask-password</option></term>

        <listitem><para>Do not query the user for authentication for
        privileged operations.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--scope</option></term>

        <listitem>
          <para>Create a transient <filename>.scope</filename> unit instead of the default transient
          <filename>.service</filename> unit (see above).
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--unit=</option></term>

        <listitem><para>Use this unit name instead of an automatically
        generated one.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--property=</option></term>
        <term><option>-p</option></term>

        <listitem><para>Sets a property on the scope or service unit that is created. This option takes an assignment
        in the same format as
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        <command>set-property</command> command.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--description=</option></term>

        <listitem><para>Provide a description for the service, scope, path, socket, or timer unit. If not specified,
        the command itself will be used as a description. See <varname>Description=</varname> in
        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--slice=</option></term>

        <listitem><para>Make the new <filename>.service</filename> or <filename>.scope</filename> unit part of the
        specified slice, instead of <filename>system.slice</filename>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-r</option></term>
        <term><option>--remain-after-exit</option></term>

        <listitem><para>After the service process has terminated, keep the service around until it is explicitly
        stopped. This is useful to collect runtime information about the service after it finished running. Also see
        <varname>RemainAfterExit=</varname> in
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--send-sighup</option></term>

        <listitem><para>When terminating the scope or service unit, send a SIGHUP immediately after SIGTERM. This is
        useful to indicate to shells and shell-like processes that the connection has been severed. Also see
        <varname>SendSIGHUP=</varname> in
        <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--service-type=</option></term>

        <listitem><para>Sets the service type. Also see
        <varname>Type=</varname> in
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
        option has no effect in conjunction with
        <option>--scope</option>. Defaults to
        <constant>simple</constant>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--uid=</option></term>
        <term><option>--gid=</option></term>

        <listitem><para>Runs the service process under the specified UNIX user and group. Also see
        <varname>User=</varname> and <varname>Group=</varname> in
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--nice=</option></term>

        <listitem><para>Runs the service process with the specified
        nice level. Also see <varname>Nice=</varname> in
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-E <replaceable>NAME</replaceable>=<replaceable>VALUE</replaceable></option></term>
        <term><option>--setenv=<replaceable>NAME</replaceable>=<replaceable>VALUE</replaceable></option></term>

        <listitem><para>Runs the service process with the specified environment variable set.
        Also see <varname>Environment=</varname> in
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--pty</option></term>
        <term><option>-t</option></term>

        <listitem><para>When invoking the command, the transient service connects its standard input, output and error
        to the terminal <command>systemd-run</command> is invoked on, via a pseudo TTY device. This allows running
        programs that expect interactive user input/output as services, such as interactive command shells.</para>

        <para>Note that
        <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        <command>shell</command> command is usually a better alternative for requesting a new, interactive login
        session on the local host or a local container.</para>

        <para>See below for details on how this switch combines with <option>--pipe</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--pipe</option></term>
        <term><option>-P</option></term>

        <listitem><para>If specified, standard input, output, and error of the transient service are inherited from the
        <command>systemd-run</command> command itself. This allows <command>systemd-run</command>
        to be used within shell pipelines.
        Note that this mode is not suitable for interactive command shells and similar, as the
        service process will not become a TTY controller when invoked on a terminal. Use <option>--pty</option> instead
        in that case.</para>

        <para>When both <option>--pipe</option> and <option>--pty</option> are used in combination the more appropriate
        option is automatically determined and used. Specifically, when invoked with standard input, output and error
        connected to a TTY <option>--pty</option> is used, and otherwise <option>--pipe</option>.</para>

        <para>When this option is used the original file descriptors <command>systemd-run</command> receives are passed
        to the service processes as-is. If the service runs with different privileges than
        <command>systemd-run</command>, this means the service might not be able to re-open the passed file
        descriptors, due to normal file descriptor access restrictions. If the invoked process is a shell script that
        uses the <command>echo "hello" > /dev/stderr</command> construct for writing messages to stderr, this might
        cause problems, as this only works if stderr can be re-opened. To mitigate this use the construct <command>echo
        "hello" >&amp;2</command> instead, which is mostly equivalent and avoids this pitfall.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--quiet</option></term>
        <term><option>-q</option></term>

        <listitem><para>Suppresses additional informational output
        while running. This is particularly useful in combination with
        <option>--pty</option> when it will suppress the initial
        message explaining how to terminate the TTY connection.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--on-active=</option></term>
        <term><option>--on-boot=</option></term>
        <term><option>--on-startup=</option></term>
        <term><option>--on-unit-active=</option></term>
        <term><option>--on-unit-inactive=</option></term>

        <listitem><para>Defines a monotonic timer relative to different starting points for starting the specified
        command. See <varname>OnActiveSec=</varname>, <varname>OnBootSec=</varname>, <varname>OnStartupSec=</varname>,
        <varname>OnUnitActiveSec=</varname> and <varname>OnUnitInactiveSec=</varname> in
        <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
        details. These options are shortcuts for <command>--timer-property=</command> with the relevant properties.
        These options may not be combined with <option>--scope</option> or <option>--pty</option>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--on-calendar=</option></term>

        <listitem><para>Defines a calendar timer for starting the specified command. See <varname>OnCalendar=</varname>
        in <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
        option is a shortcut for <command>--timer-property=OnCalendar=</command>. This option may not be combined with
        <option>--scope</option> or <option>--pty</option>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--path-property=</option></term>
        <term><option>--socket-property=</option></term>
        <term><option>--timer-property=</option></term>

        <listitem><para>Sets a property on the path, socket, or timer unit that is created. This option is similar to
        <option>--property=</option> but applies to the transient path, socket, or timer unit rather than the
        transient service unit created. This option takes an assignment in the same format as
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        <command>set-property</command> command. These options may not be combined with
        <option>--scope</option> or <option>--pty</option>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--no-block</option></term>

        <listitem>
          <para>Do not synchronously wait for the unit start operation to finish. If this option is not specified, the
          start request for the transient unit will be verified, enqueued and <command>systemd-run</command> will wait
          until the unit's start-up is completed. By passing this argument, it is only verified and enqueued. This
          option may not be combined with <option>--wait</option>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--wait</option></term>

        <listitem><para>Synchronously wait for the transient service to terminate. If this option is specified, the
        start request for the transient unit is verified, enqueued, and waited for. Subsequently the invoked unit is
        monitored, and it is waited until it is deactivated again (most likely because the specified command
        completed). On exit, terse information about the unit's runtime is shown, including total runtime (as well as
        CPU usage, if <option>--property=CPUAccounting=1</option> was set) and the exit code and status of the main
        process. This output may be suppressed with <option>--quiet</option>. This option may not be combined with
        <option>--no-block</option>, <option>--scope</option> or the various path, socket, or timer options.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-G</option></term>
        <term><option>--collect</option></term>

        <listitem><para>Unload the transient unit after it completed, even if it failed. Normally, without this option,
        all units that ran and failed are kept in memory until the user explicitly resets their failure state with
        <command>systemctl reset-failed</command> or an equivalent command. On the other hand, units that ran
        successfully are unloaded immediately. If this option is turned on the "garbage collection" of units is more
        aggressive, and unloads units regardless if they exited successfully or failed. This option is a shortcut for
        <command>--property=CollectMode=inactive-or-failed</command>, see the explanation for
        <varname>CollectMode=</varname> in
        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for further
        information.</para></listitem>
      </varlistentry>

      <xi:include href="user-system-options.xml" xpointer="user" />
      <xi:include href="user-system-options.xml" xpointer="system" />
      <xi:include href="user-system-options.xml" xpointer="host" />
      <xi:include href="user-system-options.xml" xpointer="machine" />

      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>

    <para>All command line arguments after the first non-option
    argument become part of the command line of the launched
    process. If a command is run as service unit, the first argument
    needs to be an absolute program path.</para>
  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned, a non-zero failure
    code otherwise.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>

    <example>
      <title>Logging environment variables provided by systemd to services</title>

      <programlisting># systemd-run env
Running as unit: run-19945.service
# journalctl -u run-19945.service
Sep 08 07:37:21 bupkis systemd[1]: Starting /usr/bin/env...
Sep 08 07:37:21 bupkis systemd[1]: Started /usr/bin/env.
Sep 08 07:37:21 bupkis env[19948]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
Sep 08 07:37:21 bupkis env[19948]: LANG=en_US.UTF-8
Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.x86_64</programlisting>
    </example>

    <example>
      <title>Limiting resources available to a command</title>

      <programlisting># systemd-run -p BlockIOWeight=10 updatedb</programlisting>

      <para>This command invokes the
      <citerefentry project='man-pages'><refentrytitle>updatedb</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      tool, but lowers the block I/O weight for it to 10. See
      <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for more information on the <varname>BlockIOWeight=</varname>
      property.</para>
    </example>

    <example>
      <title>Running commands at a specified time</title>

      <para>The following command will touch a file after 30 seconds.</para>

      <programlisting># date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo
Mon Dec  8 20:44:24 KST 2014
Running as unit: run-71.timer
Will run service as unit: run-71.service
# journalctl -b -u run-71.timer
-- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
Dec 08 20:44:38 container systemd[1]: Starting /bin/touch /tmp/foo.
Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo.
# journalctl -b -u run-71.service
-- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo...
Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.</programlisting>
    </example>

    <example>
      <title>Allowing access to the tty</title>

      <para>The following command invokes <filename>/bin/bash</filename> as a service
      passing its standard input, output and error to the calling TTY.</para>

      <programlisting># systemd-run -t --send-sighup /bin/bash</programlisting>
    </example>

    <example>
      <title>Start <command>screen</command> as a user service</title>

      <programlisting>$ systemd-run --scope --user screen
Running scope as unit run-r14b0047ab6df45bfb45e7786cc839e76.scope.

$ screen -ls
There is a screen on:
        492..laptop     (Detached)
1 Socket in /var/run/screen/S-fatima.
</programlisting>

      <para>This starts the <command>screen</command> process as a child of the
      <command>systemd --user</command> process that was started by
      <filename>user@.service</filename>, in a scope unit. A
      <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      unit is used instead of a
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      unit, because <command>screen</command> will exit when detaching from the terminal,
      and a service unit would be terminated. Running <command>screen</command>
      as a user unit has the advantage that it is not part of the session scope.
      If <varname>KillUserProcesses=yes</varname> is configured in
      <citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      the default, the session scope will be terminated when the user logs
      out of that session.</para>

      <para>The <filename>user@.service</filename> is started automatically
      when the user first logs in, and stays around as long as at least one
      login session is open. After the user logs out of the last session,
      <filename>user@.service</filename> and all services underneath it
      are terminated. This behavior is the default, when "lingering" is
      not enabled for that user. Enabling lingering means that
      <filename>user@.service</filename> is started automatically during
      boot, even if the user is not logged in, and that the service is
      not terminated when the user logs out.</para>

      <para>Enabling lingering allows the user to run processes without being logged in,
      for example to allow <command>screen</command> to persist after the user logs out,
      even if the session scope is terminated. In the default configuration, users can
      enable lingering for themselves:</para>

      <programlisting>$ loginctl enable-linger</programlisting>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-mount</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>