Merge pull request #11933 from keszybz/coverity

[thirdparty/systemd.git] / man / systemd.unit.xml

<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>

<!--
  SPDX-License-Identifier: LGPL-2.1+
-->

<refentry id="systemd.unit">

  <refentryinfo>
    <title>systemd.unit</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd.unit</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd.unit</refname>
    <refpurpose>Unit configuration</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename><replaceable>service</replaceable>.service</filename>,
    <filename><replaceable>socket</replaceable>.socket</filename>,
    <filename><replaceable>device</replaceable>.device</filename>,
    <filename><replaceable>mount</replaceable>.mount</filename>,
    <filename><replaceable>automount</replaceable>.automount</filename>,
    <filename><replaceable>swap</replaceable>.swap</filename>,
    <filename><replaceable>target</replaceable>.target</filename>,
    <filename><replaceable>path</replaceable>.path</filename>,
    <filename><replaceable>timer</replaceable>.timer</filename>,
    <filename><replaceable>slice</replaceable>.slice</filename>,
    <filename><replaceable>scope</replaceable>.scope</filename></para>

    <refsect2>
      <title>System Unit Search Path</title>

      <para><literallayout><filename>/etc/systemd/system.control/*</filename>
<filename>/run/systemd/system.control/*</filename>
<filename>/run/systemd/transient/*</filename>
<filename>/run/systemd/generator.early/*</filename>
<filename>/etc/systemd/system/*</filename>
<filename>/etc/systemd/systemd.attached/*</filename>
<filename>/run/systemd/system/*</filename>
<filename>/run/systemd/systemd.attached/*</filename>
<filename>/run/systemd/generator/*</filename>
<filename>…</filename>
<filename>/usr/lib/systemd/system/*</filename>
<filename>/run/systemd/generator.late/*</filename></literallayout></para>
    </refsect2>

    <refsect2>
      <title>User Unit Search Path</title>
      <para><literallayout><filename>~/.config/systemd/user.control/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename>
<filename>~/.config/systemd/user/*</filename>
<filename>/etc/systemd/user/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/user/*</filename>
<filename>/run/systemd/user/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename>
<filename>~/.local/share/systemd/user/*</filename>
<filename>…</filename>
<filename>/usr/lib/systemd/user/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></literallayout></para>
    </refsect2>

  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>A unit file is a plain text ini-style file that encodes information about a service, a
    socket, a device, a mount point, an automount point, a swap file or partition, a start-up
    target, a watched file system path, a timer controlled and supervised by
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, a
    resource management slice or a group of externally created processes. See
    <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for a general description of the syntax.</para>

    <para>This man page lists the common configuration options of all
    the unit types. These options need to be configured in the [Unit]
    or [Install] sections of the unit files.</para>

    <para>In addition to the generic [Unit] and [Install] sections
    described here, each unit may have a type-specific section, e.g.
    [Service] for a service unit. See the respective man pages for
    more information:
    <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
    </para>

    <para>Unit files are loaded from a set of paths determined during
    compilation, described in the next section.</para>

    <para>Unit files can be parameterized by a single argument called the "instance name". The unit
    is then constructed based on a "template file" which serves as the definition of multiple
    services or other units. A template unit must have a single <literal>@</literal> at the end of
    the name (right before the type suffix). The name of the full unit is formed by inserting the
    instance name between <literal>@</literal> and the unit type suffix. In the unit file itself,
    the instance parameter may be referred to using <literal>%i</literal> and other specifiers, see
    below.</para>

    <para>Unit files may contain additional options on top of those
    listed here. If systemd encounters an unknown option, it will
    write a warning log message but continue loading the unit. If an
    option or section name is prefixed with <option>X-</option>, it is
    ignored completely by systemd. Options within an ignored section
    do not need the prefix. Applications may use this to include
    additional information in the unit files.</para>

    <para>Units can be aliased (have an alternative name), by creating a symlink from the new name
    to the existing name in one of the unit search paths. For example,
    <filename>systemd-networkd.service</filename> has the alias
    <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the
    symlink <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In
    addition, unit files may specify aliases through the <varname>Alias=</varname> directive in the
    [Install] section; those aliases are only effective when the unit is enabled. When the unit is
    enabled, symlinks will be created for those names, and removed when the unit is disabled. For
    example, <filename>reboot.target</filename> specifies
    <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever
    CTRL+ALT+DEL is pressed. Alias names may be used in commands like <command>enable</command>,
    <command>disable</command>, <command>start</command>, <command>stop</command>,
    <command>status</command>, …, and in unit dependency directives <varname>Wants=</varname>,
    <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …, with the
    limitation that aliases specified through <varname>Alias=</varname> are only effective when the
    unit is enabled. Aliases cannot be used with the <command>preset</command> command.</para>

    <para>Along with a unit file <filename>foo.service</filename>, the directory
    <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a
    directory are implicitly added as dependencies of type <varname>Wants=</varname> to the unit.
    This is useful to hook units into the start-up of other units, without having to modify their
    unit files. For details about the semantics of <varname>Wants=</varname>, see below. The
    preferred way to create symlinks in the <filename>.wants/</filename> directory of a unit file is
    with the <command>enable</command> command of the
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    tool which reads information from the [Install] section of unit files (see below). A similar
    functionality exists for <varname>Requires=</varname> type dependencies as well, the directory
    suffix is <filename>.requires/</filename> in this case.</para>

    <para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory
    <filename>foo.service.d/</filename> may exist. All files with the suffix <literal>.conf</literal> from this
    directory will be parsed after the unit file itself is parsed. This is useful to alter or add configuration
    settings for a unit, without having to modify unit files. Drop-in files must contain appropriate section
    headers. For instantiated units, this logic will first look for the instance <literal>.d/</literal> subdirectory
    (e.g. <literal>foo@bar.service.d/</literal>) and read its <literal>.conf</literal> files, followed by the template
    <literal>.d/</literal> subdirectory (e.g. <literal>foo@.service.d/</literal>) and the <literal>.conf</literal>
    files there. Moreover for units names containing dashes (<literal>-</literal>), the set of directories generated by
    truncating the unit name after all dashes is searched too. Specifically, for a unit name
    <filename>foo-bar-baz.service</filename> not only the regular drop-in directory
    <filename>foo-bar-baz.service.d/</filename> is searched but also both <filename>foo-bar-.service.d/</filename> and
    <filename>foo-.service.d/</filename>. This is useful for defining common drop-ins for a set of related units, whose
    names begin with a common prefix. This scheme is particularly useful for mount, automount and slice units, whose
    systematic naming structure is built around dashes as component separators. Note that equally named drop-in files
    further down the prefix hierarchy override those further up,
    i.e. <filename>foo-bar-.service.d/10-override.conf</filename> overrides
    <filename>foo-.service.d/10-override.conf</filename>.</para>

    <para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d/</literal>
    directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or
    <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename>
    take precedence over those in <filename>/run</filename> which in turn take precedence over those
    in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence
    over unit files wherever located. Multiple drop-in files with different names are applied in
    lexicographic order, regardless of which of the directories they reside in.</para>

    <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
         people to use .d/ drop-ins instead. -->

    <para>Note that while systemd offers a flexible dependency system
    between units it is recommended to use this functionality only
    sparingly and instead rely on techniques such as bus-based or
    socket-based activation which make dependencies implicit,
    resulting in a both simpler and more flexible system.</para>

    <para>As mentioned above, a unit may be instantiated from a template file. This allows creation
    of multiple units from a single configuration file. If systemd looks for a unit configuration
    file, it will first search for the literal unit name in the file system. If that yields no
    success and the unit name contains an <literal>@</literal> character, systemd will look for a
    unit template that shares the same name but with the instance string (i.e. the part between the
    <literal>@</literal> character and the suffix) removed. Example: if a service
    <filename>getty@tty3.service</filename> is requested and no file by that name is found, systemd
    will look for <filename>getty@.service</filename> and instantiate a service from that
    configuration file if it is found.</para>

    <para>To refer to the instance string from within the
    configuration file you may use the special <literal>%i</literal>
    specifier in many of the configuration options. See below for
    details.</para>

    <para>If a unit file is empty (i.e. has the file size 0) or is
    symlinked to <filename>/dev/null</filename>, its configuration
    will not be loaded and it appears with a load state of
    <literal>masked</literal>, and cannot be activated. Use this as an
    effective way to fully disable a unit, making it impossible to
    start it even manually.</para>

    <para>The unit file format is covered by the
    <ulink
    url="https://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise">Interface
    Stability Promise</ulink>.</para>

  </refsect1>

  <refsect1>
    <title>String Escaping for Inclusion in Unit Names</title>

    <para>Sometimes it is useful to convert arbitrary strings into unit names. To facilitate this, a method of string
    escaping is used, in order to map strings containing arbitrary byte values (except NUL) into valid unit names and
    their restricted character set. A common special case are unit names that reflect paths to objects in the file
    system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device with the device
    node <filename noindex='true'>/dev/sda</filename> in the file system.</para>

    <para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is replaced by
    <literal>-</literal>, and all other characters which are not ASCII alphanumerics or <literal>_</literal> are
    replaced by C-style <literal>\x2d</literal> escapes. In addition, <literal>.</literal> is replaced with such a
    C-style escape when it would appear as the first character in the escaped string.</para>

    <para>When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the
    root directory <literal>/</literal> is encoded as single dash <literal>-</literal>. In addition, any leading,
    trailing or duplicate <literal>/</literal> characters are removed from the string before transformation. Example:
    <filename>/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para>

    <para>This escaping is fully reversible, as long as it is known whether the escaped string was a path (the
    unescaping results are different for paths and non-path strings). The
    <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> command may be
    used to apply and reverse escaping on arbitrary strings. Use <command>systemd-escape --path</command> to escape
    path strings, and <command>systemd-escape</command> without <option>--path</option> otherwise.</para>
  </refsect1>

  <refsect1>
    <title>Automatic dependencies</title>

    <refsect2>
      <title>Implicit Dependencies</title>

      <para>A number of unit dependencies are implicitly established, depending on unit type and
      unit configuration. These implicit dependencies can make unit configuration file cleaner. For
      the implicit dependencies in each unit type, please refer to section "Implicit Dependencies"
      in respective man pages.</para>

      <para>For example, service units with <varname>Type=dbus</varname> automatically acquire
      dependencies of type <varname>Requires=</varname> and <varname>After=</varname> on
      <filename>dbus.socket</filename>. See
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for details.</para>
    </refsect2>

    <refsect2>
      <title>Default Dependencies</title>

      <para>Default dependencies are similar to implicit dependencies, but can be turned on and off
      by setting <varname>DefaultDependencies=</varname> to <varname>yes</varname> (the default) and
      <varname>no</varname>, while implicit dependencies are always in effect. See section "Default
      Dependencies" in respective man pages for the effect of enabling
      <varname>DefaultDependencies=</varname> in each unit types.</para>

      <para>For example, target units will complement all configured dependencies of type
      <varname>Wants=</varname> or <varname>Requires=</varname> with dependencies of type
      <varname>After=</varname> unless <varname>DefaultDependencies=no</varname> is set in the
      specified units. See
      <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for details. Note that this behavior can be turned off by setting
      <varname>DefaultDependencies=no</varname>.</para>
    </refsect2>
  </refsect1>

  <refsect1>
    <title>Unit File Load Path</title>

    <para>Unit files are loaded from a set of paths determined during
    compilation, described in the two tables below. Unit files found
    in directories listed earlier override files with the same name in
    directories lower in the list.</para>

    <para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set,
    the contents of this variable overrides the unit load path. If
    <varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component
    (<literal>:</literal>), the usual unit load path will be appended
    to the contents of the variable.</para>

    <table>
      <title>
        Load path when running in system mode (<option>--system</option>).
      </title>

      <tgroup cols='2'>
        <colspec colname='path' />
        <colspec colname='expl' />
        <thead>
          <row>
            <entry>Path</entry>
            <entry>Description</entry>
          </row>
        </thead>
        <tbody>
          <row>
            <entry><filename>/etc/systemd/system.control</filename></entry>
            <entry morerows="1">Persistent and transient configuration created using the dbus API</entry>
          </row>
          <row>
            <entry><filename>/run/systemd/system.control</filename></entry>
          </row>
          <row>
            <entry><filename>/run/systemd/transient</filename></entry>
            <entry>Dynamic configuration for transient units</entry>
          </row>
          <row>
            <entry><filename>/run/systemd/generator.early</filename></entry>
            <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry
            ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
          </row>
          <row>
            <entry><filename>/etc/systemd/system</filename></entry>
            <entry>Local configuration</entry>
          </row>
          <row>
            <entry><filename>/run/systemd/system</filename></entry>
            <entry>Runtime units</entry>
          </row>
          <row>
            <entry><filename>/run/systemd/generator</filename></entry>
            <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry
            ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
          </row>
          <row>
            <entry><filename>/usr/local/lib/systemd/system</filename></entry>
            <entry morerows="1">Units of installed packages</entry>
          </row>
          <row>
            <entry><filename>/usr/lib/systemd/system</filename></entry>
          </row>
          <row>
            <entry><filename>/run/systemd/generator.late</filename></entry>
            <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry
            ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
          </row>
        </tbody>
      </tgroup>
    </table>

    <table>
      <title>
        Load path when running in user mode (<option>--user</option>).
      </title>

      <tgroup cols='2'>
        <colspec colname='path' />
        <colspec colname='expl' />
        <thead>
          <row>
            <entry>Path</entry>
            <entry>Description</entry>
          </row>
        </thead>
        <tbody>
          <row>
            <entry><filename>$XDG_CONFIG_HOME/systemd/user.control</filename> or <filename
            >~/.config/systemd/user.control</filename></entry>
            <entry morerows="1">Persistent and transient configuration created using the dbus API (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry>
          </row>
          <row>
            <entry><filename>$XDG_RUNTIME_DIR/systemd/user.control</filename></entry>
          </row>
          <row>
            <entry><filename>/run/systemd/transient</filename></entry>
            <entry>Dynamic configuration for transient units</entry>
          </row>
          <row>
            <entry><filename>/run/systemd/generator.early</filename></entry>
            <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry
            ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
          </row>
          <row>
            <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename> or <filename>$HOME/.config/systemd/user</filename></entry>
            <entry>User configuration (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry>
          </row>
          <row>
            <entry><filename>/etc/systemd/user</filename></entry>
            <entry>Local configuration</entry>
          </row>
          <row>
            <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry>
            <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry>
          </row>
          <row>
            <entry><filename>/run/systemd/user</filename></entry>
            <entry>Runtime units</entry>
          </row>
          <row>
            <entry><filename>$XDG_RUNTIME_DIR/systemd/generator</filename></entry>
            <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry
            ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
          </row>
          <row>
            <entry><filename>$XDG_DATA_HOME/systemd/user</filename> or <filename>$HOME/.local/share/systemd/user</filename></entry>
            <entry>Units of packages that have been installed in the home directory (<varname>$XDG_DATA_HOME</varname> is used if set, <filename>~/.local/share</filename> otherwise)</entry>
          </row>
          <row>
            <entry><filename>$dir/systemd/user</filename> for each <varname noindex='true'>$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry>
            <entry>Additional locations for installed user units, one for each entry in <varname>$XDG_DATA_DIRS</varname></entry>
          </row>
          <row>
            <entry><filename>/usr/local/lib/systemd/user</filename></entry>
            <entry morerows="1">Units of packages that have been installed system-wide</entry>
          </row>
          <row>
            <entry><filename>/usr/lib/systemd/user</filename></entry>
          </row>
          <row>
            <entry><filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename></entry>
            <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry
            ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
          </row>
        </tbody>
      </tgroup>
    </table>

    <para>The set of load paths for the user manager instance may be augmented or
    changed using various environment variables. And environment variables may in
    turn be set using environment generators, see
    <citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
    In particular, <varname>$XDG_DATA_HOME</varname> and
    <varname>$XDG_DATA_DIRS</varname> may be easily set using
    <citerefentry><refentrytitle>systemd-environment-d-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
    Thus, directories listed here are just the defaults. To see the actual list that
    would be used based on compilation options and current environment use
    <programlisting>systemd-analyze --user unit-paths</programlisting>
    </para>

    <para>Moreover, additional units might be loaded into systemd ("linked") from
    directories not on the unit load path. See the <command>link</command> command
    for
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    </para>
  </refsect1>

  <refsect1>
    <title>Unit Garbage Collection</title>

    <para>The system and service manager loads a unit's configuration automatically when a unit is referenced for the
    first time. It will automatically unload the unit configuration and state again when the unit is not needed anymore
    ("garbage collection"). A unit may be referenced through a number of different mechanisms:</para>

    <orderedlist>
      <listitem><para>Another loaded unit references it with a dependency such as <varname>After=</varname>,
      <varname>Wants=</varname>, …</para></listitem>

      <listitem><para>The unit is currently starting, running, reloading or stopping.</para></listitem>

      <listitem><para>The unit is currently in the <constant>failed</constant> state. (But see below.)</para></listitem>

      <listitem><para>A job for the unit is pending.</para></listitem>

      <listitem><para>The unit is pinned by an active IPC client program.</para></listitem>

      <listitem><para>The unit is a special "perpetual" unit that is always active and loaded. Examples for perpetual
      units are the root mount unit <filename>-.mount</filename> or the scope unit <filename>init.scope</filename> that
      the service manager itself lives in.</para></listitem>

      <listitem><para>The unit has running processes associated with it.</para></listitem>
    </orderedlist>

    <para>The garbage collection logic may be altered with the <varname>CollectMode=</varname> option, which allows
    configuration whether automatic unloading of units that are in <constant>failed</constant> state is permissible,
    see below.</para>

    <para>Note that when a unit's configuration and state is unloaded, all execution results, such as exit codes, exit
    signals, resource consumption and other statistics are lost, except for what is stored in the log subsystem.</para>

    <para>Use <command>systemctl daemon-reload</command> or an equivalent command to reload unit configuration while
    the unit is already loaded. In this case all configuration settings are flushed out and replaced with the new
    configuration (which however might not be in effect immediately), however all runtime state is
    saved/restored.</para>
  </refsect1>

  <refsect1>
    <title>[Unit] Section Options</title>

    <para>The unit file may include a [Unit] section, which carries
    generic information about the unit that is not dependent on the
    type of unit:</para>

    <variablelist class='unit-directives'>

      <varlistentry>
        <term><varname>Description=</varname></term>
        <listitem><para>A human readable name for the unit. This is used by
        <command>systemd</command> (and other UIs) as the label for the unit, so this string should
        identify the unit rather than describe it, despite the name. <literal>Apache2 Web
        Server</literal> is a good example. Bad examples are <literal>high-performance light-weight
        HTTP server</literal> (too generic) or <literal>Apache2</literal> (too specific and
        meaningless for people who do not know Apache). <command>systemd</command> will use this
        string as a noun in status messages (<literal>Starting
        <replaceable>description</replaceable>...</literal>, <literal>Started
        <replaceable>description</replaceable>.</literal>, <literal>Reached target
        <replaceable>description</replaceable>.</literal>, <literal>Failed to start
        <replaceable>description</replaceable>.</literal>), so it should be capitalized, and should
        not be a full sentence or a phrase with a continous verb. Bad examples include
        <literal>exiting the container</literal> or <literal>updating the database once per
        day.</literal>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Documentation=</varname></term>
        <listitem><para>A space-separated list of URIs referencing
        documentation for this unit or its configuration. Accepted are
        only URIs of the types <literal>http://</literal>,
        <literal>https://</literal>, <literal>file:</literal>,
        <literal>info:</literal>, <literal>man:</literal>. For more
        information about the syntax of these URIs, see <citerefentry
        project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
        The URIs should be listed in order of relevance, starting with
        the most relevant. It is a good idea to first reference
        documentation that explains what the unit's purpose is,
        followed by how it is configured, followed by any other
        related documentation. This option may be specified more than
        once, in which case the specified list of URIs is merged. If
        the empty string is assigned to this option, the list is reset
        and all prior assignments will have no
        effect.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Requires=</varname></term>

        <listitem><para>Configures requirement dependencies on other units. If this unit gets activated, the units
        listed here will be activated as well. If one of the other units fails to activate, and an ordering dependency
        <varname>After=</varname> on the failing unit is set, this unit will not be started. Besides, with or without
        specifying <varname>After=</varname>, this unit will be stopped if one of the other units is explicitly
        stopped. This option may be specified more than once or multiple space-separated units may be
        specified in one option in which case requirement dependencies for all listed names will be created. Note that
        requirement dependencies do not influence the order in which services are started or stopped.  This has to be
        configured independently with the <varname>After=</varname> or <varname>Before=</varname> options. If a unit
        <filename>foo.service</filename> requires a unit <filename>bar.service</filename> as configured with
        <varname>Requires=</varname> and no ordering is configured with <varname>After=</varname> or
        <varname>Before=</varname>, then both units will be started simultaneously and without any delay between them
        if <filename>foo.service</filename> is activated. Often, it is a better choice to use <varname>Wants=</varname>
        instead of <varname>Requires=</varname> in order to achieve a system that is more robust when dealing with
        failing services.</para>

        <para>Note that this dependency type does not imply that the other unit always has to be in active state when
        this unit is running. Specifically: failing condition checks (such as <varname>ConditionPathExists=</varname>,
        <varname>ConditionPathIsSymbolicLink=</varname>, … — see below) do not cause the start job of a unit with a
        <varname>Requires=</varname> dependency on it to fail. Also, some unit types may deactivate on their own (for
        example, a service process may decide to exit cleanly, or a device may be unplugged by the user), which is not
        propagated to units having a <varname>Requires=</varname> dependency. Use the <varname>BindsTo=</varname>
        dependency type together with <varname>After=</varname> to ensure that a unit may never be in active state
        without a specific other unit also in active state (see below).</para>

        <para>Note that dependencies of this type may also be configured outside of the unit configuration file by
        adding a symlink to a <filename>.requires/</filename> directory accompanying the unit file. For details, see
        above.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Requisite=</varname></term>

        <listitem><para>Similar to <varname>Requires=</varname>. However, if the units listed here
        are not started already, they will not be started and the starting of this unit will fail
        immediately. <varname>Requisite=</varname> does not imply an ordering dependency, even if
        both units are started in the same transaction. Hence this setting should usually be
        combined with <varname>After=</varname>, to ensure this unit is not started before the other
        unit.</para>

        <para>When <varname>Requisite=b.service</varname> is used on
        <filename>a.service</filename>, this dependency will show as
        <varname>RequisiteOf=a.service</varname> in property listing of
        <filename>b.service</filename>. <varname>RequisiteOf=</varname>
        dependency cannot be specified directly.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Wants=</varname></term>

        <listitem><para>A weaker version of
        <varname>Requires=</varname>. Units listed in this option will
        be started if the configuring unit is. However, if the listed
        units fail to start or cannot be added to the transaction,
        this has no impact on the validity of the transaction as a
        whole. This is the recommended way to hook start-up of one
        unit to the start-up of another unit.</para>

        <para>Note that dependencies of this type may also be
        configured outside of the unit configuration file by adding
        symlinks to a <filename>.wants/</filename> directory
        accompanying the unit file. For details, see
        above.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>BindsTo=</varname></term>

        <listitem><para>Configures requirement dependencies, very similar in style to
        <varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effect of
        <varname>Requires=</varname> it declares that if the unit bound to is stopped, this unit will be stopped
        too. This means a unit bound to another unit that suddenly enters inactive state will be stopped too.
        Units can suddenly, unexpectedly enter inactive state for different reasons: the main process of a service unit
        might terminate on its own choice, the backing device of a device unit might be unplugged or the mount point of
        a mount unit might be unmounted without involvement of the system and service manager.</para>

        <para>When used in conjunction with <varname>After=</varname> on the same unit the behaviour of
        <varname>BindsTo=</varname> is even stronger. In this case, the unit bound to strictly has to be in active
        state for this unit to also be in active state. This not only means a unit bound to another unit that suddenly
        enters inactive state, but also one that is bound to another unit that gets skipped due to a failed condition
        check (such as <varname>ConditionPathExists=</varname>, <varname>ConditionPathIsSymbolicLink=</varname>, … —
        see below) will be stopped, should it be running. Hence, in many cases it is best to combine
        <varname>BindsTo=</varname> with <varname>After=</varname>.</para>

        <para>When <varname>BindsTo=b.service</varname> is used on
        <filename>a.service</filename>, this dependency will show as
        <varname>BoundBy=a.service</varname> in property listing of
        <filename>b.service</filename>. <varname>BoundBy=</varname>
        dependency cannot be specified directly.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>PartOf=</varname></term>

        <listitem><para>Configures dependencies similar to
        <varname>Requires=</varname>, but limited to stopping and
        restarting of units. When systemd stops or restarts the units
        listed here, the action is propagated to this unit. Note that
        this is a one-way dependency — changes to this unit do not
        affect the listed units.</para>

        <para>When <varname>PartOf=b.service</varname> is used on
        <filename>a.service</filename>, this dependency will show as
        <varname>ConsistsOf=a.service</varname> in property listing of
        <filename>b.service</filename>. <varname>ConsistsOf=</varname>
        dependency cannot be specified directly.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Conflicts=</varname></term>

        <listitem><para>A space-separated list of unit names.
        Configures negative requirement dependencies. If a unit has a
        <varname>Conflicts=</varname> setting on another unit,
        starting the former will stop the latter and vice versa. Note
        that this setting is independent of and orthogonal to the
        <varname>After=</varname> and <varname>Before=</varname>
        ordering dependencies.</para>

        <para>If a unit A that conflicts with a unit B is scheduled to
        be started at the same time as B, the transaction will either
        fail (in case both are required parts of the transaction) or be
        modified to be fixed (in case one or both jobs are not a
        required part of the transaction). In the latter case, the job
        that is not required will be removed, or in case both are
        not required, the unit that conflicts will be started and the
        unit that is conflicted is stopped.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Before=</varname></term>
        <term><varname>After=</varname></term>

        <listitem><para>These two settings expect a space-separated list of unit names. They configure ordering
        dependencies between units. If a unit <filename>foo.service</filename> contains a setting
        <option>Before=bar.service</option> and both units are being started, <filename>bar.service</filename>'s
        start-up is delayed until <filename>foo.service</filename> has finished starting up.  Note that this setting is
        independent of and orthogonal to the requirement dependencies as configured by <varname>Requires=</varname>,
        <varname>Wants=</varname> or <varname>BindsTo=</varname>. It is a common pattern to include a unit name in both
        the <varname>After=</varname> and <varname>Requires=</varname> options, in which case the unit listed will be
        started before the unit that is configured with these options. This option may be specified more than once, in
        which case ordering dependencies for all listed names are created. <varname>After=</varname> is the inverse of
        <varname>Before=</varname>, i.e. while <varname>After=</varname> ensures that the configured unit is started
        after the listed unit finished starting up, <varname>Before=</varname> ensures the opposite, that the
        configured unit is fully started up before the listed unit is started. Note that when two units with an
        ordering dependency between them are shut down, the inverse of the start-up order is applied. i.e. if a unit is
        configured with <varname>After=</varname> on another unit, the former is stopped before the latter if both are
        shut down. Given two units with any ordering dependency between them, if one unit is shut down and the other is
        started up, the shutdown is ordered before the start-up. It doesn't matter if the ordering dependency is
        <varname>After=</varname> or <varname>Before=</varname>, in this case. It also doesn't matter which of the two
        is shut down, as long as one is shut down and the other is started up. The shutdown is ordered before the
        start-up in all cases. If two units have no ordering dependencies between them, they are shut down or started
        up simultaneously, and no ordering takes place. It depends on the unit type when precisely a unit has finished
        starting up. Most importantly, for service units start-up is considered completed for the purpose of
        <varname>Before=</varname>/<varname>After=</varname> when all its configured start-up commands have been
        invoked and they either failed or reported start-up success.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>OnFailure=</varname></term>

        <listitem><para>A space-separated list of one or more units
        that are activated when this unit enters the
        <literal>failed</literal> state.  A service unit using
        <varname>Restart=</varname> enters the failed state only after
        the start limits are reached.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>PropagatesReloadTo=</varname></term>
        <term><varname>ReloadPropagatedFrom=</varname></term>

        <listitem><para>A space-separated list of one or more units
        where reload requests on this unit will be propagated to, or
        reload requests on the other unit will be propagated to this
        unit, respectively. Issuing a reload request on a unit will
        automatically also enqueue a reload request on all units that
        the reload request shall be propagated to via these two
        settings.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>JoinsNamespaceOf=</varname></term>

        <listitem><para>For units that start processes (such as service units), lists one or more other units
        whose network and/or temporary file namespace to join. This only applies to unit types which support
        the <varname>PrivateNetwork=</varname>, <varname>NetworkNamespacePath=</varname> and
        <varname>PrivateTmp=</varname> directives (see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
        details). If a unit that has this setting set is started, its processes will see the same
        <filename>/tmp</filename>, <filename>/var/tmp</filename> and network namespace as one listed unit
        that is started. If multiple listed units are already started, it is not defined which namespace is
        joined.  Note that this setting only has an effect if
        <varname>PrivateNetwork=</varname>/<varname>NetworkNamespacePath=</varname> and/or
        <varname>PrivateTmp=</varname> is enabled for both the unit that joins the namespace and the unit
        whose namespace is joined.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RequiresMountsFor=</varname></term>

        <listitem><para>Takes a space-separated list of absolute
        paths. Automatically adds dependencies of type
        <varname>Requires=</varname> and <varname>After=</varname> for
        all mount units required to access the specified path.</para>

        <para>Mount points marked with <option>noauto</option> are not
        mounted automatically through <filename>local-fs.target</filename>,
        but are still honored for the purposes of this option, i.e. they
        will be pulled in by this unit.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>OnFailureJobMode=</varname></term>

        <listitem><para>Takes a value of
        <literal>fail</literal>,
        <literal>replace</literal>,
        <literal>replace-irreversibly</literal>,
        <literal>isolate</literal>,
        <literal>flush</literal>,
        <literal>ignore-dependencies</literal> or
        <literal>ignore-requirements</literal>. Defaults to
        <literal>replace</literal>. Specifies how the units listed in
        <varname>OnFailure=</varname> will be enqueued. See
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        <option>--job-mode=</option> option for details on the
        possible values. If this is set to <literal>isolate</literal>,
        only a single unit may be listed in
        <varname>OnFailure=</varname>..</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>IgnoreOnIsolate=</varname></term>

        <listitem><para>Takes a boolean argument. If <option>true</option>, this unit
        will not be stopped when isolating another unit. Defaults to
        <option>false</option> for service, target, socket, busname, timer, and path
        units, and <option>true</option> for slice, scope, device, swap, mount, and
        automount units.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>StopWhenUnneeded=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, this unit will be stopped when it is no
        longer used. Note that, in order to minimize the work to be
        executed, systemd will not stop units by default unless they
        are conflicting with other units, or the user explicitly
        requested their shut down. If this option is set, a unit will
        be automatically cleaned up if no other active unit requires
        it. Defaults to <option>false</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RefuseManualStart=</varname></term>
        <term><varname>RefuseManualStop=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, this unit can only be activated or
        deactivated indirectly. In this case, explicit start-up or
        termination requested by the user is denied, however if it is
        started or stopped as a dependency of another unit, start-up
        or termination will succeed. This is mostly a safety feature
        to ensure that the user does not accidentally activate units
        that are not intended to be activated explicitly, and not
        accidentally deactivate units that are not intended to be
        deactivated. These options default to
        <option>false</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>AllowIsolate=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, this unit may be used with the
        <command>systemctl isolate</command> command. Otherwise, this
        will be refused. It probably is a good idea to leave this
        disabled except for target units that shall be used similar to
        runlevels in SysV init systems, just as a precaution to avoid
        unusable system states. This option defaults to
        <option>false</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultDependencies=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, (the default), a few default
        dependencies will implicitly be created for the unit. The
        actual dependencies created depend on the unit type. For
        example, for service units, these dependencies ensure that the
        service is started only after basic system initialization is
        completed and is properly terminated on system shutdown. See
        the respective man pages for details. Generally, only services
        involved with early boot or late shutdown should set this
        option to <option>false</option>. It is highly recommended to
        leave this option enabled for the majority of common units. If
        set to <option>false</option>, this option does not disable
        all implicit dependencies, just non-essential
        ones.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>CollectMode=</varname></term>

        <listitem><para>Tweaks the "garbage collection" algorithm for this unit. Takes one of <option>inactive</option>
        or <option>inactive-or-failed</option>. If set to <option>inactive</option> the unit will be unloaded if it is
        in the <constant>inactive</constant> state and is not referenced by clients, jobs or other units — however it
        is not unloaded if it is in the <constant>failed</constant> state. In <option>failed</option> mode, failed
        units are not unloaded until the user invoked <command>systemctl reset-failed</command> on them to reset the
        <constant>failed</constant> state, or an equivalent command. This behaviour is altered if this option is set to
        <option>inactive-or-failed</option>: in this case the unit is unloaded even if the unit is in a
        <constant>failed</constant> state, and thus an explicitly resetting of the <constant>failed</constant> state is
        not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed
        resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging
        subsystem. Defaults to <option>inactive</option>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>FailureAction=</varname></term>
        <term><varname>SuccessAction=</varname></term>

        <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state.
        Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
        <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
        <option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
        all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and
        <option>exit-force</option> are allowed. Both options default to <option>none</option>.</para>

        <para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
        following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
        <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
        cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
        <option>reboot-immediate</option> causes immediate execution of the
        <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
        might result in data loss (i.e. equivalent to <command>systemctl reboot -ff</command>). Similarly,
        <option>poweroff</option>, <option>poweroff-force</option>, <option>poweroff-immediate</option> have the effect
        of powering down the system with similar semantics. <option>exit</option> causes the manager to exit following
        the normal shutdown procedure, and <option>exit-force</option> causes it terminate without shutting down
        services. When <option>exit</option> or <option>exit-force</option> is used by default the exit status of the
        main process of the unit (if this applies) is returned from the service manager. However, this may be overriden
        with <varname>FailureActionExitStatus=</varname>/<varname>SuccessActionExitStatus=</varname>, see
        below.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>FailureActionExitStatus=</varname></term>
        <term><varname>SuccessActionExitStatus=</varname></term>

        <listitem><para>Controls the exit status to propagate back to an invoking container manager (in case of a
        system service) or service manager (in case of a user manager) when the
        <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> are set to <option>exit</option> or
        <option>exit-force</option> and the action is triggered. By default the exit status of the main process of the
        triggering unit (if this applies) is propagated. Takes a value in the range 0…255 or the empty string to
        request default behaviour.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>JobTimeoutSec=</varname></term>
        <term><varname>JobRunningTimeoutSec=</varname></term>

        <listitem><para>When a job for this unit is queued, a timeout <varname>JobTimeoutSec=</varname> may be
        configured. Similarly, <varname>JobRunningTimeoutSec=</varname> starts counting when the queued job is actually
        started. If either time limit is reached, the job will be cancelled, the unit however will not change state or
        even enter the <literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts
        disabled), except for device units (<varname>JobRunningTimeoutSec=</varname> defaults to
        <varname>DefaultTimeoutStartSec=</varname>). NB: this timeout is independent from any unit-specific timeout
        (for example, the timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has
        no effect on the unit itself, only on the job that might be pending for it. Or in other words: unit-specific
        timeouts are useful to abort unit state changes, and revert them. The job timeout set with this option however
        is useful to abort only the job waiting for the unit state to change.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>JobTimeoutAction=</varname></term>
        <term><varname>JobTimeoutRebootArgument=</varname></term>

        <listitem><para><varname>JobTimeoutAction=</varname> optionally configures an additional action to take when
        the timeout is hit, see description of <varname>JobTimeoutSec=</varname> and
        <varname>JobRunningTimeoutSec=</varname> above. It takes the same values as
        <varname>StartLimitAction=</varname>. Defaults to <option>none</option>.
        <varname>JobTimeoutRebootArgument=</varname> configures an optional reboot string to pass to the
        <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>StartLimitIntervalSec=<replaceable>interval</replaceable></varname></term>
        <term><varname>StartLimitBurst=<replaceable>burst</replaceable></varname></term>

        <listitem><para>Configure unit start rate limiting. Units which are started more than
        <replaceable>burst</replaceable> times within an <replaceable>interval</replaceable> time interval are not
        permitted to start any more. Use <varname>StartLimitIntervalSec=</varname> to configure the checking interval
        (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, set it to 0 to
        disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many starts per
        interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager configuration
        file). These configuration options are particularly useful in conjunction with the service setting
        <varname>Restart=</varname> (see
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however,
        they apply to all kinds of starts (including manual), not just those triggered by the
        <varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and
        which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted
        manually at a later point, after the <replaceable>interval</replaceable> has passed.  From this point on, the
        restart logic is activated again. Note that <command>systemctl reset-failed</command> will cause the restart
        rate counter for a service to be flushed, which is useful if the administrator wants to manually start a unit
        and the start limit interferes with that. Note that this rate-limiting is enforced after any unit condition
        checks are executed, and hence unit activations with failing conditions do not count towards this rate
        limit. This setting does not apply to slice, target, device, and scope units, since they are unit types whose
        activation may either never fail, or may succeed only a single time.</para>

        <para>When a unit is unloaded due to the garbage collection logic (see above) its rate limit counters are
        flushed out too. This means that configuring start rate limiting for a unit that is not referenced continuously
        has no effect.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>StartLimitAction=</varname></term>

        <listitem><para>Configure an additional action to take if the rate limit configured with
        <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit.  Takes the same
        values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
        the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
        the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
      </varlistentry>


      <varlistentry>
        <term><varname>RebootArgument=</varname></term>
        <listitem><para>Configure the optional argument for the
        <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if
        <varname>StartLimitAction=</varname> or <varname>FailureAction=</varname> is a reboot action. This
        works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>ConditionArchitecture=</varname></term>
        <term><varname>ConditionVirtualization=</varname></term>
        <term><varname>ConditionHost=</varname></term>
        <term><varname>ConditionKernelCommandLine=</varname></term>
        <term><varname>ConditionKernelVersion=</varname></term>
        <term><varname>ConditionSecurity=</varname></term>
        <term><varname>ConditionCapability=</varname></term>
        <term><varname>ConditionACPower=</varname></term>
        <term><varname>ConditionNeedsUpdate=</varname></term>
        <term><varname>ConditionFirstBoot=</varname></term>
        <term><varname>ConditionPathExists=</varname></term>
        <term><varname>ConditionPathExistsGlob=</varname></term>
        <term><varname>ConditionPathIsDirectory=</varname></term>
        <term><varname>ConditionPathIsSymbolicLink=</varname></term>
        <term><varname>ConditionPathIsMountPoint=</varname></term>
        <term><varname>ConditionPathIsReadWrite=</varname></term>
        <term><varname>ConditionDirectoryNotEmpty=</varname></term>
        <term><varname>ConditionFileNotEmpty=</varname></term>
        <term><varname>ConditionFileIsExecutable=</varname></term>
        <term><varname>ConditionUser=</varname></term>
        <term><varname>ConditionGroup=</varname></term>
        <term><varname>ConditionControlGroupController=</varname></term>

        <!-- We do not document ConditionNull=
             here, as it is not particularly
             useful and probably just
             confusing. -->

        <listitem><para>Before starting a unit, verify that the specified condition is true. If it is not true, the
        starting of the unit will be (mostly silently) skipped, however all ordering dependencies of it are still
        respected. A failing condition will not result in the unit being moved into the <literal>failed</literal>
        state. The condition is checked at the time the queued start job is to be executed. Use condition expressions
        in order to silently skip units that do not apply to the local running system, for example because the kernel
        or runtime environment doesn't require their functionality. Use the various
        <varname>AssertArchitecture=</varname>, <varname>AssertVirtualization=</varname>, … options for a similar
        mechanism that causes the job to fail (instead of being skipped) and results in logging about the failed check
        (instead of being silently processed). For details about assertion conditions see below.</para>

        <para><varname>ConditionArchitecture=</varname> may be used to
        check whether the system is running on a specific
        architecture. Takes one of
        <varname>x86</varname>,
        <varname>x86-64</varname>,
        <varname>ppc</varname>,
        <varname>ppc-le</varname>,
        <varname>ppc64</varname>,
        <varname>ppc64-le</varname>,
        <varname>ia64</varname>,
        <varname>parisc</varname>,
        <varname>parisc64</varname>,
        <varname>s390</varname>,
        <varname>s390x</varname>,
        <varname>sparc</varname>,
        <varname>sparc64</varname>,
        <varname>mips</varname>,
        <varname>mips-le</varname>,
        <varname>mips64</varname>,
        <varname>mips64-le</varname>,
        <varname>alpha</varname>,
        <varname>arm</varname>,
        <varname>arm-be</varname>,
        <varname>arm64</varname>,
        <varname>arm64-be</varname>,
        <varname>sh</varname>,
        <varname>sh64</varname>,
        <varname>m68k</varname>,
        <varname>tilegx</varname>,
        <varname>cris</varname>,
        <varname>arc</varname>,
        <varname>arc-be</varname> to test
        against a specific architecture. The architecture is
        determined from the information returned by
        <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
        and is thus subject to
        <citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
        Note that a <varname>Personality=</varname> setting in the
        same unit file has no effect on this condition. A special
        architecture name <varname>native</varname> is mapped to the
        architecture the system manager itself is compiled for. The
        test may be negated by prepending an exclamation mark.</para>

        <para><varname>ConditionVirtualization=</varname> may be used
        to check whether the system is executed in a virtualized
        environment and optionally test whether it is a specific
        implementation. Takes either boolean value to check if being
        executed in any virtualized environment, or one of
        <varname>vm</varname> and
        <varname>container</varname> to test against a generic type of
        virtualization solution, or one of
        <varname>qemu</varname>,
        <varname>kvm</varname>,
        <varname>zvm</varname>,
        <varname>vmware</varname>,
        <varname>microsoft</varname>,
        <varname>oracle</varname>,
        <varname>xen</varname>,
        <varname>bochs</varname>,
        <varname>uml</varname>,
        <varname>bhyve</varname>,
        <varname>qnx</varname>,
        <varname>openvz</varname>,
        <varname>lxc</varname>,
        <varname>lxc-libvirt</varname>,
        <varname>systemd-nspawn</varname>,
        <varname>docker</varname>,
        <varname>rkt</varname>,
        <varname>acrn</varname> to test
        against a specific implementation, or
        <varname>private-users</varname> to check whether we are running in a user namespace. See
        <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for a full list of known virtualization technologies and their
        identifiers. If multiple virtualization technologies are
        nested, only the innermost is considered. The test may be
        negated by prepending an exclamation mark.</para>

        <para><varname>ConditionHost=</varname> may be used to match
        against the hostname or machine ID of the host. This either
        takes a hostname string (optionally with shell style globs)
        which is tested against the locally set hostname as returned
        by
        <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
        or a machine ID formatted as string (see
        <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
        The test may be negated by prepending an exclamation
        mark.</para>

        <para><varname>ConditionKernelCommandLine=</varname> may be
        used to check whether a specific kernel command line option is
        set (or if prefixed with the exclamation mark unset). The
        argument must either be a single word, or an assignment (i.e.
        two words, separated <literal>=</literal>). In the former case
        the kernel command line is searched for the word appearing as
        is, or as left hand side of an assignment. In the latter case,
        the exact assignment is looked for with right and left hand
        side matching.</para>

        <para><varname>ConditionKernelVersion=</varname> may be used to check whether the kernel version (as reported
        by <command>uname -r</command>) matches a certain expression (or if prefixed with the exclamation mark does not
        match it). The argument must be a single string. If the string starts with one of <literal>&lt;</literal>,
        <literal>&lt;=</literal>, <literal>=</literal>, <literal>&gt;=</literal>, <literal>&gt;</literal> a relative
        version comparison is done, otherwise the specified string is matched with shell-style globs.</para>

        <para>Note that using the kernel version string is an unreliable way to determine which features are supported
        by a kernel, because of the widespread practice of backporting drivers, features, and fixes from newer upstream
        kernels into older versions provided by distributions. Hence, this check is inherently unportable and should
        not be used for units which may be used on different distributions.</para>

        <para><varname>ConditionSecurity=</varname> may be used to check
        whether the given security technology is enabled on the
        system. Currently, the recognized values are
        <varname>selinux</varname>, <varname>apparmor</varname>,
        <varname>tomoyo</varname>, <varname>ima</varname>,
        <varname>smack</varname>, <varname>audit</varname> and
        <varname>uefi-secureboot</varname>. The test may be negated by
        prepending an exclamation mark.</para>

        <para><varname>ConditionCapability=</varname> may be used to
        check whether the given capability exists in the capability
        bounding set of the service manager (i.e. this does not check
        whether capability is actually available in the permitted or
        effective sets, see
        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details). Pass a capability name such as
        <literal>CAP_MKNOD</literal>, possibly prefixed with an
        exclamation mark to negate the check.</para>

        <para><varname>ConditionACPower=</varname> may be used to
        check whether the system has AC power, or is exclusively
        battery powered at the time of activation of the unit. This
        takes a boolean argument. If set to <varname>true</varname>,
        the condition will hold only if at least one AC connector of
        the system is connected to a power source, or if no AC
        connectors are known. Conversely, if set to
        <varname>false</varname>, the condition will hold only if
        there is at least one AC connector known and all AC connectors
        are disconnected from a power source.</para>

        <para><varname>ConditionNeedsUpdate=</varname> takes one of
        <filename>/var</filename> or <filename>/etc</filename> as
        argument, possibly prefixed with a <literal>!</literal> (for
        inverting the condition). This condition may be used to
        conditionalize units on whether the specified directory
        requires an update because <filename>/usr</filename>'s
        modification time is newer than the stamp file
        <filename>.updated</filename> in the specified directory. This
        is useful to implement offline updates of the vendor operating
        system resources in <filename>/usr</filename> that require
        updating of <filename>/etc</filename> or
        <filename>/var</filename> on the next following boot. Units
        making use of this condition should order themselves before
        <citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
        to make sure they run before the stamp file's modification
        time gets reset indicating a completed update.</para>

        <para><varname>ConditionFirstBoot=</varname> takes a boolean argument. This condition may be used to
        conditionalize units on whether the system is booting up with an unpopulated <filename>/etc</filename>
        directory (specifically: an <filename>/etc</filename> with no <filename>/etc/machine-id</filename>). This may
        be used to populate <filename>/etc</filename> on the first boot after factory reset, or when a new system
        instance boots up for the first time.</para>

        <para>With <varname>ConditionPathExists=</varname> a file
        existence condition is checked before a unit is started. If
        the specified absolute path name does not exist, the condition
        will fail. If the absolute path name passed to
        <varname>ConditionPathExists=</varname> is prefixed with an
        exclamation mark (<literal>!</literal>), the test is negated,
        and the unit is only started if the path does not
        exist.</para>

        <para><varname>ConditionPathExistsGlob=</varname> is similar
        to <varname>ConditionPathExists=</varname>, but checks for the
        existence of at least one file or directory matching the
        specified globbing pattern.</para>

        <para><varname>ConditionPathIsDirectory=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether a certain path exists and is a directory.</para>

        <para><varname>ConditionPathIsSymbolicLink=</varname> is
        similar to <varname>ConditionPathExists=</varname> but
        verifies whether a certain path exists and is a symbolic
        link.</para>

        <para><varname>ConditionPathIsMountPoint=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether a certain path exists and is a mount point.</para>

        <para><varname>ConditionPathIsReadWrite=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether the underlying file system is readable and writable
        (i.e. not mounted read-only).</para>

        <para><varname>ConditionDirectoryNotEmpty=</varname> is
        similar to <varname>ConditionPathExists=</varname> but
        verifies whether a certain path exists and is a non-empty
        directory.</para>

        <para><varname>ConditionFileNotEmpty=</varname> is similar to
        <varname>ConditionPathExists=</varname> but verifies whether a
        certain path exists and refers to a regular file with a
        non-zero size.</para>

        <para><varname>ConditionFileIsExecutable=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether a certain path exists, is a regular file and marked
        executable.</para>

        <para><varname>ConditionUser=</varname> takes a numeric
        <literal>UID</literal>, a UNIX user name, or the special value
        <literal>@system</literal>. This condition may be used to check
        whether the service manager is running as the given user. The
        special value <literal>@system</literal> can be used to check
        if the user id is within the system user range. This option is not
        useful for system services, as the system manager exclusively
        runs as the root user, and thus the test result is constant.</para>

        <para><varname>ConditionGroup=</varname> is similar
        to <varname>ConditionUser=</varname> but verifies that the
        service manager's real or effective group, or any of its
        auxiliary groups match the specified group or GID. This setting
        does not have a special value <literal>@system</literal>.</para>

        <para><varname>ConditionControlGroupController=</varname> takes a
        cgroup controller name (eg. <option>cpu</option>), verifying that it is
        available for use on the system. For example, a particular controller
        may not be available if it was disabled on the kernel command line with
        <varname>cgroup_disable=controller</varname>. Multiple controllers may
        be passed with a space separating them; in this case the condition will
        only pass if all listed controllers are available for use. Controllers
        unknown to systemd are ignored. Valid controllers are
        <option>cpu</option>, <option>cpuacct</option>, <option>io</option>,
        <option>blkio</option>, <option>memory</option>,
        <option>devices</option>, and <option>pids</option>.</para>

        <para>If multiple conditions are specified, the unit will be
        executed if all of them apply (i.e. a logical AND is applied).
        Condition checks can be prefixed with a pipe symbol (|) in
        which case a condition becomes a triggering condition. If at
        least one triggering condition is defined for a unit, then the
        unit will be executed if at least one of the triggering
        conditions apply and all of the non-triggering conditions. If
        you prefix an argument with the pipe symbol and an exclamation
        mark, the pipe symbol must be passed first, the exclamation
        second. Except for
        <varname>ConditionPathIsSymbolicLink=</varname>, all path
        checks follow symlinks. If any of these options is assigned
        the empty string, the list of conditions is reset completely,
        all previous condition settings (of any kind) will have no
        effect.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>AssertArchitecture=</varname></term>
        <term><varname>AssertVirtualization=</varname></term>
        <term><varname>AssertHost=</varname></term>
        <term><varname>AssertKernelCommandLine=</varname></term>
        <term><varname>AssertKernelVersion=</varname></term>
        <term><varname>AssertSecurity=</varname></term>
        <term><varname>AssertCapability=</varname></term>
        <term><varname>AssertACPower=</varname></term>
        <term><varname>AssertNeedsUpdate=</varname></term>
        <term><varname>AssertFirstBoot=</varname></term>
        <term><varname>AssertPathExists=</varname></term>
        <term><varname>AssertPathExistsGlob=</varname></term>
        <term><varname>AssertPathIsDirectory=</varname></term>
        <term><varname>AssertPathIsSymbolicLink=</varname></term>
        <term><varname>AssertPathIsMountPoint=</varname></term>
        <term><varname>AssertPathIsReadWrite=</varname></term>
        <term><varname>AssertDirectoryNotEmpty=</varname></term>
        <term><varname>AssertFileNotEmpty=</varname></term>
        <term><varname>AssertFileIsExecutable=</varname></term>
        <term><varname>AssertUser=</varname></term>
        <term><varname>AssertGroup=</varname></term>
        <term><varname>AssertControlGroupController=</varname></term>

        <listitem><para>Similar to the <varname>ConditionArchitecture=</varname>,
        <varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add
        assertion checks to the start-up of the unit. However, unlike the conditions settings, any assertion setting
        that is not met results in failure of the start job (which means this is logged loudly). Note that hitting a
        configured assertion does not cause the unit to enter the <literal>failed</literal> state (or in fact result in
        any state change of the unit), it affects only the job queued for it. Use assertion expressions for units that
        cannot operate when specific requirements are not met, and when this is something the administrator or user
        should look into.</para>

        <para>Note that neither assertion nor condition expressions result in unit state changes. Also note that both
        are checked at the time the job is to be executed, i.e. long after depending jobs and it itself were
        queued. Thus, neither condition nor assertion expressions are suitable for conditionalizing unit
        dependencies.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>SourcePath=</varname></term>
        <listitem><para>A path to a configuration file this unit has
        been generated from. This is primarily useful for
        implementation of generator tools that convert configuration
        from an external configuration file format into native unit
        files. This functionality should not be used in normal
        units.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Mapping of unit properties to their inverses</title>

    <para>Unit settings that create a relationship with a second unit usually show up
    in properties of both units, for example in <command>systemctl show</command>
    output. In some cases the name of the property is the same as the name of the
    configuration setting, but not always. This table lists the properties
    that are shown on two units which are connected through some dependency, and shows
    which property on "source" unit corresponds to which property on the "target" unit.
    </para>

    <table>
      <title>
        "Forward" and "reverse" unit properties
      </title>

      <tgroup cols='2'>
        <colspec colname='forward' />
        <colspec colname='reverse' />
        <colspec colname='notes' />
        <thead>
          <row>
            <entry>"Forward" property</entry>
            <entry>"Reverse" property</entry>
            <entry>Where used</entry>
          </row>
        </thead>
        <tbody>
          <row>
            <entry><varname>Before=</varname></entry>
            <entry><varname>After=</varname></entry>
            <entry morerows='1' valign='middle'>Both are unit file options</entry>
          </row>
          <row>
            <entry><varname>After=</varname></entry>
            <entry><varname>Before=</varname></entry>
          </row>
          <row>
            <entry><varname>Requires=</varname></entry>
            <entry><varname>RequiredBy=</varname></entry>
            <entry>A unit file option; an option in the [Install] section</entry>
          </row>
          <row>
            <entry><varname>Wants=</varname></entry>
            <entry><varname>WantedBy=</varname></entry>
            <entry>A unit file option; an option in the [Install] section</entry>
          </row>
          <row>
            <entry><varname>PartOf=</varname></entry>
            <entry><varname>ConsistsOf=</varname></entry>
            <entry>A unit file option; an automatic property</entry>
          </row>
          <row>
            <entry><varname>BindsTo=</varname></entry>
            <entry><varname>BoundBy=</varname></entry>
            <entry>A unit file option; an automatic property</entry>
          </row>
          <row>
            <entry><varname>Requisite=</varname></entry>
            <entry><varname>RequisiteOf=</varname></entry>
            <entry>A unit file option; an automatic property</entry>
          </row>
          <row>
            <entry><varname>Triggers=</varname></entry>
            <entry><varname>TriggeredBy=</varname></entry>
            <entry>Automatic properties, see notes below</entry>
          </row>
          <row>
            <entry><varname>Conflicts=</varname></entry>
            <entry><varname>ConflictedBy=</varname></entry>
            <entry>A unit file option; an automatic property</entry>
          </row>
          <row>
            <entry><varname>PropagatesReloadTo=</varname></entry>
            <entry><varname>ReloadPropagatedFrom=</varname></entry>
            <entry morerows='1' valign='middle'>Both are unit file options</entry>
          </row>
          <row>
            <entry><varname>ReloadPropagatedFrom=</varname></entry>
            <entry><varname>PropagatesReloadTo=</varname></entry>
          </row>
          <row>
            <entry><varname>Following=</varname></entry>
            <entry>n/a</entry>
            <entry>An automatic property</entry>
          </row>
        </tbody>
      </tgroup>
    </table>

    <para>Note: <varname>WantedBy=</varname> and <varname>RequiredBy=</varname> are
    used in the [Install] section to create symlinks in <filename>.wants/</filename>
    and <filename>.requires/</filename> directories. They cannot be used directly as a
    unit configuration setting.</para>

    <para>Note: <varname>ConsistsOf=</varname>, <varname>BoundBy=</varname>,
    <varname>RequisiteOf=</varname>, <varname>ConflictedBy=</varname> are created
    implicitly along with their reverse and cannot be specified directly.</para>

    <para>Note: <varname>Triggers=</varname> is created implicitly between a socket,
    path unit, or an automount unit, and the unit they activate. By default a unit
    with the same name is triggered, but this can be overridden using
    <varname>Sockets=</varname>, <varname>Service=</varname>, and <varname>Unit=</varname>
    settings. See
    <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    and
    <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for details. <varname>TriggersBy=</varname> is created implicitly on the
    triggered unit.</para>

    <para>Note: <varname>Following=</varname> is used to group device aliases and points to the
    "primary" device unit that systemd is using to track device state, usually corresponding to a
    sysfs path. It does not show up in the "target" unit.</para>
  </refsect1>

  <refsect1>
    <title>[Install] Section Options</title>

    <para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for
    the unit. This section is not interpreted by
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
    used by the <command>enable</command> and <command>disable</command> commands of the
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during
    installation of a unit.</para>

    <variablelist class='unit-directives'>
      <varlistentry>
        <term><varname>Alias=</varname></term>

        <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed
        here must have the same suffix (i.e. type) as the unit filename. This option may be specified more than once,
        in which case all listed names are used. At installation time, <command>systemctl enable</command> will create
        symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this
        setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support
        aliasing.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>WantedBy=</varname></term>
        <term><varname>RequiredBy=</varname></term>

        <listitem><para>This option may be used more than once, or a
        space-separated list of unit names may be given. A symbolic
        link is created in the <filename>.wants/</filename> or
        <filename>.requires/</filename> directory of each of the
        listed units when this unit is installed by <command>systemctl
        enable</command>. This has the effect that a dependency of
        type <varname>Wants=</varname> or <varname>Requires=</varname>
        is added from the listed unit to the current unit. The primary
        result is that the current unit will be started when the
        listed unit is started. See the description of
        <varname>Wants=</varname> and <varname>Requires=</varname> in
        the [Unit] section for details.</para>

        <para><command>WantedBy=foo.service</command> in a service
        <filename>bar.service</filename> is mostly equivalent to
        <command>Alias=foo.service.wants/bar.service</command> in the
        same file. In case of template units, <command>systemctl
        enable</command> must be called with an instance name, and
        this instance will be added to the
        <filename>.wants/</filename> or
        <filename>.requires/</filename> list of the listed unit. E.g.
        <command>WantedBy=getty.target</command> in a service
        <filename>getty@.service</filename> will result in
        <command>systemctl enable getty@tty2.service</command>
        creating a
        <filename>getty.target.wants/getty@tty2.service</filename>
        link to <filename>getty@.service</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Also=</varname></term>

        <listitem><para>Additional units to install/deinstall when
        this unit is installed/deinstalled. If the user requests
        installation/deinstallation of a unit with this option
        configured, <command>systemctl enable</command> and
        <command>systemctl disable</command> will automatically
        install/uninstall units listed in this option as well.</para>

        <para>This option may be used more than once, or a
        space-separated list of unit names may be
        given.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultInstance=</varname></term>

        <listitem><para>In template unit files, this specifies for
        which instance the unit shall be enabled if the template is
        enabled without any explicitly set instance. This option has
        no effect in non-template unit files. The specified string
        must be usable as instance identifier.</para></listitem>
      </varlistentry>
    </variablelist>

    <para>The following specifiers are interpreted in the Install
    section: %n, %N, %p, %i, %j, %g, %G, %U, %u, %m, %H, %b, %v. For their
    meaning see the next section.
    </para>
  </refsect1>

  <refsect1>
    <title>Specifiers</title>

    <para>Many settings resolve specifiers which may be used to write
    generic unit files referring to runtime or unit parameters that
    are replaced when the unit files are loaded. Specifiers must be known
    and resolvable for the setting to be valid. The following
    specifiers are understood:</para>

    <table>
      <title>Specifiers available in unit files</title>
      <tgroup cols='3' align='left' colsep='1' rowsep='1'>
        <colspec colname="spec" />
        <colspec colname="mean" />
        <colspec colname="detail" />
        <thead>
          <row>
            <entry>Specifier</entry>
            <entry>Meaning</entry>
            <entry>Details</entry>
          </row>
        </thead>
        <tbody>
          <row>
            <entry><literal>%b</literal></entry>
            <entry>Boot ID</entry>
            <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry>
          </row>
          <row>
            <entry><literal>%C</literal></entry>
            <entry>Cache directory root</entry>
            <entry>This is either <filename>/var/cache</filename> (for the system manager) or the path <literal>$XDG_CACHE_HOME</literal> resolves to (for user managers).</entry>
          </row>
          <row>
            <entry><literal>%E</literal></entry>
            <entry>Configuration directory root</entry>
            <entry>This is either <filename>/etc</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry>
          </row>
          <row>
            <entry><literal>%f</literal></entry>
            <entry>Unescaped filename</entry>
            <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>. This implements unescaping according to the rules for escaping absolute file system paths discussed above.</entry>
          </row>
          <row>
            <entry><literal>%h</literal></entry>
            <entry>User home directory</entry>
            <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry>
          </row>
          <row>
            <entry><literal>%H</literal></entry>
            <entry>Host name</entry>
            <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry>
          </row>
          <row>
            <entry><literal>%i</literal></entry>
            <entry>Instance name</entry>
            <entry>For instantiated units this is the string between the first <literal>@</literal> character and the type suffix. Empty for non-instantiated units.</entry>
          </row>
          <row>
            <entry><literal>%I</literal></entry>
            <entry>Unescaped instance name</entry>
            <entry>Same as <literal>%i</literal>, but with escaping undone.</entry>
          </row>
          <row>
            <entry><literal>%j</literal></entry>
            <entry>Final component of the prefix</entry>
            <entry>This is the string between the last <literal>-</literal> and the end of the prefix name. If there is no <literal>-</literal>, this is the same as <literal>%p</literal>.</entry>
          </row>
          <row>
            <entry><literal>%J</literal></entry>
            <entry>Unescaped final component of the prefix</entry>
            <entry>Same as <literal>%j</literal>, but with escaping undone.</entry>
          </row>
          <row>
            <entry><literal>%L</literal></entry>
            <entry>Log directory root</entry>
            <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename noindex='true'>/log</filename> appended (for user managers).</entry>
          </row>
          <row>
            <entry><literal>%m</literal></entry>
            <entry>Machine ID</entry>
            <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry>
          </row>
          <row>
            <entry><literal>%n</literal></entry>
            <entry>Full unit name</entry>
            <entry></entry>
          </row>
          <row>
            <entry><literal>%N</literal></entry>
            <entry>Full unit name</entry>
            <entry>Same as <literal>%n</literal>, but with the type suffix removed.</entry>
          </row>
          <row>
            <entry><literal>%p</literal></entry>
            <entry>Prefix name</entry>
            <entry>For instantiated units, this refers to the string before the first <literal>@</literal> character of the unit name. For non-instantiated units, same as <literal>%N</literal>.</entry>
          </row>
          <row>
            <entry><literal>%P</literal></entry>
            <entry>Unescaped prefix name</entry>
            <entry>Same as <literal>%p</literal>, but with escaping undone.</entry>
          </row>
          <row>
            <entry><literal>%s</literal></entry>
            <entry>User shell</entry>
            <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry>
          </row>
          <row>
            <entry><literal>%S</literal></entry>
            <entry>State directory root</entry>
            <entry>This is either <filename>/var/lib</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry>
          </row>
          <row>
            <entry><literal>%t</literal></entry>
            <entry>Runtime directory root</entry>
            <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry>
          </row>
          <row>
            <entry><literal>%T</literal></entry>
            <entry>Directory for temporary files</entry>
            <entry>This is either <filename>/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry>
          </row>
          <row>
            <entry><literal>%g</literal></entry>
            <entry>User group</entry>
            <entry>This is the name of the group running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry>
          </row>
          <row>
            <entry><literal>%G</literal></entry>
            <entry>User GID</entry>
            <entry>This is the numeric GID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry>
          </row>
          <row>
            <entry><literal>%u</literal></entry>
            <entry>User name</entry>
            <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry>
          </row>
          <row>
            <entry><literal>%U</literal></entry>
            <entry>User UID</entry>
            <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry>
          </row>
          <row>
            <entry><literal>%v</literal></entry>
            <entry>Kernel release</entry>
            <entry>Identical to <command>uname -r</command> output</entry>
          </row>
          <row>
            <entry><literal>%V</literal></entry>
            <entry>Directory for larger and persistent temporary files</entry>
            <entry>This is either <filename>/var/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry>
          </row>
          <row>
            <entry><literal>%%</literal></entry>
            <entry>Single percent sign</entry>
            <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry>
          </row>
        </tbody>
      </tgroup>
    </table>
  </refsect1>

  <refsect1>
    <title>Examples</title>

    <example>
      <title>Allowing units to be enabled</title>

      <para>The following snippet (highlighted) allows a unit (e.g.
      <filename>foo.service</filename>) to be enabled via
      <command>systemctl enable</command>:</para>

      <programlisting>[Unit]
Description=Foo

[Service]
ExecStart=/usr/sbin/foo-daemon

<emphasis>[Install]</emphasis>
<emphasis>WantedBy=multi-user.target</emphasis></programlisting>

      <para>After running <command>systemctl enable</command>, a
      symlink
      <filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename>
      linking to the actual unit will be created. It tells systemd to
      pull in the unit when starting
      <filename>multi-user.target</filename>. The inverse
      <command>systemctl disable</command> will remove that symlink
      again.</para>
    </example>

    <example>
      <title>Overriding vendor settings</title>

      <para>There are two methods of overriding vendor settings in
      unit files: copying the unit file from
      <filename>/usr/lib/systemd/system</filename> to
      <filename>/etc/systemd/system</filename> and modifying the
      chosen settings. Alternatively, one can create a directory named
      <filename><replaceable>unit</replaceable>.d/</filename> within
      <filename>/etc/systemd/system</filename> and place a drop-in
      file <filename><replaceable>name</replaceable>.conf</filename>
      there that only changes the specific settings one is interested
      in. Note that multiple such drop-in files are read if
      present, processed in lexicographic order of their filename.</para>

      <para>The advantage of the first method is that one easily
      overrides the complete unit, the vendor unit is not parsed at
      all anymore. It has the disadvantage that improvements to the
      unit file by the vendor are not automatically incorporated on
      updates.</para>

      <para>The advantage of the second method is that one only
      overrides the settings one specifically wants, where updates to
      the unit by the vendor automatically apply. This has the
      disadvantage that some future updates by the vendor might be
      incompatible with the local changes.</para>

      <para>This also applies for user instances of systemd, but with
      different locations for the unit files. See the section on unit
      load paths for further details.</para>

      <para>Suppose there is a vendor-supplied unit
      <filename>/usr/lib/systemd/system/httpd.service</filename> with
      the following contents:</para>

      <programlisting>[Unit]
Description=Some HTTP server
After=remote-fs.target sqldb.service
Requires=sqldb.service
AssertPathExists=/srv/webserver

[Service]
Type=notify
ExecStart=/usr/sbin/some-fancy-httpd-server
Nice=5

[Install]
WantedBy=multi-user.target</programlisting>

      <para>Now one wants to change some settings as an administrator:
      firstly, in the local setup, <filename>/srv/webserver</filename>
      might not exist, because the HTTP server is configured to use
      <filename>/srv/www</filename> instead. Secondly, the local
      configuration makes the HTTP server also depend on a memory
      cache service, <filename>memcached.service</filename>, that
      should be pulled in (<varname>Requires=</varname>) and also be
      ordered appropriately (<varname>After=</varname>). Thirdly, in
      order to harden the service a bit more, the administrator would
      like to set the <varname>PrivateTmp=</varname> setting (see
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for details). And lastly, the administrator would like to reset
      the niceness of the service to its default value of 0.</para>

      <para>The first possibility is to copy the unit file to
      <filename>/etc/systemd/system/httpd.service</filename> and
      change the chosen settings:</para>

      <programlisting>[Unit]
Description=Some HTTP server
After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis>
Requires=sqldb.service <emphasis>memcached.service</emphasis>
AssertPathExists=<emphasis>/srv/www</emphasis>

[Service]
Type=notify
ExecStart=/usr/sbin/some-fancy-httpd-server
<emphasis>Nice=0</emphasis>
<emphasis>PrivateTmp=yes</emphasis>

[Install]
WantedBy=multi-user.target</programlisting>

      <para>Alternatively, the administrator could create a drop-in
      file
      <filename>/etc/systemd/system/httpd.service.d/local.conf</filename>
      with the following contents:</para>

      <programlisting>[Unit]
After=memcached.service
Requires=memcached.service
# Reset all assertions and then re-add the condition we want
AssertPathExists=
AssertPathExists=/srv/www

[Service]
Nice=0
PrivateTmp=yes</programlisting>

      <para>Note that for drop-in files, if one wants to remove
      entries from a setting that is parsed as a list (and is not a
      dependency), such as <varname>AssertPathExists=</varname> (or
      e.g. <varname>ExecStart=</varname> in service units), one needs
      to first clear the list before re-adding all entries except the
      one that is to be removed. Dependencies (<varname>After=</varname>, etc.)
      cannot be reset to an empty list, so dependencies can only be
      added in drop-ins. If you want to remove dependencies, you have
      to override the entire unit.</para>

    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>