man: fix link markup

[thirdparty/systemd.git] / man / systemd-firstboot.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->

<refentry id="systemd-firstboot" conditional='ENABLE_FIRSTBOOT'
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-firstboot</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-firstboot</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-firstboot</refname>
    <refname>systemd-firstboot.service</refname>
    <refpurpose>Initialize basic system settings on or before the first boot-up of a system</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-firstboot</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
    </cmdsynopsis>

    <para><filename>systemd-firstboot.service</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-firstboot</command> initializes the most
    basic system settings interactively on the first boot, or
    optionally non-interactively when a system image is created.
    The service is started if <varname>ConditionFirstBoot=yes</varname>
    is satisfied. This essentially means that <filename>/etc</filename>
    is empty, see
    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for details.</para>

    <para>The following settings may be set up:</para>

    <itemizedlist>
      <listitem><para>The system locale, more specifically the two
      locale variables <varname>LANG=</varname> and
      <varname>LC_MESSAGES</varname></para></listitem>

      <listitem><para>The system keyboard map</para></listitem>

      <listitem><para>The system time zone</para></listitem>

      <listitem><para>The system hostname</para></listitem>

      <listitem><para>The machine ID of the system</para></listitem>

      <listitem><para>The root user's password</para></listitem>
    </itemizedlist>

    <para>Each of the fields may either be queried interactively by
    users, set non-interactively on the tool's command line, or be
    copied from a host system that is used to set up the system
    image.</para>

    <para>If a setting is already initialized, it will not be
    overwritten and the user will not be prompted for the
    setting.</para>

    <para>Note that this tool operates directly on the file system and
    does not involve any running system services, unlike
    <citerefentry project='man-pages'><refentrytitle>localectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    or
    <citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    This allows <command>systemd-firstboot</command> to operate on
    mounted but not booted disk images and in early boot. It is not
    recommended to use <command>systemd-firstboot</command> on the
    running system while it is up.</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <para>The following options are understood:</para>

    <variablelist>
      <varlistentry>
        <term><option>--root=<replaceable>root</replaceable></option></term>
        <listitem><para>Takes a directory path as an argument. All
        paths will be prefixed with the given alternate
        <replaceable>root</replaceable> path, including config search
        paths. This is useful to operate on a system image mounted to
        the specified directory instead of the host system itself.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--image=<replaceable>path</replaceable></option></term>
        <listitem><para>Takes a path to a disk image file or block device node. If specified all operations
        are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
        but operates on file systems stored in disk images or block devices. The disk image should either
        contain just a file system or a set of file systems within a GPT partition table, following the
        <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions
        Specification</ulink>. For further information on supported disk images, see
        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        switch of the same name.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--locale=<replaceable>LOCALE</replaceable></option></term>
        <term><option>--locale-messages=<replaceable>LOCALE</replaceable></option></term>

        <listitem><para>Sets the system locale, more specifically the
        <varname>LANG=</varname> and <varname>LC_MESSAGES</varname>
        settings. The argument should be a valid locale identifier,
        such as <literal>de_DE.UTF-8</literal>. This controls the
        <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        configuration file.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--keymap=<replaceable>KEYMAP</replaceable></option></term>

        <listitem><para>Sets the system keyboard layout. The argument should be a valid keyboard map,
        such as <literal>de-latin1</literal>. This controls the <literal>KEYMAP</literal> entry in the
        <citerefentry project='man-pages'><refentrytitle>vconsole.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        configuration file.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--timezone=<replaceable>TIMEZONE</replaceable></option></term>

        <listitem><para>Sets the system time zone. The argument should
        be a valid time zone identifier, such as
        <literal>Europe/Berlin</literal>. This controls the
        <citerefentry><refentrytitle>localtime</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        symlink.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--hostname=<replaceable>HOSTNAME</replaceable></option></term>

        <listitem><para>Sets the system hostname. The argument should
        be a hostname, compatible with DNS. This controls the
        <citerefentry><refentrytitle>hostname</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        configuration file.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--machine-id=<replaceable>ID</replaceable></option></term>

        <listitem><para>Sets the system's machine ID. This controls
        the
        <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        file.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--root-password=<replaceable>PASSWORD</replaceable></option></term>
        <term><option>--root-password-file=<replaceable>PATH</replaceable></option></term>
        <term><option>--root-password-hashed=<replaceable>HASHED_PASSWORD</replaceable></option></term>

        <listitem><para>Sets the password of the system's root user. This creates/modifies the
        <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
        <citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        files. This setting exists in three forms: <option>--root-password=</option> accepts the password to
        set directly on the command line, <option>--root-password-file=</option> reads it from a file and
        <option>--root-password-hashed=</option> accepts an already hashed password on the command line. See
        <citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for more information on the format of the hashed password. Note that it is not recommended to specify
        plaintext passwords on the command line, as other users might be able to see them simply by invoking
        <citerefentry project='die-net'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--root-shell=<replaceable>SHELL</replaceable></option></term>

        <listitem><para>Sets the shell of the system's root user. This creates/modifies the
        <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        file.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--kernel-command-line=<replaceable>CMDLINE</replaceable></option></term>

        <listitem><para>Sets the system's kernel command line. This controls the
        <filename>/etc/kernel/cmdline</filename> file which is used by
        <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--prompt-locale</option></term>
        <term><option>--prompt-keymap</option></term>
        <term><option>--prompt-timezone</option></term>
        <term><option>--prompt-hostname</option></term>
        <term><option>--prompt-root-password</option></term>
        <term><option>--prompt-root-shell</option></term>

        <listitem><para>Prompt the user interactively for a specific
        basic setting. Note that any explicit configuration settings
        specified on the command line take precedence, and the user is
        not prompted for it.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--prompt</option></term>

        <listitem><para>Query the user for locale, keymap, timezone, hostname
        and root password. This is equivalent to specifying
        <option>--prompt-locale</option>,
        <option>--prompt-keymap</option>,
        <option>--prompt-timezone</option>,
        <option>--prompt-hostname</option>,
        <option>--prompt-root-password</option>,
        <option>--prompt-root-shell</option> in combination.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--copy-locale</option></term>
        <term><option>--copy-keymap</option></term>
        <term><option>--copy-timezone</option></term>
        <term><option>--copy-root-password</option></term>
        <term><option>--copy-root-shell</option></term>

        <listitem><para>Copy a specific basic setting from the host.
        This only works in combination with <option>--root=</option>
        (see above).</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--copy</option></term>

        <listitem><para>Copy locale, keymap, time zone and root password from
        the host. This is equivalent to specifying
        <option>--copy-locale</option>,
        <option>--copy-keymap</option>,
        <option>--copy-timezone</option>,
        <option>--copy-root-password</option>,
        <option>--copy-root-shell</option> in combination.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--setup-machine-id</option></term>

        <listitem><para>Initialize the system's machine ID to a random
        ID. This only works in combination with
        <option>--root=</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--force</option></term>

        <listitem><para>systemd-firstboot doesn't modify existing files unless <option>--force</option>
        is specified. For modifications to <filename>/etc/passwd</filename> and
        <filename>/etc/shadow</filename>, systemd-firstboot only modifies the entry of the
        <literal>root</literal> user instead of overwriting the entire file.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--delete-root-password</option></term>

        <listitem><para>Removes the password of the system's root user, enabling login as root without a
        password unless the root account is locked. Note that this is extremely insecure and hence this
        option should not be used lightly.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--welcome=</option></term>

        <listitem><para>Takes a boolean argument. By default when prompting the user for configuration
        options a brief welcome text is shown before the first question is asked. Pass false to this option
        to turn off the welcome text.</para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>

  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned, a non-zero failure code
    otherwise.</para>
  </refsect1>

  <refsect1>
    <title>Kernel Command Line</title>

    <variablelist class='kernel-commandline-options'>
      <varlistentry>
        <term><varname>systemd.firstboot=</varname></term>

        <listitem><para>Takes a boolean argument, defaults to on. If off, <filename>systemd-firstboot.service</filename>
        won't interactively query the user for basic settings at first boot, even if those settings are not
        initialized yet.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>vconsole.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>localtime</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>hostname</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-machine-id-setup</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>localectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>