]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd.exec.xml
man: grammar and wording improvements
[thirdparty/systemd.git] / man / systemd.exec.xml
1 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
5 <!--
6 This file is part of systemd.
7
8 Copyright 2010 Lennart Poettering
9
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 -->
23
24 <refentry id="systemd.exec">
25 <refentryinfo>
26 <title>systemd.exec</title>
27 <productname>systemd</productname>
28
29 <authorgroup>
30 <author>
31 <contrib>Developer</contrib>
32 <firstname>Lennart</firstname>
33 <surname>Poettering</surname>
34 <email>lennart@poettering.net</email>
35 </author>
36 </authorgroup>
37 </refentryinfo>
38
39 <refmeta>
40 <refentrytitle>systemd.exec</refentrytitle>
41 <manvolnum>5</manvolnum>
42 </refmeta>
43
44 <refnamediv>
45 <refname>systemd.exec</refname>
46 <refpurpose>Execution environment configuration</refpurpose>
47 </refnamediv>
48
49 <refsynopsisdiv>
50 <para><filename><replaceable>service</replaceable>.service</filename>,
51 <filename><replaceable>socket</replaceable>.socket</filename>,
52 <filename><replaceable>mount</replaceable>.mount</filename>,
53 <filename><replaceable>swap</replaceable>.swap</filename></para>
54 </refsynopsisdiv>
55
56 <refsect1>
57 <title>Description</title>
58
59 <para>Unit configuration files for services, sockets,
60 mount points, and swap devices share a subset of
61 configuration options which define the execution
62 environment of spawned processes.</para>
63
64 <para>This man page lists the configuration options
65 shared by these four unit types. See
66 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
67 for the common options of all unit configuration
68 files, and
69 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
70 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
72 and
73 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
74 for more information on the specific unit
75 configuration files. The execution specific
76 configuration options are configured in the [Service],
77 [Socket], [Mount], or [Swap] sections, depending on the unit
78 type.</para>
79 </refsect1>
80
81 <refsect1>
82 <title>Options</title>
83
84 <variablelist class='unit-directives'>
85
86 <varlistentry>
87 <term><varname>WorkingDirectory=</varname></term>
88
89 <listitem><para>Takes an absolute
90 directory path. Sets the working
91 directory for executed processes. If
92 not set, defaults to the root directory
93 when systemd is running as a system
94 instance and the respective user's
95 home directory if run as
96 user.</para></listitem>
97 </varlistentry>
98
99 <varlistentry>
100 <term><varname>RootDirectory=</varname></term>
101
102 <listitem><para>Takes an absolute
103 directory path. Sets the root
104 directory for executed processes, with
105 the
106 <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
107 system call. If this is used, it must
108 be ensured that the process and all
109 its auxiliary files are available in
110 the <function>chroot()</function>
111 jail.</para></listitem>
112 </varlistentry>
113
114 <varlistentry>
115 <term><varname>User=</varname></term>
116 <term><varname>Group=</varname></term>
117
118 <listitem><para>Sets the Unix user
119 or group that the processes are executed
120 as, respectively. Takes a single user or group
121 name or ID as argument. If no group is
122 set, the default group of the user is
123 chosen.</para></listitem>
124 </varlistentry>
125
126 <varlistentry>
127 <term><varname>SupplementaryGroups=</varname></term>
128
129 <listitem><para>Sets the supplementary
130 Unix groups the processes are executed
131 as. This takes a space-separated list
132 of group names or IDs. This option may
133 be specified more than once in which
134 case all listed groups are set as
135 supplementary groups. When the empty
136 string is assigned the list of
137 supplementary groups is reset, and all
138 assignments prior to this one will
139 have no effect. In any way, this
140 option does not override, but extends
141 the list of supplementary groups
142 configured in the system group
143 database for the
144 user.</para></listitem>
145 </varlistentry>
146
147 <varlistentry>
148 <term><varname>Nice=</varname></term>
149
150 <listitem><para>Sets the default nice
151 level (scheduling priority) for
152 executed processes. Takes an integer
153 between -20 (highest priority) and 19
154 (lowest priority). See
155 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
156 for details.</para></listitem>
157 </varlistentry>
158
159 <varlistentry>
160 <term><varname>OOMScoreAdjust=</varname></term>
161
162 <listitem><para>Sets the adjustment
163 level for the Out-Of-Memory killer for
164 executed processes. Takes an integer
165 between -1000 (to disable OOM killing
166 for this process) and 1000 (to make
167 killing of this process under memory
168 pressure very likely). See <ulink
169 url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
170 for details.</para></listitem>
171 </varlistentry>
172
173 <varlistentry>
174 <term><varname>IOSchedulingClass=</varname></term>
175
176 <listitem><para>Sets the IO scheduling
177 class for executed processes. Takes an
178 integer between 0 and 3 or one of the
179 strings <option>none</option>,
180 <option>realtime</option>,
181 <option>best-effort</option> or
182 <option>idle</option>. See
183 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
184 for details.</para></listitem>
185 </varlistentry>
186
187 <varlistentry>
188 <term><varname>IOSchedulingPriority=</varname></term>
189
190 <listitem><para>Sets the IO scheduling
191 priority for executed processes. Takes
192 an integer between 0 (highest
193 priority) and 7 (lowest priority). The
194 available priorities depend on the
195 selected IO scheduling class (see
196 above). See
197 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
198 for details.</para></listitem>
199 </varlistentry>
200
201 <varlistentry>
202 <term><varname>CPUSchedulingPolicy=</varname></term>
203
204 <listitem><para>Sets the CPU
205 scheduling policy for executed
206 processes. Takes one of
207 <option>other</option>,
208 <option>batch</option>,
209 <option>idle</option>,
210 <option>fifo</option> or
211 <option>rr</option>. See
212 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
213 for details.</para></listitem>
214 </varlistentry>
215
216 <varlistentry>
217 <term><varname>CPUSchedulingPriority=</varname></term>
218
219 <listitem><para>Sets the CPU
220 scheduling priority for executed
221 processes. The available priority
222 range depends on the selected CPU
223 scheduling policy (see above). For
224 real-time scheduling policies an
225 integer between 1 (lowest priority)
226 and 99 (highest priority) can be used.
227 See <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
228 for details.
229 </para></listitem>
230 </varlistentry>
231
232 <varlistentry>
233 <term><varname>CPUSchedulingResetOnFork=</varname></term>
234
235 <listitem><para>Takes a boolean
236 argument. If true, elevated CPU
237 scheduling priorities and policies
238 will be reset when the executed
239 processes fork, and can hence not leak
240 into child processes. See
241 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
242 for details. Defaults to false.</para></listitem>
243 </varlistentry>
244
245 <varlistentry>
246 <term><varname>CPUAffinity=</varname></term>
247
248 <listitem><para>Controls the CPU
249 affinity of the executed
250 processes. Takes a space-separated
251 list of CPU indexes. This option may
252 be specified more than once in which
253 case the specificed CPU affinity masks
254 are merged. If the empty string is
255 assigned, the mask is reset, all
256 assignments prior to this will have no
257 effect. See
258 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
259 for details.</para></listitem>
260 </varlistentry>
261
262 <varlistentry>
263 <term><varname>UMask=</varname></term>
264
265 <listitem><para>Controls the file mode
266 creation mask. Takes an access mode in
267 octal notation. See
268 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
269 for details. Defaults to
270 0022.</para></listitem>
271 </varlistentry>
272
273 <varlistentry>
274 <term><varname>Environment=</varname></term>
275
276 <listitem><para>Sets environment
277 variables for executed
278 processes. Takes a space-separated
279 list of variable assignments. This
280 option may be specified more than once
281 in which case all listed variables
282 will be set. If the same variable is
283 set twice, the later setting will
284 override the earlier setting. If the
285 empty string is assigned to this
286 option, the list of environment
287 variables is reset, all prior
288 assignments have no effect.
289 Variable expansion is not performed
290 inside the strings, however, specifier
291 expansion is possible. The $ character has
292 no special meaning.
293 If you need to assign a value containing spaces
294 to a variable, use double quotes (")
295 for the assignment.</para>
296
297 <para>Example:
298 <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
299 gives three variables <literal>VAR1</literal>,
300 <literal>VAR2</literal>, <literal>VAR3</literal>.
301 </para>
302
303 <para>
304 See
305 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
306 for details about environment variables.</para></listitem>
307 </varlistentry>
308 <varlistentry>
309 <term><varname>EnvironmentFile=</varname></term>
310 <listitem><para>Similar to
311 <varname>Environment=</varname> but
312 reads the environment variables from a
313 text file. The text file should
314 contain new-line-separated variable
315 assignments. Empty lines and lines
316 starting with ; or # will be ignored,
317 which may be used for commenting. A line
318 ending with a backslash will be concatenated
319 with the following one, allowing multiline variable
320 definitions. The parser strips leading
321 and trailing whitespace from the values
322 of assignments, unless you use
323 double quotes (").</para>
324
325 <para>The argument passed should be an
326 absolute filename or wildcard
327 expression, optionally prefixed with
328 <literal>-</literal>, which indicates
329 that if the file does not exist, it
330 will not be read and no error or warning
331 message is logged. This option may be
332 specified more than once in which case
333 all specified files are read. If the
334 empty string is assigned to this
335 option, the list of file to read is
336 reset, all prior assignments have no
337 effect.</para>
338
339 <para>The files listed with this
340 directive will be read shortly before
341 the process is executed. Settings from
342 these files override settings made
343 with
344 <varname>Environment=</varname>. If
345 the same variable is set twice from
346 these files, the files will be read in
347 the order they are specified and the
348 later setting will override the
349 earlier setting.</para></listitem>
350 </varlistentry>
351
352 <varlistentry>
353 <term><varname>StandardInput=</varname></term>
354 <listitem><para>Controls where file
355 descriptor 0 (STDIN) of the executed
356 processes is connected to. Takes one
357 of <option>null</option>,
358 <option>tty</option>,
359 <option>tty-force</option>,
360 <option>tty-fail</option> or
361 <option>socket</option>. If
362 <option>null</option> is selected,
363 standard input will be connected to
364 <filename>/dev/null</filename>,
365 i.e. all read attempts by the process
366 will result in immediate EOF. If
367 <option>tty</option> is selected,
368 standard input is connected to a TTY
369 (as configured by
370 <varname>TTYPath=</varname>, see
371 below) and the executed process
372 becomes the controlling process of the
373 terminal. If the terminal is already
374 being controlled by another process, the
375 executed process waits until the current
376 controlling process releases the
377 terminal.
378 <option>tty-force</option>
379 is similar to <option>tty</option>,
380 but the executed process is forcefully
381 and immediately made the controlling
382 process of the terminal, potentially
383 removing previous controlling
384 processes from the
385 terminal. <option>tty-fail</option> is
386 similar to <option>tty</option> but if
387 the terminal already has a controlling
388 process start-up of the executed
389 process fails. The
390 <option>socket</option> option is only
391 valid in socket-activated services,
392 and only when the socket configuration
393 file (see
394 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
395 for details) specifies a single socket
396 only. If this option is set, standard
397 input will be connected to the socket
398 the service was activated from, which
399 is primarily useful for compatibility
400 with daemons designed for use with the
401 traditional
402 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
403 daemon. This setting defaults to
404 <option>null</option>.</para></listitem>
405 </varlistentry>
406 <varlistentry>
407 <term><varname>StandardOutput=</varname></term>
408 <listitem><para>Controls where file
409 descriptor 1 (STDOUT) of the executed
410 processes is connected to. Takes one
411 of <option>inherit</option>,
412 <option>null</option>,
413 <option>tty</option>,
414 <option>syslog</option>,
415 <option>kmsg</option>,
416 <option>journal</option>,
417 <option>syslog+console</option>,
418 <option>kmsg+console</option>,
419 <option>journal+console</option> or
420 <option>socket</option>. If set to
421 <option>inherit</option>, the file
422 descriptor of standard input is
423 duplicated for standard output. If set
424 to <option>null</option>, standard
425 output will be connected to
426 <filename>/dev/null</filename>,
427 i.e. everything written to it will be
428 lost. If set to <option>tty</option>,
429 standard output will be connected to a
430 tty (as configured via
431 <varname>TTYPath=</varname>, see
432 below). If the TTY is used for output
433 only, the executed process will not
434 become the controlling process of the
435 terminal, and will not fail or wait
436 for other processes to release the
437 terminal. <option>syslog</option>
438 connects standard output to the
439 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
440 system syslog
441 service. <option>kmsg</option>
442 connects it with the kernel log buffer
443 which is accessible via
444 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>journal</option>
445 connects it with the journal which is
446 accessible via
447 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
448 (Note that everything that is written
449 to syslog or kmsg is implicitly stored
450 in the journal as well, those options
451 are hence supersets of this
452 one). <option>syslog+console</option>,
453 <option>journal+console</option> and
454 <option>kmsg+console</option> work
455 similarly but copy the output to the
456 system console as
457 well. <option>socket</option> connects
458 standard output to a socket from
459 socket activation, semantics are
460 similar to the respective option of
461 <varname>StandardInput=</varname>.
462 This setting defaults to the value set
463 with
464 <option>DefaultStandardOutput=</option>
465 in
466 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
467 which defaults to
468 <option>journal</option>.</para></listitem>
469 </varlistentry>
470 <varlistentry>
471 <term><varname>StandardError=</varname></term>
472 <listitem><para>Controls where file
473 descriptor 2 (STDERR) of the executed
474 processes is connected to. The
475 available options are identical to
476 those of
477 <varname>StandardOutput=</varname>,
478 with one exception: if set to
479 <option>inherit</option> the file
480 descriptor used for standard output is
481 duplicated for standard error. This
482 setting defaults to the value set with
483 <option>DefaultStandardError=</option>
484 in
485 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
486 which defaults to
487 <option>inherit</option>.</para></listitem>
488 </varlistentry>
489 <varlistentry>
490 <term><varname>TTYPath=</varname></term>
491 <listitem><para>Sets the terminal
492 device node to use if standard input,
493 output or stderr are connected to a
494 TTY (see above). Defaults to
495 <filename>/dev/console</filename>.</para></listitem>
496 </varlistentry>
497 <varlistentry>
498 <term><varname>TTYReset=</varname></term>
499 <listitem><para>Reset the terminal
500 device specified with
501 <varname>TTYPath=</varname> before and
502 after execution. Defaults to
503 <literal>no</literal>.</para></listitem>
504 </varlistentry>
505 <varlistentry>
506 <term><varname>TTYVHangup=</varname></term>
507 <listitem><para>Disconnect all clients
508 which have opened the terminal device
509 specified with
510 <varname>TTYPath=</varname>
511 before and after execution. Defaults
512 to
513 <literal>no</literal>.</para></listitem>
514 </varlistentry>
515 <varlistentry>
516 <term><varname>TTYVTDisallocate=</varname></term>
517 <listitem><para>If the terminal
518 device specified with
519 <varname>TTYPath=</varname> is a
520 virtual console terminal, try to
521 deallocate the TTY before and after
522 execution. This ensures that the
523 screen and scrollback buffer is
524 cleared. Defaults to
525 <literal>no</literal>.</para></listitem>
526 </varlistentry>
527 <varlistentry>
528 <term><varname>SyslogIdentifier=</varname></term>
529 <listitem><para>Sets the process name
530 to prefix log lines sent to syslog or
531 the kernel log buffer with. If not set,
532 defaults to the process name of the
533 executed process. This option is only
534 useful when
535 <varname>StandardOutput=</varname> or
536 <varname>StandardError=</varname> are
537 set to <option>syslog</option> or
538 <option>kmsg</option>.</para></listitem>
539 </varlistentry>
540 <varlistentry>
541 <term><varname>SyslogFacility=</varname></term>
542 <listitem><para>Sets the syslog
543 facility to use when logging to
544 syslog. One of <option>kern</option>,
545 <option>user</option>,
546 <option>mail</option>,
547 <option>daemon</option>,
548 <option>auth</option>,
549 <option>syslog</option>,
550 <option>lpr</option>,
551 <option>news</option>,
552 <option>uucp</option>,
553 <option>cron</option>,
554 <option>authpriv</option>,
555 <option>ftp</option>,
556 <option>local0</option>,
557 <option>local1</option>,
558 <option>local2</option>,
559 <option>local3</option>,
560 <option>local4</option>,
561 <option>local5</option>,
562 <option>local6</option> or
563 <option>local7</option>. See
564 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
565 for details. This option is only
566 useful when
567 <varname>StandardOutput=</varname> or
568 <varname>StandardError=</varname> are
569 set to <option>syslog</option>.
570 Defaults to
571 <option>daemon</option>.</para></listitem>
572 </varlistentry>
573 <varlistentry>
574 <term><varname>SyslogLevel=</varname></term>
575 <listitem><para>Default syslog level
576 to use when logging to syslog or the
577 kernel log buffer. One of
578 <option>emerg</option>,
579 <option>alert</option>,
580 <option>crit</option>,
581 <option>err</option>,
582 <option>warning</option>,
583 <option>notice</option>,
584 <option>info</option>,
585 <option>debug</option>. See
586 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
587 for details. This option is only
588 useful when
589 <varname>StandardOutput=</varname> or
590 <varname>StandardError=</varname> are
591 set to <option>syslog</option> or
592 <option>kmsg</option>. Note that
593 individual lines output by the daemon
594 might be prefixed with a different log
595 level which can be used to override
596 the default log level specified
597 here. The interpretation of these
598 prefixes may be disabled with
599 <varname>SyslogLevelPrefix=</varname>,
600 see below. For details see
601 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
602
603 Defaults to
604 <option>info</option>.</para></listitem>
605 </varlistentry>
606
607 <varlistentry>
608 <term><varname>SyslogLevelPrefix=</varname></term>
609 <listitem><para>Takes a boolean
610 argument. If true and
611 <varname>StandardOutput=</varname> or
612 <varname>StandardError=</varname> are
613 set to <option>syslog</option>,
614 <option>kmsg</option> or
615 <option>journal</option>, log lines
616 written by the executed process that
617 are prefixed with a log level will be
618 passed on to syslog with this log
619 level set but the prefix removed. If
620 set to false, the interpretation of
621 these prefixes is disabled and the
622 logged lines are passed on as-is. For
623 details about this prefixing see
624 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
625 Defaults to true.</para></listitem>
626 </varlistentry>
627
628 <varlistentry>
629 <term><varname>TimerSlackNSec=</varname></term>
630 <listitem><para>Sets the timer slack
631 in nanoseconds for the executed
632 processes. The timer slack controls
633 the accuracy of wake-ups triggered by
634 timers. See
635 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
636 for more information. Note that in
637 contrast to most other time span
638 definitions this parameter takes an
639 integer value in nano-seconds if no
640 unit is specified. The usual time
641 units are understood
642 too.</para></listitem>
643 </varlistentry>
644
645 <varlistentry>
646 <term><varname>LimitCPU=</varname></term>
647 <term><varname>LimitFSIZE=</varname></term>
648 <term><varname>LimitDATA=</varname></term>
649 <term><varname>LimitSTACK=</varname></term>
650 <term><varname>LimitCORE=</varname></term>
651 <term><varname>LimitRSS=</varname></term>
652 <term><varname>LimitNOFILE=</varname></term>
653 <term><varname>LimitAS=</varname></term>
654 <term><varname>LimitNPROC=</varname></term>
655 <term><varname>LimitMEMLOCK=</varname></term>
656 <term><varname>LimitLOCKS=</varname></term>
657 <term><varname>LimitSIGPENDING=</varname></term>
658 <term><varname>LimitMSGQUEUE=</varname></term>
659 <term><varname>LimitNICE=</varname></term>
660 <term><varname>LimitRTPRIO=</varname></term>
661 <term><varname>LimitRTTIME=</varname></term>
662 <listitem><para>These settings control
663 various resource limits for executed
664 processes. See
665 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
666 for details. Use the string
667 <varname>infinity</varname> to
668 configure no limit on a specific
669 resource.</para></listitem>
670 </varlistentry>
671
672 <varlistentry>
673 <term><varname>PAMName=</varname></term>
674 <listitem><para>Sets the PAM service
675 name to set up a session as. If set,
676 the executed process will be
677 registered as a PAM session under the
678 specified service name. This is only
679 useful in conjunction with the
680 <varname>User=</varname> setting. If
681 not set, no PAM session will be opened
682 for the executed processes. See
683 <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
684 for details.</para></listitem>
685 </varlistentry>
686
687 <varlistentry>
688 <term><varname>TCPWrapName=</varname></term>
689 <listitem><para>If this is a
690 socket-activated service, this sets the
691 tcpwrap service name to check the
692 permission for the current connection
693 with. This is only useful in
694 conjunction with socket-activated
695 services, and stream sockets (TCP) in
696 particular. It has no effect on other
697 socket types (e.g. datagram/UDP) and
698 on processes unrelated to socket-based
699 activation. If the tcpwrap
700 verification fails, daemon start-up
701 will fail and the connection is
702 terminated. See
703 <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
704 for details. Note that this option may
705 be used to do access control checks
706 only. Shell commands and commands
707 described in
708 <citerefentry><refentrytitle>hosts_options</refentrytitle><manvolnum>5</manvolnum></citerefentry>
709 are not supported.</para></listitem>
710 </varlistentry>
711
712 <varlistentry>
713 <term><varname>CapabilityBoundingSet=</varname></term>
714
715 <listitem><para>Controls which
716 capabilities to include in the
717 capability bounding set for the
718 executed process. See
719 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
720 for details. Takes a whitespace-separated
721 list of capability names as read by
722 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
723 e.g. <constant>CAP_SYS_ADMIN</constant>,
724 <constant>CAP_DAC_OVERRIDE</constant>,
725 <constant>CAP_SYS_PTRACE</constant>.
726 Capabilities listed will be included
727 in the bounding set, all others are
728 removed. If the list of capabilities
729 is prefixed with <literal>~</literal>,
730 all but the listed capabilities will
731 be included, the effect of the
732 assignment inverted. Note that this
733 option also affects the respective
734 capabilities in the effective,
735 permitted and inheritable capability
736 sets, on top of what
737 <varname>Capabilities=</varname>
738 does. If this option is not used, the
739 capability bounding set is not
740 modified on process execution, hence
741 no limits on the capabilities of the
742 process are enforced. This option may
743 appear more than once in which case
744 the bounding sets are merged. If the
745 empty string is assigned to this
746 option, the bounding set is reset to
747 the empty capability set, and all
748 prior settings have no effect. If set
749 to <literal>~</literal> (without any
750 further argument), the bounding set is
751 reset to the full set of available
752 capabilities, also undoing any
753 previous settings.</para></listitem>
754 </varlistentry>
755
756 <varlistentry>
757 <term><varname>SecureBits=</varname></term>
758 <listitem><para>Controls the secure
759 bits set for the executed process. See
760 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
761 for details. Takes a list of strings:
762 <option>keep-caps</option>,
763 <option>keep-caps-locked</option>,
764 <option>no-setuid-fixup</option>,
765 <option>no-setuid-fixup-locked</option>,
766 <option>noroot</option> and/or
767 <option>noroot-locked</option>. This
768 option may appear more than once in
769 which case the secure bits are
770 ORed. If the empty string is assigned
771 to this option, the bits are reset to
772 0.</para></listitem>
773 </varlistentry>
774
775 <varlistentry>
776 <term><varname>Capabilities=</varname></term>
777 <listitem><para>Controls the
778 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
779 set for the executed process. Take a
780 capability string describing the
781 effective, permitted and inherited
782 capability sets as documented in
783 <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
784 Note that these capability sets are
785 usually influenced by the capabilities
786 attached to the executed file. Due to
787 that
788 <varname>CapabilityBoundingSet=</varname>
789 is probably the much more useful
790 setting.</para></listitem>
791 </varlistentry>
792
793 <varlistentry>
794 <term><varname>ReadWriteDirectories=</varname></term>
795 <term><varname>ReadOnlyDirectories=</varname></term>
796 <term><varname>InaccessibleDirectories=</varname></term>
797
798 <listitem><para>Sets up a new
799 file system namespace for executed
800 processes. These options may be used
801 to limit access a process might have
802 to the main file system
803 hierarchy. Each setting takes a
804 space-separated list of absolute
805 directory paths. Directories listed in
806 <varname>ReadWriteDirectories=</varname>
807 are accessible from within the
808 namespace with the same access rights
809 as from outside. Directories listed in
810 <varname>ReadOnlyDirectories=</varname>
811 are accessible for reading only,
812 writing will be refused even if the
813 usual file access controls would
814 permit this. Directories listed in
815 <varname>InaccessibleDirectories=</varname>
816 will be made inaccessible for
817 processes inside the namespace. Note
818 that restricting access with these
819 options does not extend to submounts
820 of a directory. You must list
821 submounts separately in these settings
822 to ensure the same limited
823 access. These options may be specified
824 more than once in which case all
825 directories listed will have limited
826 access from within the namespace. If
827 the empty string is assigned to this
828 option, the specific list is reset, and
829 all prior assignments have no
830 effect.</para>
831 <para>Paths in
832 <varname>ReadOnlyDirectories=</varname>
833 and
834 <varname>InaccessibleDirectories=</varname>
835 may be prefixed with
836 <literal>-</literal>, in which case
837 they will be ignored when they do not
838 exist.</para></listitem>
839 </varlistentry>
840
841 <varlistentry>
842 <term><varname>PrivateTmp=</varname></term>
843
844 <listitem><para>Takes a boolean
845 argument. If true, sets up a new file
846 system namespace for the executed
847 processes and mounts private
848 <filename>/tmp</filename> and
849 <filename>/var/tmp</filename>
850 directories inside it that is not
851 shared by processes outside of the
852 namespace. This is useful to secure
853 access to temporary files of the
854 process, but makes sharing between
855 processes via
856 <filename>/tmp</filename> or
857 <filename>/var/tmp</filename>
858 impossible. All temporary data created
859 by service will be removed after
860 the service is stopped. Defaults to
861 false. Note that it is possible to run
862 two or more units within the same
863 private <filename>/tmp</filename> and
864 <filename>/var/tmp</filename>
865 namespace by using the
866 <varname>JoinsNamespaceOf=</varname>
867 directive, see
868 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
869 for details.</para></listitem>
870 </varlistentry>
871
872 <varlistentry>
873 <term><varname>PrivateNetwork=</varname></term>
874
875 <listitem><para>Takes a boolean
876 argument. If true, sets up a new
877 network namespace for the executed
878 processes and configures only the
879 loopback network device
880 <literal>lo</literal> inside it. No
881 other network devices will be
882 available to the executed process.
883 This is useful to securely turn off
884 network access by the executed
885 process. Defaults to false. Note that
886 it is possible to run two or more
887 units within the same private network
888 namespace by using the
889 <varname>JoinsNamespaceOf=</varname>
890 directive, see
891 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
892 for details.</para></listitem>
893 </varlistentry>
894
895 <varlistentry>
896 <term><varname>MountFlags=</varname></term>
897
898 <listitem><para>Takes a mount
899 propagation flag:
900 <option>shared</option>,
901 <option>slave</option> or
902 <option>private</option>, which
903 control whether the file system
904 namespace set up for this unit's
905 processes will receive or propagate
906 new mounts. See
907 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
908 for details. Default to
909 <option>shared</option>.</para></listitem>
910 </varlistentry>
911
912 <varlistentry>
913 <term><varname>UtmpIdentifier=</varname></term>
914
915 <listitem><para>Takes a four
916 character identifier string for an
917 utmp/wtmp entry for this service. This
918 should only be set for services such
919 as <command>getty</command>
920 implementations where utmp/wtmp
921 entries must be created and cleared
922 before and after execution. If the
923 configured string is longer than four
924 characters, it is truncated and the
925 terminal four characters are
926 used. This setting interprets %I style
927 string replacements. This setting is
928 unset by default, i.e. no utmp/wtmp
929 entries are created or cleaned up for
930 this service.</para></listitem>
931 </varlistentry>
932
933 <varlistentry>
934 <term><varname>IgnoreSIGPIPE=</varname></term>
935
936 <listitem><para>Takes a boolean
937 argument. If true, causes <constant>SIGPIPE</constant> to be
938 ignored in the executed
939 process. Defaults to true because
940 <constant>SIGPIPE</constant> generally is useful only in
941 shell pipelines.</para></listitem>
942 </varlistentry>
943
944 <varlistentry>
945 <term><varname>NoNewPrivileges=</varname></term>
946
947 <listitem><para>Takes a boolean
948 argument. If true, ensures that the
949 service process and all its children
950 can never gain new privileges. This
951 option is more powerful than the respective
952 secure bits flags (see above), as it
953 also prohibits UID changes of any
954 kind. This is the simplest, most
955 effective way to ensure that a process
956 and its children can never elevate
957 privileges again.</para></listitem>
958 </varlistentry>
959
960 <varlistentry>
961 <term><varname>SystemCallFilter=</varname></term>
962
963 <listitem><para>Takes a space-separated
964 list of system call
965 names. If this setting is used, all
966 system calls executed by the unit
967 process except for the listed ones
968 will result in immediate process
969 termination with the
970 <constant>SIGSYS</constant> signal
971 (whitelisting). If the first character
972 of the list is <literal>~</literal>,
973 the effect is inverted: only the
974 listed system calls will result in
975 immediate process termination
976 (blacklisting). If this option is used,
977 <varname>NoNewPrivileges=yes</varname>
978 is implied. This feature makes use of
979 the Secure Computing Mode 2 interfaces
980 of the kernel ('seccomp filtering')
981 and is useful for enforcing a minimal
982 sandboxing environment. Note that the
983 <function>execve</function>,
984 <function>rt_sigreturn</function>,
985 <function>sigreturn</function>,
986 <function>exit_group</function>,
987 <function>exit</function> system calls
988 are implicitly whitelisted and do not
989 need to be listed explicitly. This
990 option may be specified more than once
991 in which case the filter masks are
992 merged. If the empty string is
993 assigned, the filter is reset, all
994 prior assignments will have no
995 effect.</para></listitem>
996 </varlistentry>
997
998 </variablelist>
999 </refsect1>
1000
1001 <refsect1>
1002 <title>Environment variables in spawned processes</title>
1003
1004 <para>Processes started by the system are executed in
1005 a clean environment in which select variables
1006 listed below are set. System processes started by systemd
1007 do not inherit variables from PID 1, but processes
1008 started by user systemd instances inherit all
1009 environment variables from the user systemd instance.
1010 </para>
1011
1012 <variablelist class='environment-variables'>
1013 <varlistentry>
1014 <term><varname>$PATH</varname></term>
1015
1016 <listitem><para>Colon-separated list
1017 of directiories to use when launching
1018 executables. Systemd uses a fixed
1019 value of
1020 <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
1021 </para></listitem>
1022 </varlistentry>
1023
1024 <varlistentry>
1025 <term><varname>$LANG</varname></term>
1026
1027 <listitem><para>Locale. Can be set in
1028 <citerefentry><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1029 or on the kernel command line (see
1030 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1031 and
1032 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1033 </para></listitem>
1034 </varlistentry>
1035
1036 <varlistentry>
1037 <term><varname>$USER</varname></term>
1038 <term><varname>$LOGNAME</varname></term>
1039 <term><varname>$HOME</varname></term>
1040 <term><varname>$SHELL</varname></term>
1041
1042 <listitem><para>User name (twice), home
1043 directory, and the login shell.
1044 The variables are set for the units that
1045 have <varname>User=</varname> set,
1046 which includes user
1047 <command>systemd</command> instances.
1048 See
1049 <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1050 </para></listitem>
1051 </varlistentry>
1052
1053 <varlistentry>
1054 <term><varname>$XDG_RUNTIME_DIR</varname></term>
1055
1056 <listitem><para>The directory for volatile
1057 state. Set for the user <command>systemd</command>
1058 instance, and also in user sessions.
1059 See
1060 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1061 </para></listitem>
1062 </varlistentry>
1063
1064 <varlistentry>
1065 <term><varname>$XDG_SESSION_ID</varname></term>
1066 <term><varname>$XDG_SEAT</varname></term>
1067 <term><varname>$XDG_VTNR</varname></term>
1068
1069 <listitem><para>The identifier of the
1070 session, the seat name, and
1071 virtual terminal of the session. Set
1072 by
1073 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1074 for login sessions.
1075 <varname>$XDG_SEAT</varname> and
1076 <varname>$XDG_VTNR</varname> will
1077 only be set when attached to a seat and a
1078 tty.</para></listitem>
1079 </varlistentry>
1080
1081 <varlistentry>
1082 <term><varname>$MANAGERPID</varname></term>
1083
1084 <listitem><para>The PID of the user
1085 <command>systemd</command> instance,
1086 set for processes spawned by it.
1087 </para></listitem>
1088 </varlistentry>
1089
1090 <varlistentry>
1091 <term><varname>$LISTEN_FDS</varname></term>
1092 <term><varname>$LISTEN_PID</varname></term>
1093
1094 <listitem><para>Information about file
1095 descriptors passed to a service for
1096 socket activation. See
1097 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1098 </para></listitem>
1099 </varlistentry>
1100
1101 <varlistentry>
1102 <term><varname>$TERM</varname></term>
1103
1104 <listitem><para>Terminal type, set
1105 only for units connected to a terminal
1106 (<varname>StandardInput=tty</varname>,
1107 <varname>StandardOutput=tty</varname>,
1108 or
1109 <varname>StandardError=tty</varname>).
1110 See
1111 <citerefentry><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1112 </para></listitem>
1113 </varlistentry>
1114 </variablelist>
1115
1116 <para>Additional variables may be configured by the
1117 following means: for processes spawned in specific
1118 units, use the <varname>Environment=</varname> and
1119 <varname>EnvironmentFile=</varname> options above; to
1120 specify variables globally, use
1121 <varname>DefaultEnvironment=</varname> (see
1122 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1123 or the kernel option
1124 <varname>systemd.setenv=</varname> (see
1125 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Additional
1126 variables may also be set through PAM,
1127 c.f. <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
1128 </refsect1>
1129
1130 <refsect1>
1131 <title>See Also</title>
1132 <para>
1133 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1134 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1135 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1136 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1137 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1138 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1139 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1140 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1141 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1142 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1143 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
1144 <citerefentry><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1145 </para>
1146 </refsect1>
1147
1148 </refentry>