Merge pull request #4243 from endocode/djalal/sandbox-first-protection-kernelmodules-v1

[thirdparty/systemd.git] / man / systemd.unit.xml

<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>

<!--
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="systemd.unit">

  <refentryinfo>
    <title>systemd.unit</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Lennart</firstname>
        <surname>Poettering</surname>
        <email>lennart@poettering.net</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd.unit</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd.unit</refname>
    <refpurpose>Unit configuration</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename><replaceable>service</replaceable>.service</filename>,
    <filename><replaceable>socket</replaceable>.socket</filename>,
    <filename><replaceable>device</replaceable>.device</filename>,
    <filename><replaceable>mount</replaceable>.mount</filename>,
    <filename><replaceable>automount</replaceable>.automount</filename>,
    <filename><replaceable>swap</replaceable>.swap</filename>,
    <filename><replaceable>target</replaceable>.target</filename>,
    <filename><replaceable>path</replaceable>.path</filename>,
    <filename><replaceable>timer</replaceable>.timer</filename>,
    <filename><replaceable>slice</replaceable>.slice</filename>,
    <filename><replaceable>scope</replaceable>.scope</filename></para>

    <para><literallayout><filename>/etc/systemd/system/*</filename>
<filename>/run/systemd/system/*</filename>
<filename>/usr/lib/systemd/system/*</filename>
<filename>…</filename>
    </literallayout></para>

    <para><literallayout><filename>~/.config/systemd/user/*</filename>
<filename>/etc/systemd/user/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/user/*</filename>
<filename>/run/systemd/user/*</filename>
<filename>~/.local/share/systemd/user/*</filename>
<filename>/usr/lib/systemd/user/*</filename>
<filename>…</filename>
    </literallayout></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>A unit configuration file encodes information about a
    service, a socket, a device, a mount point, an automount point, a
    swap file or partition, a start-up target, a watched file system
    path, a timer controlled and supervised by
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
    a resource management slice or
    a group of externally created processes. The syntax is inspired by
    <ulink
    url="http://standards.freedesktop.org/desktop-entry-spec/latest/">XDG
    Desktop Entry Specification</ulink> <filename>.desktop</filename>
    files, which are in turn inspired by Microsoft Windows
    <filename>.ini</filename> files.</para>

    <para>This man page lists the common configuration options of all
    the unit types. These options need to be configured in the [Unit]
    or [Install] sections of the unit files.</para>

    <para>In addition to the generic [Unit] and [Install] sections
    described here, each unit may have a type-specific section, e.g.
    [Service] for a service unit. See the respective man pages for
    more information:
    <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
    </para>

    <para>Various settings are allowed to be specified more than once,
    in which case the interpretation depends on the setting. Often,
    multiple settings form a list, and setting to an empty value
    "resets", which means that previous assignments are ignored. When
    this is allowed, it is mentioned in the description of the
    setting. Note that using multiple assignments to the same value
    makes the unit file incompatible with parsers for the XDG
    <filename>.desktop</filename> file format.</para>

    <para>Unit files are loaded from a set of paths determined during
    compilation, described in the next section.</para>

    <para>Unit files may contain additional options on top of those
    listed here. If systemd encounters an unknown option, it will
    write a warning log message but continue loading the unit. If an
    option or section name is prefixed with <option>X-</option>, it is
    ignored completely by systemd. Options within an ignored section
    do not need the prefix. Applications may use this to include
    additional information in the unit files.</para>

    <para>Boolean arguments used in unit files can be written in
    various formats. For positive settings the strings
    <option>1</option>, <option>yes</option>, <option>true</option>
    and <option>on</option> are equivalent. For negative settings, the
    strings <option>0</option>, <option>no</option>,
    <option>false</option> and <option>off</option> are
    equivalent.</para>

    <para>Time span values encoded in unit files can be written in various formats. A stand-alone
    number specifies a time in seconds.  If suffixed with a time unit, the unit is honored. A
    concatenation of multiple values with units is supported, in which case the values are added
    up. Example: <literal>50</literal> refers to 50 seconds; <literal>2min 200ms</literal> refers to
    2 minutes and 200 milliseconds, i.e. 120200 ms.  The following time units are understood:
    <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, <literal>d</literal>,
    <literal>w</literal>, <literal>ms</literal>, <literal>us</literal>.  For details see
    <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>

    <para>Empty lines and lines starting with <literal>#</literal> or <literal>;</literal> are
    ignored. This may be used for commenting. Lines ending in a backslash are concatenated with the
    following line while reading and the backslash is replaced by a space character. This may be
    used to wrap long lines.</para>

    <para>Units can be aliased (have an alternative name), by creating a symlink from the new name
    to the existing name in one of the unit search paths. For example,
    <filename>systemd-networkd.service</filename> has the alias
    <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the
    symlink <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In
    addition, unit files may specify aliases through the <varname>Alias=</varname> directive in the
    [Install] section; those aliases are only effective when the unit is enabled. When the unit is
    enabled, symlinks will be created for those names, and removed when the unit is disabled. For
    example, <filename>reboot.target</filename> specifies
    <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever
    CTRL+ALT+DEL is pressed. Alias names may be used in commands like <command>enable</command>,
    <command>disable</command>, <command>start</command>, <command>stop</command>,
    <command>status</command>, …, and in unit dependency directives <varname>Wants=</varname>,
    <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …, with the
    limitation that aliases specified through <varname>Alias=</varname> are only effective when the
    unit is enabled. Aliases cannot be used with the <command>preset</command> command.</para>

    <para>Along with a unit file <filename>foo.service</filename>, the directory
    <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a
    directory are implicitly added as dependencies of type <varname>Wants=</varname> to the unit.
    This is useful to hook units into the start-up of other units, without having to modify their
    unit files. For details about the semantics of <varname>Wants=</varname>, see below. The
    preferred way to create symlinks in the <filename>.wants/</filename> directory of a unit file is
    with the <command>enable</command> command of the
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    tool which reads information from the [Install] section of unit files (see below). A similar
    functionality exists for <varname>Requires=</varname> type dependencies as well, the directory
    suffix is <filename>.requires/</filename> in this case.</para>

    <para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory
    <filename>foo.service.d/</filename> may exist. All files with the suffix
    <literal>.conf</literal> from this directory will be parsed after the file itself is
    parsed. This is useful to alter or add configuration settings for a unit, without having to
    modify unit files. Each drop-in file must have appropriate section headers. Note that for
    instantiated units, this logic will first look for the instance <literal>.d/</literal>
    subdirectory and read its <literal>.conf</literal> files, followed by the template
    <literal>.d/</literal> subdirectory and the <literal>.conf</literal> files there. Also note that
    settings from the <literal>[Install]</literal> section are not honored in drop-in unit files,
    and have no effect.</para>

    <para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d</literal>
    directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or
    <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename>
    take precedence over those in <filename>/run</filename> which in turn take precedence over those
    in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence
    over unit files wherever located.  (Of course, since <filename>/run</filename> is temporary and
    <filename>/usr/lib</filename> is for vendors, it is unlikely drop-ins should be used in either
    of those places.)</para>

    <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
         people to use .d/ drop-ins instead. -->

    <para>Some unit names reflect paths existing in the file system
    namespace. Example: a device unit
    <filename>dev-sda.device</filename> refers to a device with the
    device node <filename noindex='true'>/dev/sda</filename> in the
    file system namespace. If this applies, a special way to escape
    the path name is used, so that the result is usable as part of a
    filename. Basically, given a path, "/" is replaced by "-", and all
    other characters which are not ASCII alphanumerics are replaced by
    C-style "\x2d" escapes (except that "_" is never replaced and "."
    is only replaced when it would be the first character in the
    escaped path). The root directory "/" is encoded as single dash,
    while otherwise the initial and ending "/" are removed from all
    paths during transformation. This escaping is reversible. Properly
    escaped paths can be generated using the
    <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    command.</para>

    <para>Optionally, units may be instantiated from a
    template file at runtime. This allows creation of
    multiple units from a single configuration file. If
    systemd looks for a unit configuration file, it will
    first search for the literal unit name in the
    file system. If that yields no success and the unit
    name contains an <literal>@</literal> character, systemd will look for a
    unit template that shares the same name but with the
    instance string (i.e. the part between the <literal>@</literal> character
    and the suffix) removed. Example: if a service
    <filename>getty@tty3.service</filename> is requested
    and no file by that name is found, systemd will look
    for <filename>getty@.service</filename> and
    instantiate a service from that configuration file if
    it is found.</para>

    <para>To refer to the instance string from within the
    configuration file you may use the special <literal>%i</literal>
    specifier in many of the configuration options. See below for
    details.</para>

    <para>If a unit file is empty (i.e. has the file size 0) or is
    symlinked to <filename>/dev/null</filename>, its configuration
    will not be loaded and it appears with a load state of
    <literal>masked</literal>, and cannot be activated. Use this as an
    effective way to fully disable a unit, making it impossible to
    start it even manually.</para>

    <para>The unit file format is covered by the
    <ulink
    url="http://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise">Interface
    Stability Promise</ulink>.</para>

  </refsect1>

  <refsect1>
    <title>Automatic Dependencies</title>

    <para>Note that while systemd offers a flexible dependency system
    between units it is recommended to use this functionality only
    sparingly and instead rely on techniques such as bus-based or
    socket-based activation which make dependencies implicit,
    resulting in a both simpler and more flexible system.</para>

    <para>A number of unit dependencies are automatically established,
    depending on unit configuration. On top of that, for units with
    <varname>DefaultDependencies=yes</varname> (the default) a couple
    of additional dependencies are added. The precise effect of
    <varname>DefaultDependencies=yes</varname> depends on the unit
    type (see below).</para>

    <para>If <varname>DefaultDependencies=yes</varname> is set, units
    that are referenced by other units of type
    <filename>.target</filename> via a <varname>Wants=</varname> or
    <varname>Requires=</varname> dependency might automatically gain
    an <varname>Before=</varname> dependency too. See
    <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for details.</para>
  </refsect1>

  <refsect1>
    <title>Unit File Load Path</title>

    <para>Unit files are loaded from a set of paths determined during
    compilation, described in the two tables below. Unit files found
    in directories listed earlier override files with the same name in
    directories lower in the list.</para>

    <para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set,
    the contents of this variable overrides the unit load path. If
    <varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component
    (<literal>:</literal>), the usual unit load path will be appended
    to the contents of the variable.</para>

    <table>
      <title>
        Load path when running in system mode (<option>--system</option>).
      </title>

      <tgroup cols='2'>
        <colspec colname='path' />
        <colspec colname='expl' />
        <thead>
          <row>
      <entry>Path</entry>
      <entry>Description</entry>
          </row>
        </thead>
        <tbody>
          <row>
      <entry><filename>/etc/systemd/system</filename></entry>
      <entry>Local configuration</entry>
          </row>
          <row>
      <entry><filename>/run/systemd/system</filename></entry>
      <entry>Runtime units</entry>
          </row>
          <row>
      <entry><filename>/usr/lib/systemd/system</filename></entry>
      <entry>Units of installed packages</entry>
          </row>
        </tbody>
      </tgroup>
    </table>

    <table>
      <title>
        Load path when running in user mode (<option>--user</option>).
      </title>

      <tgroup cols='2'>
        <colspec colname='path' />
        <colspec colname='expl' />
        <thead>
          <row>
      <entry>Path</entry>
      <entry>Description</entry>
          </row>
        </thead>
        <tbody>
          <row>
      <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename></entry>
      <entry>User configuration (only used when $XDG_CONFIG_HOME is set)</entry>
          </row>
          <row>
      <entry><filename>$HOME/.config/systemd/user</filename></entry>
      <entry>User configuration (only used when $XDG_CONFIG_HOME is not set)</entry>
          </row>
          <row>
      <entry><filename>/etc/systemd/user</filename></entry>
      <entry>Local configuration</entry>
          </row>
          <row>
      <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry>
      <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry>
          </row>
          <row>
      <entry><filename>/run/systemd/user</filename></entry>
      <entry>Runtime units</entry>
          </row>
          <row>
      <entry><filename>$XDG_DATA_HOME/systemd/user</filename></entry>
      <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is set)</entry>
          </row>
          <row>
      <entry><filename>$HOME/.local/share/systemd/user</filename></entry>
      <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is not set)</entry>
          </row>
          <row>
      <entry><filename>/usr/lib/systemd/user</filename></entry>
      <entry>Units of packages that have been installed system-wide</entry>
          </row>
        </tbody>
      </tgroup>
    </table>

    <para>Additional units might be loaded into systemd ("linked")
    from directories not on the unit load path. See the
    <command>link</command> command for
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    Also, some units are dynamically created via a
    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
    </para>
  </refsect1>

  <refsect1>
    <title>[Unit] Section Options</title>

    <para>The unit file may include a [Unit] section, which carries
    generic information about the unit that is not dependent on the
    type of unit:</para>

    <variablelist class='unit-directives'>

      <varlistentry>
        <term><varname>Description=</varname></term>
        <listitem><para>A free-form string describing the unit. This
        is intended for use in UIs to show descriptive information
        along with the unit name. The description should contain a
        name that means something to the end user. <literal>Apache2
        Web Server</literal> is a good example. Bad examples are
        <literal>high-performance light-weight HTTP server</literal>
        (too generic) or <literal>Apache2</literal> (too specific and
        meaningless for people who do not know
        Apache).</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Documentation=</varname></term>
        <listitem><para>A space-separated list of URIs referencing
        documentation for this unit or its configuration. Accepted are
        only URIs of the types <literal>http://</literal>,
        <literal>https://</literal>, <literal>file:</literal>,
        <literal>info:</literal>, <literal>man:</literal>. For more
        information about the syntax of these URIs, see <citerefentry
        project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
        The URIs should be listed in order of relevance, starting with
        the most relevant. It is a good idea to first reference
        documentation that explains what the unit's purpose is,
        followed by how it is configured, followed by any other
        related documentation. This option may be specified more than
        once, in which case the specified list of URIs is merged. If
        the empty string is assigned to this option, the list is reset
        and all prior assignments will have no
        effect.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Requires=</varname></term>

        <listitem><para>Configures requirement dependencies on other
        units. If this unit gets activated, the units listed here will
        be activated as well. If one of the other units gets
        deactivated or its activation fails, this unit will be
        deactivated. This option may be specified more than once or
        multiple space-separated units may be specified in one option
        in which case requirement dependencies for all listed names
        will be created. Note that requirement dependencies do not
        influence the order in which services are started or stopped.
        This has to be configured independently with the
        <varname>After=</varname> or <varname>Before=</varname>
        options. If a unit <filename>foo.service</filename> requires a
        unit <filename>bar.service</filename> as configured with
        <varname>Requires=</varname> and no ordering is configured
        with <varname>After=</varname> or <varname>Before=</varname>,
        then both units will be started simultaneously and without any
        delay between them if <filename>foo.service</filename> is
        activated. Often, it is a better choice to use
        <varname>Wants=</varname> instead of
        <varname>Requires=</varname> in order to achieve a system that
        is more robust when dealing with failing services.</para>

        <para>Note that dependencies of this type may also be
        configured outside of the unit configuration file by adding a
        symlink to a <filename>.requires/</filename> directory
        accompanying the unit file. For details, see
        above.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Requisite=</varname></term>

        <listitem><para>Similar to <varname>Requires=</varname>.
        However, if the units listed here are not started already,
        they will not be started and the transaction will fail
        immediately. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Wants=</varname></term>

        <listitem><para>A weaker version of
        <varname>Requires=</varname>. Units listed in this option will
        be started if the configuring unit is. However, if the listed
        units fail to start or cannot be added to the transaction,
        this has no impact on the validity of the transaction as a
        whole. This is the recommended way to hook start-up of one
        unit to the start-up of another unit.</para>

        <para>Note that dependencies of this type may also be
        configured outside of the unit configuration file by adding
        symlinks to a <filename>.wants/</filename> directory
        accompanying the unit file. For details, see
        above.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>BindsTo=</varname></term>

        <listitem><para>Configures requirement dependencies, very
        similar in style to <varname>Requires=</varname>, however in
        addition to this behavior, it also declares that this unit is
        stopped when any of the units listed suddenly disappears.
        Units can suddenly, unexpectedly disappear if a service
        terminates on its own choice, a device is unplugged or a mount
        point unmounted without involvement of
        systemd.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>PartOf=</varname></term>

        <listitem><para>Configures dependencies similar to
        <varname>Requires=</varname>, but limited to stopping and
        restarting of units. When systemd stops or restarts the units
        listed here, the action is propagated to this unit. Note that
        this is a one-way dependency — changes to this unit do not
        affect the listed units. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Conflicts=</varname></term>

        <listitem><para>A space-separated list of unit names.
        Configures negative requirement dependencies. If a unit has a
        <varname>Conflicts=</varname> setting on another unit,
        starting the former will stop the latter and vice versa. Note
        that this setting is independent of and orthogonal to the
        <varname>After=</varname> and <varname>Before=</varname>
        ordering dependencies.</para>

        <para>If a unit A that conflicts with a unit B is scheduled to
        be started at the same time as B, the transaction will either
        fail (in case both are required part of the transaction) or be
        modified to be fixed (in case one or both jobs are not a
        required part of the transaction). In the latter case, the job
        that is not the required will be removed, or in case both are
        not required, the unit that conflicts will be started and the
        unit that is conflicted is stopped.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Before=</varname></term>
        <term><varname>After=</varname></term>

        <listitem><para>A space-separated list of unit names.
        Configures ordering dependencies between units. If a unit
        <filename>foo.service</filename> contains a setting
        <option>Before=bar.service</option> and both units are being
        started, <filename>bar.service</filename>'s start-up is
        delayed until <filename>foo.service</filename> is started up.
        Note that this setting is independent of and orthogonal to the
        requirement dependencies as configured by
        <varname>Requires=</varname>. It is a common pattern to
        include a unit name in both the <varname>After=</varname> and
        <varname>Requires=</varname> option, in which case the unit
        listed will be started before the unit that is configured with
        these options. This option may be specified more than once, in
        which case ordering dependencies for all listed names are
        created. <varname>After=</varname> is the inverse of
        <varname>Before=</varname>, i.e. while
        <varname>After=</varname> ensures that the configured unit is
        started after the listed unit finished starting up,
        <varname>Before=</varname> ensures the opposite, i.e. that the
        configured unit is fully started up before the listed unit is
        started. Note that when two units with an ordering dependency
        between them are shut down, the inverse of the start-up order
        is applied. i.e. if a unit is configured with
        <varname>After=</varname> on another unit, the former is
        stopped before the latter if both are shut down. Given two units
        with any ordering dependency between them, if one unit is shut
        down and the other is started up, the shutdown is ordered
        before the start-up. It doesn't matter if the ordering
        dependency is <varname>After=</varname> or
        <varname>Before=</varname>. It also doesn't matter which of the
        two is shut down, as long as one is shut down and the other is
        started up. The shutdown is ordered before the start-up in all
        cases. If two units have no ordering dependencies between them,
        they are shut down or started up simultaneously, and no ordering
        takes place.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>OnFailure=</varname></term>

        <listitem><para>A space-separated list of one or more units
        that are activated when this unit enters the
        <literal>failed</literal> state.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>PropagatesReloadTo=</varname></term>
        <term><varname>ReloadPropagatedFrom=</varname></term>

        <listitem><para>A space-separated list of one or more units
        where reload requests on this unit will be propagated to, or
        reload requests on the other unit will be propagated to this
        unit, respectively. Issuing a reload request on a unit will
        automatically also enqueue a reload request on all units that
        the reload request shall be propagated to via these two
        settings.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>JoinsNamespaceOf=</varname></term>

        <listitem><para>For units that start processes (such as
        service units), lists one or more other units whose network
        and/or temporary file namespace to join. This only applies to
        unit types which support the
        <varname>PrivateNetwork=</varname> and
        <varname>PrivateTmp=</varname> directives (see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details). If a unit that has this setting set is started,
        its processes will see the same <filename>/tmp</filename>,
        <filename>/var/tmp</filename> and network namespace as one
        listed unit that is started. If multiple listed units are
        already started, it is not defined which namespace is joined.
        Note that this setting only has an effect if
        <varname>PrivateNetwork=</varname> and/or
        <varname>PrivateTmp=</varname> is enabled for both the unit
        that joins the namespace and the unit whose namespace is
        joined.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RequiresMountsFor=</varname></term>

        <listitem><para>Takes a space-separated list of absolute
        paths. Automatically adds dependencies of type
        <varname>Requires=</varname> and <varname>After=</varname> for
        all mount units required to access the specified path.</para>

        <para>Mount points marked with <option>noauto</option> are not
        mounted automatically and will be ignored for the purposes of
        this option. If such a mount should be a requirement for this
        unit, direct dependencies on the mount units may be added
        (<varname>Requires=</varname> and <varname>After=</varname> or
        some other combination). </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>OnFailureJobMode=</varname></term>

        <listitem><para>Takes a value of
        <literal>fail</literal>,
        <literal>replace</literal>,
        <literal>replace-irreversibly</literal>,
        <literal>isolate</literal>,
        <literal>flush</literal>,
        <literal>ignore-dependencies</literal> or
        <literal>ignore-requirements</literal>. Defaults to
        <literal>replace</literal>. Specifies how the units listed in
        <varname>OnFailure=</varname> will be enqueued. See
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        <option>--job-mode=</option> option for details on the
        possible values. If this is set to <literal>isolate</literal>,
        only a single unit may be listed in
        <varname>OnFailure=</varname>..</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>IgnoreOnIsolate=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, this unit will not be stopped when
        isolating another unit. Defaults to
        <option>false</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>StopWhenUnneeded=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, this unit will be stopped when it is no
        longer used. Note that, in order to minimize the work to be
        executed, systemd will not stop units by default unless they
        are conflicting with other units, or the user explicitly
        requested their shut down. If this option is set, a unit will
        be automatically cleaned up if no other active unit requires
        it. Defaults to <option>false</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RefuseManualStart=</varname></term>
        <term><varname>RefuseManualStop=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, this unit can only be activated or
        deactivated indirectly. In this case, explicit start-up or
        termination requested by the user is denied, however if it is
        started or stopped as a dependency of another unit, start-up
        or termination will succeed. This is mostly a safety feature
        to ensure that the user does not accidentally activate units
        that are not intended to be activated explicitly, and not
        accidentally deactivate units that are not intended to be
        deactivated. These options default to
        <option>false</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>AllowIsolate=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, this unit may be used with the
        <command>systemctl isolate</command> command. Otherwise, this
        will be refused. It probably is a good idea to leave this
        disabled except for target units that shall be used similar to
        runlevels in SysV init systems, just as a precaution to avoid
        unusable system states. This option defaults to
        <option>false</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultDependencies=</varname></term>

        <listitem><para>Takes a boolean argument. If
        <option>true</option>, (the default), a few default
        dependencies will implicitly be created for the unit. The
        actual dependencies created depend on the unit type. For
        example, for service units, these dependencies ensure that the
        service is started only after basic system initialization is
        completed and is properly terminated on system shutdown. See
        the respective man pages for details. Generally, only services
        involved with early boot or late shutdown should set this
        option to <option>false</option>. It is highly recommended to
        leave this option enabled for the majority of common units. If
        set to <option>false</option>, this option does not disable
        all implicit dependencies, just non-essential
        ones.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>JobTimeoutSec=</varname></term>
        <term><varname>JobTimeoutAction=</varname></term>
        <term><varname>JobTimeoutRebootArgument=</varname></term>

        <listitem><para>When a job for this unit is queued, a time-out may be configured. If this time limit is
        reached, the job will be cancelled, the unit however will not change state or even enter the
        <literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts disabled),
        except for device units. NB: this timeout is independent from any unit-specific timeout (for example, the
        timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has no effect on the
        unit itself, only on the job that might be pending for it. Or in other words: unit-specific timeouts are useful
        to abort unit state changes, and revert them. The job timeout set with this option however is useful to abort
        only the job waiting for the unit state to change.</para>

        <para><varname>JobTimeoutAction=</varname>
        optionally configures an additional
        action to take when the time-out is
        hit. It takes the same values as the
        per-service
        <varname>StartLimitAction=</varname>
        setting, see
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. Defaults to
        <option>none</option>. <varname>JobTimeoutRebootArgument=</varname>
        configures an optional reboot string
        to pass to the
        <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
        system call.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>StartLimitIntervalSec=</varname></term>
        <term><varname>StartLimitBurst=</varname></term>

        <listitem><para>Configure unit start rate limiting. By default, units which are started more than 5 times
        within 10 seconds are not permitted to start any more times until the 10 second interval ends. With these two
        options, this rate limiting may be modified. Use <varname>StartLimitIntervalSec=</varname> to configure the
        checking interval (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file,
        set to 0 to disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many
        starts per interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager
        configuration file). These configuration options are particularly useful in conjunction with the service
        setting <varname>Restart=</varname> (see
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however,
        they apply to all kinds of starts (including manual), not just those triggered by the
        <varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and
        which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted
        manually at a later point, from which point on, the restart logic is again activated. Note that
        <command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed,
        which is useful if the administrator wants to manually start a unit and the start limit interferes with
        that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit
        activations with failing conditions are not counted by this rate limiting. Slice, target, device and scope
        units do not enforce this setting, as they are unit types whose activation may either never fail, or may
        succeed only a single time.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>StartLimitAction=</varname></term>

        <listitem><para>Configure the action to take if the rate limit configured with
        <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of
        <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
        <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
        <option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no
        action besides that the start will not be permitted. <option>reboot</option> causes a reboot following the
        normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
        <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
        cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
        <option>reboot-immediate</option> causes immediate execution of the
        <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
        might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
        <option>poweroff-immediate</option> have the effect of powering down the system with similar
        semantics. Defaults to <option>none</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RebootArgument=</varname></term>
        <listitem><para>Configure the optional argument for the
        <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if
        <varname>StartLimitAction=</varname> or a service's <varname>FailureAction=</varname> is a reboot action. This
        works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>ConditionArchitecture=</varname></term>
        <term><varname>ConditionVirtualization=</varname></term>
        <term><varname>ConditionHost=</varname></term>
        <term><varname>ConditionKernelCommandLine=</varname></term>
        <term><varname>ConditionSecurity=</varname></term>
        <term><varname>ConditionCapability=</varname></term>
        <term><varname>ConditionACPower=</varname></term>
        <term><varname>ConditionNeedsUpdate=</varname></term>
        <term><varname>ConditionFirstBoot=</varname></term>
        <term><varname>ConditionPathExists=</varname></term>
        <term><varname>ConditionPathExistsGlob=</varname></term>
        <term><varname>ConditionPathIsDirectory=</varname></term>
        <term><varname>ConditionPathIsSymbolicLink=</varname></term>
        <term><varname>ConditionPathIsMountPoint=</varname></term>
        <term><varname>ConditionPathIsReadWrite=</varname></term>
        <term><varname>ConditionDirectoryNotEmpty=</varname></term>
        <term><varname>ConditionFileNotEmpty=</varname></term>
        <term><varname>ConditionFileIsExecutable=</varname></term>

        <!-- We do not document ConditionNull=
             here, as it is not particularly
             useful and probably just
             confusing. -->

        <listitem><para>Before starting a unit, verify that the specified condition is true. If it is not true, the
        starting of the unit will be (mostly silently) skipped, however all ordering dependencies of it are still
        respected. A failing condition will not result in the unit being moved into a failure state. The condition is
        checked at the time the queued start job is to be executed. Use condition expressions in order to silently skip
        units that do not apply to the local running system, for example because the kernel or runtime environment
        doesn't require its functionality. Use the various <varname>AssertArchitecture=</varname>,
        <varname>AssertVirtualization=</varname>, … options for a similar mechanism that puts the unit in a failure
        state and logs about the failed check (see below).</para>

        <para><varname>ConditionArchitecture=</varname> may be used to
        check whether the system is running on a specific
        architecture. Takes one of
        <varname>x86</varname>,
        <varname>x86-64</varname>,
        <varname>ppc</varname>,
        <varname>ppc-le</varname>,
        <varname>ppc64</varname>,
        <varname>ppc64-le</varname>,
        <varname>ia64</varname>,
        <varname>parisc</varname>,
        <varname>parisc64</varname>,
        <varname>s390</varname>,
        <varname>s390x</varname>,
        <varname>sparc</varname>,
        <varname>sparc64</varname>,
        <varname>mips</varname>,
        <varname>mips-le</varname>,
        <varname>mips64</varname>,
        <varname>mips64-le</varname>,
        <varname>alpha</varname>,
        <varname>arm</varname>,
        <varname>arm-be</varname>,
        <varname>arm64</varname>,
        <varname>arm64-be</varname>,
        <varname>sh</varname>,
        <varname>sh64</varname>,
        <varname>m86k</varname>,
        <varname>tilegx</varname>,
        <varname>cris</varname> to test
        against a specific architecture. The architecture is
        determined from the information returned by
        <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
        and is thus subject to
        <citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
        Note that a <varname>Personality=</varname> setting in the
        same unit file has no effect on this condition. A special
        architecture name <varname>native</varname> is mapped to the
        architecture the system manager itself is compiled for. The
        test may be negated by prepending an exclamation mark.</para>

        <para><varname>ConditionVirtualization=</varname> may be used
        to check whether the system is executed in a virtualized
        environment and optionally test whether it is a specific
        implementation. Takes either boolean value to check if being
        executed in any virtualized environment, or one of
        <varname>vm</varname> and
        <varname>container</varname> to test against a generic type of
        virtualization solution, or one of
        <varname>qemu</varname>,
        <varname>kvm</varname>,
        <varname>zvm</varname>,
        <varname>vmware</varname>,
        <varname>microsoft</varname>,
        <varname>oracle</varname>,
        <varname>xen</varname>,
        <varname>bochs</varname>,
        <varname>uml</varname>,
        <varname>openvz</varname>,
        <varname>lxc</varname>,
        <varname>lxc-libvirt</varname>,
        <varname>systemd-nspawn</varname>,
        <varname>docker</varname>,
        <varname>rkt</varname> to test
        against a specific implementation. See
        <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for a full list of known virtualization technologies and their
        identifiers. If multiple virtualization technologies are
        nested, only the innermost is considered. The test may be
        negated by prepending an exclamation mark.</para>

        <para><varname>ConditionHost=</varname> may be used to match
        against the hostname or machine ID of the host. This either
        takes a hostname string (optionally with shell style globs)
        which is tested against the locally set hostname as returned
        by
        <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
        or a machine ID formatted as string (see
        <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
        The test may be negated by prepending an exclamation
        mark.</para>

        <para><varname>ConditionKernelCommandLine=</varname> may be
        used to check whether a specific kernel command line option is
        set (or if prefixed with the exclamation mark unset). The
        argument must either be a single word, or an assignment (i.e.
        two words, separated <literal>=</literal>). In the former case
        the kernel command line is searched for the word appearing as
        is, or as left hand side of an assignment. In the latter case,
        the exact assignment is looked for with right and left hand
        side matching.</para>

        <para><varname>ConditionSecurity=</varname> may be used to
        check whether the given security module is enabled on the
        system. Currently, the recognized values are
        <varname>selinux</varname>,
        <varname>apparmor</varname>,
        <varname>ima</varname>,
        <varname>smack</varname> and
        <varname>audit</varname>. The test may be negated by
        prepending an exclamation mark.</para>

        <para><varname>ConditionCapability=</varname> may be used to
        check whether the given capability exists in the capability
        bounding set of the service manager (i.e. this does not check
        whether capability is actually available in the permitted or
        effective sets, see
        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details). Pass a capability name such as
        <literal>CAP_MKNOD</literal>, possibly prefixed with an
        exclamation mark to negate the check.</para>

        <para><varname>ConditionACPower=</varname> may be used to
        check whether the system has AC power, or is exclusively
        battery powered at the time of activation of the unit. This
        takes a boolean argument. If set to <varname>true</varname>,
        the condition will hold only if at least one AC connector of
        the system is connected to a power source, or if no AC
        connectors are known. Conversely, if set to
        <varname>false</varname>, the condition will hold only if
        there is at least one AC connector known and all AC connectors
        are disconnected from a power source.</para>

        <para><varname>ConditionNeedsUpdate=</varname> takes one of
        <filename>/var</filename> or <filename>/etc</filename> as
        argument, possibly prefixed with a <literal>!</literal> (for
        inverting the condition). This condition may be used to
        conditionalize units on whether the specified directory
        requires an update because <filename>/usr</filename>'s
        modification time is newer than the stamp file
        <filename>.updated</filename> in the specified directory. This
        is useful to implement offline updates of the vendor operating
        system resources in <filename>/usr</filename> that require
        updating of <filename>/etc</filename> or
        <filename>/var</filename> on the next following boot. Units
        making use of this condition should order themselves before
        <citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
        to make sure they run before the stamp file's modification
        time gets reset indicating a completed update.</para>

        <para><varname>ConditionFirstBoot=</varname> takes a boolean
        argument. This condition may be used to conditionalize units
        on whether the system is booting up with an unpopulated
        <filename>/etc</filename> directory. This may be used to
        populate <filename>/etc</filename> on the first boot after
        factory reset, or when a new system instances boots up for the
        first time.</para>

        <para>With <varname>ConditionPathExists=</varname> a file
        existence condition is checked before a unit is started. If
        the specified absolute path name does not exist, the condition
        will fail. If the absolute path name passed to
        <varname>ConditionPathExists=</varname> is prefixed with an
        exclamation mark (<literal>!</literal>), the test is negated,
        and the unit is only started if the path does not
        exist.</para>

        <para><varname>ConditionPathExistsGlob=</varname> is similar
        to <varname>ConditionPathExists=</varname>, but checks for the
        existence of at least one file or directory matching the
        specified globbing pattern.</para>

        <para><varname>ConditionPathIsDirectory=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether a certain path exists and is a directory.</para>

        <para><varname>ConditionPathIsSymbolicLink=</varname> is
        similar to <varname>ConditionPathExists=</varname> but
        verifies whether a certain path exists and is a symbolic
        link.</para>

        <para><varname>ConditionPathIsMountPoint=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether a certain path exists and is a mount point.</para>

        <para><varname>ConditionPathIsReadWrite=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether the underlying file system is readable and writable
        (i.e. not mounted read-only).</para>

        <para><varname>ConditionDirectoryNotEmpty=</varname> is
        similar to <varname>ConditionPathExists=</varname> but
        verifies whether a certain path exists and is a non-empty
        directory.</para>

        <para><varname>ConditionFileNotEmpty=</varname> is similar to
        <varname>ConditionPathExists=</varname> but verifies whether a
        certain path exists and refers to a regular file with a
        non-zero size.</para>

        <para><varname>ConditionFileIsExecutable=</varname> is similar
        to <varname>ConditionPathExists=</varname> but verifies
        whether a certain path exists, is a regular file and marked
        executable.</para>

        <para>If multiple conditions are specified, the unit will be
        executed if all of them apply (i.e. a logical AND is applied).
        Condition checks can be prefixed with a pipe symbol (|) in
        which case a condition becomes a triggering condition. If at
        least one triggering condition is defined for a unit, then the
        unit will be executed if at least one of the triggering
        conditions apply and all of the non-triggering conditions. If
        you prefix an argument with the pipe symbol and an exclamation
        mark, the pipe symbol must be passed first, the exclamation
        second. Except for
        <varname>ConditionPathIsSymbolicLink=</varname>, all path
        checks follow symlinks. If any of these options is assigned
        the empty string, the list of conditions is reset completely,
        all previous condition settings (of any kind) will have no
        effect.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>AssertArchitecture=</varname></term>
        <term><varname>AssertVirtualization=</varname></term>
        <term><varname>AssertHost=</varname></term>
        <term><varname>AssertKernelCommandLine=</varname></term>
        <term><varname>AssertSecurity=</varname></term>
        <term><varname>AssertCapability=</varname></term>
        <term><varname>AssertACPower=</varname></term>
        <term><varname>AssertNeedsUpdate=</varname></term>
        <term><varname>AssertFirstBoot=</varname></term>
        <term><varname>AssertPathExists=</varname></term>
        <term><varname>AssertPathExistsGlob=</varname></term>
        <term><varname>AssertPathIsDirectory=</varname></term>
        <term><varname>AssertPathIsSymbolicLink=</varname></term>
        <term><varname>AssertPathIsMountPoint=</varname></term>
        <term><varname>AssertPathIsReadWrite=</varname></term>
        <term><varname>AssertDirectoryNotEmpty=</varname></term>
        <term><varname>AssertFileNotEmpty=</varname></term>
        <term><varname>AssertFileIsExecutable=</varname></term>

        <listitem><para>Similar to the <varname>ConditionArchitecture=</varname>,
        <varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add
        assertion checks to the start-up of the unit. However, unlike the conditions settings, any assertion setting
        that is not met results in failure of the start job (which means this is logged loudly). Use assertion
        expressions for units that cannot operate when specific requirements are not met, and when this is something
        the administrator or user should look into.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>SourcePath=</varname></term>
        <listitem><para>A path to a configuration file this unit has
        been generated from. This is primarily useful for
        implementation of generator tools that convert configuration
        from an external configuration file format into native unit
        files. This functionality should not be used in normal
        units.</para></listitem>
      </varlistentry>

    </variablelist>

  </refsect1>

  <refsect1>
    <title>[Install] Section Options</title>

    <para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for
    the unit. This section is not interpreted by
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
    used by the <command>enable</command> and <command>disable</command> commands of the
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during
    installation of a unit. Note that settings in the <literal>[Install]</literal> section may not appear in
    <filename>.d/*.conf</filename> unit file drop-ins (see above).</para>

    <variablelist class='unit-directives'>
      <varlistentry>
        <term><varname>Alias=</varname></term>

        <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed
        here must have the same suffix (i.e. type) as the unit file name. This option may be specified more than once,
        in which case all listed names are used. At installation time, <command>systemctl enable</command> will create
        symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this
        setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support
        aliasing.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>WantedBy=</varname></term>
        <term><varname>RequiredBy=</varname></term>

        <listitem><para>This option may be used more than once, or a
        space-separated list of unit names may be given. A symbolic
        link is created in the <filename>.wants/</filename> or
        <filename>.requires/</filename> directory of each of the
        listed units when this unit is installed by <command>systemctl
        enable</command>. This has the effect that a dependency of
        type <varname>Wants=</varname> or <varname>Requires=</varname>
        is added from the listed unit to the current unit. The primary
        result is that the current unit will be started when the
        listed unit is started. See the description of
        <varname>Wants=</varname> and <varname>Requires=</varname> in
        the [Unit] section for details.</para>

        <para><command>WantedBy=foo.service</command> in a service
        <filename>bar.service</filename> is mostly equivalent to
        <command>Alias=foo.service.wants/bar.service</command> in the
        same file. In case of template units, <command>systemctl
        enable</command> must be called with an instance name, and
        this instance will be added to the
        <filename>.wants/</filename> or
        <filename>.requires/</filename> list of the listed unit. E.g.
        <command>WantedBy=getty.target</command> in a service
        <filename>getty@.service</filename> will result in
        <command>systemctl enable getty@tty2.service</command>
        creating a
        <filename>getty.target.wants/getty@tty2.service</filename>
        link to <filename>getty@.service</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Also=</varname></term>

        <listitem><para>Additional units to install/deinstall when
        this unit is installed/deinstalled. If the user requests
        installation/deinstallation of a unit with this option
        configured, <command>systemctl enable</command> and
        <command>systemctl disable</command> will automatically
        install/uninstall units listed in this option as well.</para>

        <para>This option may be used more than once, or a
        space-separated list of unit names may be
        given.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultInstance=</varname></term>

        <listitem><para>In template unit files, this specifies for
        which instance the unit shall be enabled if the template is
        enabled without any explicitly set instance. This option has
        no effect in non-template unit files. The specified string
        must be usable as instance identifier.</para></listitem>
      </varlistentry>
    </variablelist>

    <para>The following specifiers are interpreted in the Install
    section: %n, %N, %p, %i, %U, %u, %m, %H, %b, %v. For their meaning
    see the next section.
    </para>
  </refsect1>

  <refsect1>
    <title>Specifiers</title>

    <para>Many settings resolve specifiers which may be used to write
    generic unit files referring to runtime or unit parameters that
    are replaced when the unit files are loaded. The following
    specifiers are understood:</para>

    <table>
      <title>Specifiers available in unit files</title>
      <tgroup cols='3' align='left' colsep='1' rowsep='1'>
        <colspec colname="spec" />
        <colspec colname="mean" />
        <colspec colname="detail" />
        <thead>
          <row>
      <entry>Specifier</entry>
      <entry>Meaning</entry>
      <entry>Details</entry>
          </row>
        </thead>
        <tbody>
          <row>
      <entry><literal>%n</literal></entry>
      <entry>Full unit name</entry>
      <entry></entry>
          </row>
          <row>
      <entry><literal>%N</literal></entry>
      <entry>Unescaped full unit name</entry>
      <entry>Same as <literal>%n</literal>, but with escaping undone</entry>
          </row>
          <row>
      <entry><literal>%p</literal></entry>
      <entry>Prefix name</entry>
      <entry>For instantiated units, this refers to the string before the <literal>@</literal> character of the unit name. For non-instantiated units, this refers to the name of the unit with the type suffix removed.</entry>
          </row>
          <row>
      <entry><literal>%P</literal></entry>
      <entry>Unescaped prefix name</entry>
      <entry>Same as <literal>%p</literal>, but with escaping undone</entry>
          </row>
          <row>
      <entry><literal>%i</literal></entry>
      <entry>Instance name</entry>
      <entry>For instantiated units: this is the string between the <literal>@</literal> character and the suffix of the unit name.</entry>
          </row>
          <row>
      <entry><literal>%I</literal></entry>
      <entry>Unescaped instance name</entry>
      <entry>Same as <literal>%i</literal>, but with escaping undone</entry>
          </row>
          <row>
      <entry><literal>%f</literal></entry>
      <entry>Unescaped filename</entry>
      <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>.</entry>
          </row>
          <row>
      <entry><literal>%c</literal></entry>
      <entry>Control group path of the unit</entry>
      <entry>This path does not include the <filename>/sys/fs/cgroup/systemd/</filename> prefix.</entry>
          </row>
          <row>
      <entry><literal>%r</literal></entry>
      <entry>Control group path of the slice the unit is placed in</entry>
      <entry>This usually maps to the parent cgroup path of <literal>%c</literal>.</entry>
          </row>
          <row>
      <entry><literal>%R</literal></entry>
      <entry>Root control group path below which slices and units are placed</entry>
      <entry>For system instances, this resolves to <filename>/</filename>, except in containers, where this maps to the container's root control group path.</entry>
          </row>
          <row>
      <entry><literal>%t</literal></entry>
      <entry>Runtime directory</entry>
      <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry>
          </row>
          <row>
      <entry><literal>%u</literal></entry>
      <entry>User name</entry>
      <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry>
          </row>
          <row>
      <entry><literal>%U</literal></entry>
      <entry>User UID</entry>
      <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry>
          </row>
          <row>
      <entry><literal>%h</literal></entry>
      <entry>User home directory</entry>
      <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry>
          </row>
          <row>
      <entry><literal>%s</literal></entry>
      <entry>User shell</entry>
      <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry>
          </row>
          <row>
      <entry><literal>%m</literal></entry>
      <entry>Machine ID</entry>
      <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry>
          </row>
          <row>
      <entry><literal>%b</literal></entry>
      <entry>Boot ID</entry>
      <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry>
          </row>
          <row>
      <entry><literal>%H</literal></entry>
      <entry>Host name</entry>
      <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry>
          </row>
          <row>
      <entry><literal>%v</literal></entry>
      <entry>Kernel release</entry>
      <entry>Identical to <command>uname -r</command> output</entry>
          </row>
          <row>
      <entry><literal>%%</literal></entry>
      <entry>Single percent sign</entry>
      <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry>
          </row>
        </tbody>
      </tgroup>
    </table>

    <para>Please note that specifiers <literal>%U</literal>,
    <literal>%h</literal>, <literal>%s</literal> are mostly useless
    when systemd is running in system mode. PID 1 cannot query the
    user account database for information, so the specifiers only work
    as shortcuts for things which are already specified in a different
    way in the unit file. They are fully functional when systemd is
    running in <option>--user</option> mode.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>

    <example>
      <title>Allowing units to be enabled</title>

      <para>The following snippet (highlighted) allows a unit (e.g.
      <filename>foo.service</filename>) to be enabled via
      <command>systemctl enable</command>:</para>

      <programlisting>[Unit]
Description=Foo

[Service]
ExecStart=/usr/sbin/foo-daemon

<emphasis>[Install]</emphasis>
<emphasis>WantedBy=multi-user.target</emphasis></programlisting>

      <para>After running <command>systemctl enable</command>, a
      symlink
      <filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename>
      linking to the actual unit will be created. It tells systemd to
      pull in the unit when starting
      <filename>multi-user.target</filename>. The inverse
      <command>systemctl disable</command> will remove that symlink
      again.</para>
    </example>

    <example>
      <title>Overriding vendor settings</title>

      <para>There are two methods of overriding vendor settings in
      unit files: copying the unit file from
      <filename>/usr/lib/systemd/system</filename> to
      <filename>/etc/systemd/system</filename> and modifying the
      chosen settings. Alternatively, one can create a directory named
      <filename><replaceable>unit</replaceable>.d/</filename> within
      <filename>/etc/systemd/system</filename> and place a drop-in
      file <filename><replaceable>name</replaceable>.conf</filename>
      there that only changes the specific settings one is interested
      in. Note that multiple such drop-in files are read if
      present.</para>

      <para>The advantage of the first method is that one easily
      overrides the complete unit, the vendor unit is not parsed at
      all anymore. It has the disadvantage that improvements to the
      unit file by the vendor are not automatically incorporated on
      updates.</para>

      <para>The advantage of the second method is that one only
      overrides the settings one specifically wants, where updates to
      the unit by the vendor automatically apply. This has the
      disadvantage that some future updates by the vendor might be
      incompatible with the local changes.</para>

      <para>Note that for drop-in files, if one wants to remove
      entries from a setting that is parsed as a list (and is not a
      dependency), such as <varname>ConditionPathExists=</varname> (or
      e.g. <varname>ExecStart=</varname> in service units), one needs
      to first clear the list before re-adding all entries except the
      one that is to be removed. See below for an example.</para>

      <para>This also applies for user instances of systemd, but with
      different locations for the unit files. See the section on unit
      load paths for further details.</para>

      <para>Suppose there is a vendor-supplied unit
      <filename>/usr/lib/systemd/system/httpd.service</filename> with
      the following contents:</para>

      <programlisting>[Unit]
Description=Some HTTP server
After=remote-fs.target sqldb.service
Requires=sqldb.service
AssertPathExists=/srv/webserver

[Service]
Type=notify
ExecStart=/usr/sbin/some-fancy-httpd-server
Nice=5

[Install]
WantedBy=multi-user.target</programlisting>

      <para>Now one wants to change some settings as an administrator:
      firstly, in the local setup, <filename>/srv/webserver</filename>
      might not exist, because the HTTP server is configured to use
      <filename>/srv/www</filename> instead. Secondly, the local
      configuration makes the HTTP server also depend on a memory
      cache service, <filename>memcached.service</filename>, that
      should be pulled in (<varname>Requires=</varname>) and also be
      ordered appropriately (<varname>After=</varname>). Thirdly, in
      order to harden the service a bit more, the administrator would
      like to set the <varname>PrivateTmp=</varname> setting (see
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for details). And lastly, the administrator would like to reset
      the niceness of the service to its default value of 0.</para>

      <para>The first possibility is to copy the unit file to
      <filename>/etc/systemd/system/httpd.service</filename> and
      change the chosen settings:</para>

      <programlisting>[Unit]
Description=Some HTTP server
After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis>
Requires=sqldb.service <emphasis>memcached.service</emphasis>
AssertPathExists=<emphasis>/srv/www</emphasis>

[Service]
Type=notify
ExecStart=/usr/sbin/some-fancy-httpd-server
<emphasis>Nice=0</emphasis>
<emphasis>PrivateTmp=yes</emphasis>

[Install]
WantedBy=multi-user.target</programlisting>

      <para>Alternatively, the administrator could create a drop-in
      file
      <filename>/etc/systemd/system/httpd.service.d/local.conf</filename>
      with the following contents:</para>

      <programlisting>[Unit]
After=memcached.service
Requires=memcached.service
# Reset all assertions and then re-add the condition we want
AssertPathExists=
AssertPathExists=/srv/www

[Service]
Nice=0
PrivateTmp=yes</programlisting>

      <para>Note that dependencies (<varname>After=</varname>, etc.)
      cannot be reset to an empty list, so dependencies can only be
      added in drop-ins. If you want to remove dependencies, you have
      to override the entire unit.</para>

    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>