| <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ |
| <!ENTITY % entities SYSTEM "custom-entities.ent" > |
| %entities; |
| ]> |
| |
| <!-- |
| This file is part of systemd. |
| |
| Copyright 2010 Lennart Poettering |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| --> |
| |
| <refentry id="systemd.unit"> |
| |
| <refentryinfo> |
| <title>systemd.unit</title> |
| <productname>systemd</productname> |
| |
| <authorgroup> |
| <author> |
| <contrib>Developer</contrib> |
| <firstname>Lennart</firstname> |
| <surname>Poettering</surname> |
| <email>lennart@poettering.net</email> |
| </author> |
| </authorgroup> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>systemd.unit</refentrytitle> |
| <manvolnum>5</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>systemd.unit</refname> |
| <refpurpose>Unit configuration</refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <para><filename><replaceable>service</replaceable>.service</filename>, |
| <filename><replaceable>socket</replaceable>.socket</filename>, |
| <filename><replaceable>device</replaceable>.device</filename>, |
| <filename><replaceable>mount</replaceable>.mount</filename>, |
| <filename><replaceable>automount</replaceable>.automount</filename>, |
| <filename><replaceable>swap</replaceable>.swap</filename>, |
| <filename><replaceable>target</replaceable>.target</filename>, |
| <filename><replaceable>path</replaceable>.path</filename>, |
| <filename><replaceable>timer</replaceable>.timer</filename>, |
| <filename><replaceable>slice</replaceable>.slice</filename>, |
| <filename><replaceable>scope</replaceable>.scope</filename></para> |
| |
| <para><literallayout><filename>/etc/systemd/system/*</filename> |
| <filename>/run/systemd/system/*</filename> |
| <filename>/usr/lib/systemd/system/*</filename> |
| <filename>…</filename> |
| </literallayout></para> |
| |
| <para><literallayout><filename>~/.config/systemd/user/*</filename> |
| <filename>/etc/systemd/user/*</filename> |
| <filename>$XDG_RUNTIME_DIR/systemd/user/*</filename> |
| <filename>/run/systemd/user/*</filename> |
| <filename>~/.local/share/systemd/user/*</filename> |
| <filename>/usr/lib/systemd/user/*</filename> |
| <filename>…</filename> |
| </literallayout></para> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para>A unit configuration file encodes information about a |
| service, a socket, a device, a mount point, an automount point, a |
| swap file or partition, a start-up target, a watched file system |
| path, a timer controlled and supervised by |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| a resource management slice or |
| a group of externally created processes. The syntax is inspired by |
| <ulink |
| url="http://standards.freedesktop.org/desktop-entry-spec/latest/">XDG |
| Desktop Entry Specification</ulink> <filename>.desktop</filename> |
| files, which are in turn inspired by Microsoft Windows |
| <filename>.ini</filename> files.</para> |
| |
| <para>This man page lists the common configuration options of all |
| the unit types. These options need to be configured in the [Unit] |
| or [Install] sections of the unit files.</para> |
| |
| <para>In addition to the generic [Unit] and [Install] sections |
| described here, each unit may have a type-specific section, e.g. |
| [Service] for a service unit. See the respective man pages for |
| more information: |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>. |
| </para> |
| |
| <para>Various settings are allowed to be specified more than once, |
| in which case the interpretation depends on the setting. Often, |
| multiple settings form a list, and setting to an empty value |
| "resets", which means that previous assignments are ignored. When |
| this is allowed, it is mentioned in the description of the |
| setting. Note that using multiple assignments to the same value |
| makes the unit file incompatible with parsers for the XDG |
| <filename>.desktop</filename> file format.</para> |
| |
| <para>Unit files are loaded from a set of paths determined during |
| compilation, described in the next section.</para> |
| |
| <para>Unit files may contain additional options on top of those |
| listed here. If systemd encounters an unknown option, it will |
| write a warning log message but continue loading the unit. If an |
| option or section name is prefixed with <option>X-</option>, it is |
| ignored completely by systemd. Options within an ignored section |
| do not need the prefix. Applications may use this to include |
| additional information in the unit files.</para> |
| |
| <para>Boolean arguments used in unit files can be written in |
| various formats. For positive settings the strings |
| <option>1</option>, <option>yes</option>, <option>true</option> |
| and <option>on</option> are equivalent. For negative settings, the |
| strings <option>0</option>, <option>no</option>, |
| <option>false</option> and <option>off</option> are |
| equivalent.</para> |
| |
| <para>Time span values encoded in unit files can be written in various formats. A stand-alone |
| number specifies a time in seconds. If suffixed with a time unit, the unit is honored. A |
| concatenation of multiple values with units is supported, in which case the values are added |
| up. Example: <literal>50</literal> refers to 50 seconds; <literal>2min 200ms</literal> refers to |
| 2 minutes and 200 milliseconds, i.e. 120200 ms. The following time units are understood: |
| <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, <literal>d</literal>, |
| <literal>w</literal>, <literal>ms</literal>, <literal>us</literal>. For details see |
| <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> |
| |
| <para>Empty lines and lines starting with <literal>#</literal> or <literal>;</literal> are |
| ignored. This may be used for commenting. Lines ending in a backslash are concatenated with the |
| following line while reading and the backslash is replaced by a space character. This may be |
| used to wrap long lines.</para> |
| |
| <para>Units can be aliased (have an alternative name), by creating a symlink from the new name |
| to the existing name in one of the unit search paths. For example, |
| <filename>systemd-networkd.service</filename> has the alias |
| <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the |
| symlink <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In |
| addition, unit files may specify aliases through the <varname>Alias=</varname> directive in the |
| [Install] section; those aliases are only effective when the unit is enabled. When the unit is |
| enabled, symlinks will be created for those names, and removed when the unit is disabled. For |
| example, <filename>reboot.target</filename> specifies |
| <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever |
| CTRL+ALT+DEL is pressed. Alias names may be used in commands like <command>enable</command>, |
| <command>disable</command>, <command>start</command>, <command>stop</command>, |
| <command>status</command>, …, and in unit dependency directives <varname>Wants=</varname>, |
| <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …, with the |
| limitation that aliases specified through <varname>Alias=</varname> are only effective when the |
| unit is enabled. Aliases cannot be used with the <command>preset</command> command.</para> |
| |
| <para>Along with a unit file <filename>foo.service</filename>, the directory |
| <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a |
| directory are implicitly added as dependencies of type <varname>Wants=</varname> to the unit. |
| This is useful to hook units into the start-up of other units, without having to modify their |
| unit files. For details about the semantics of <varname>Wants=</varname>, see below. The |
| preferred way to create symlinks in the <filename>.wants/</filename> directory of a unit file is |
| with the <command>enable</command> command of the |
| <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| tool which reads information from the [Install] section of unit files (see below). A similar |
| functionality exists for <varname>Requires=</varname> type dependencies as well, the directory |
| suffix is <filename>.requires/</filename> in this case.</para> |
| |
| <para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory |
| <filename>foo.service.d/</filename> may exist. All files with the suffix |
| <literal>.conf</literal> from this directory will be parsed after the file itself is |
| parsed. This is useful to alter or add configuration settings for a unit, without having to |
| modify unit files. Each drop-in file must have appropriate section headers. Note that for |
| instantiated units, this logic will first look for the instance <literal>.d/</literal> |
| subdirectory and read its <literal>.conf</literal> files, followed by the template |
| <literal>.d/</literal> subdirectory and the <literal>.conf</literal> files there. Also note that |
| settings from the <literal>[Install]</literal> section are not honored in drop-in unit files, |
| and have no effect.</para> |
| |
| <para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d</literal> |
| directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or |
| <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename> |
| take precedence over those in <filename>/run</filename> which in turn take precedence over those |
| in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence |
| over unit files wherever located. Multiple drop-in files with different names are applied in |
| lexicographic order, regardless of which of the directories they reside in.</para> |
| |
| <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want |
| people to use .d/ drop-ins instead. --> |
| |
| <para>Note that while systemd offers a flexible dependency system |
| between units it is recommended to use this functionality only |
| sparingly and instead rely on techniques such as bus-based or |
| socket-based activation which make dependencies implicit, |
| resulting in a both simpler and more flexible system.</para> |
| |
| <para>Some unit names reflect paths existing in the file system |
| namespace. Example: a device unit |
| <filename>dev-sda.device</filename> refers to a device with the |
| device node <filename noindex='true'>/dev/sda</filename> in the |
| file system namespace. If this applies, a special way to escape |
| the path name is used, so that the result is usable as part of a |
| filename. Basically, given a path, "/" is replaced by "-", and all |
| other characters which are not ASCII alphanumerics are replaced by |
| C-style "\x2d" escapes (except that "_" is never replaced and "." |
| is only replaced when it would be the first character in the |
| escaped path). The root directory "/" is encoded as single dash, |
| while otherwise the initial and ending "/" are removed from all |
| paths during transformation. This escaping is reversible. Properly |
| escaped paths can be generated using the |
| <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| command.</para> |
| |
| <para>Optionally, units may be instantiated from a |
| template file at runtime. This allows creation of |
| multiple units from a single configuration file. If |
| systemd looks for a unit configuration file, it will |
| first search for the literal unit name in the |
| file system. If that yields no success and the unit |
| name contains an <literal>@</literal> character, systemd will look for a |
| unit template that shares the same name but with the |
| instance string (i.e. the part between the <literal>@</literal> character |
| and the suffix) removed. Example: if a service |
| <filename>getty@tty3.service</filename> is requested |
| and no file by that name is found, systemd will look |
| for <filename>getty@.service</filename> and |
| instantiate a service from that configuration file if |
| it is found.</para> |
| |
| <para>To refer to the instance string from within the |
| configuration file you may use the special <literal>%i</literal> |
| specifier in many of the configuration options. See below for |
| details.</para> |
| |
| <para>If a unit file is empty (i.e. has the file size 0) or is |
| symlinked to <filename>/dev/null</filename>, its configuration |
| will not be loaded and it appears with a load state of |
| <literal>masked</literal>, and cannot be activated. Use this as an |
| effective way to fully disable a unit, making it impossible to |
| start it even manually.</para> |
| |
| <para>The unit file format is covered by the |
| <ulink |
| url="https://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise">Interface |
| Stability Promise</ulink>.</para> |
| |
| </refsect1> |
| |
| <refsect1> |
| <title>Implicit Dependencies</title> |
| |
| <para>A number of unit dependencies are implicitly established, |
| depending on unit type and unit configuration. These implicit |
| dependencies can make unit configuration file cleaner. For the |
| implicit dependencies in each unit type, please refer to |
| section "Implicit Dependencies" in respective man pages.</para> |
| |
| <para>For example, service units with <varname>Type=dbus</varname> |
| automatically acquire dependencies of type <varname>Requires=</varname> |
| and <varname>After=</varname> on <filename>dbus.socket</filename>. See |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Default Dependencies</title> |
| |
| <para>Default dependencies are similar to implicit dependencies, |
| but can be turned on and off by setting |
| <varname>DefaultDependencies=</varname> to <varname>yes</varname> |
| (the default) and <varname>no</varname>, while implicit dependencies |
| are always in effect. See section "Default Dependencies" in respective |
| man pages for the effect of enabling |
| <varname>DefaultDependencies=</varname> in each unit types.</para> |
| |
| <para>For example, target units will complement all configured |
| dependencies of type type <varname>Wants=</varname> or |
| <varname>Requires=</varname> with dependencies of type |
| <varname>After=</varname>. See |
| <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details. Note that this behavior can be turned off by setting |
| <varname>DefaultDependencies=no</varname>.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Unit File Load Path</title> |
| |
| <para>Unit files are loaded from a set of paths determined during |
| compilation, described in the two tables below. Unit files found |
| in directories listed earlier override files with the same name in |
| directories lower in the list.</para> |
| |
| <para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set, |
| the contents of this variable overrides the unit load path. If |
| <varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component |
| (<literal>:</literal>), the usual unit load path will be appended |
| to the contents of the variable.</para> |
| |
| <table> |
| <title> |
| Load path when running in system mode (<option>--system</option>). |
| </title> |
| |
| <tgroup cols='2'> |
| <colspec colname='path' /> |
| <colspec colname='expl' /> |
| <thead> |
| <row> |
| <entry>Path</entry> |
| <entry>Description</entry> |
| </row> |
| </thead> |
| <tbody> |
| <row> |
| <entry><filename>/etc/systemd/system</filename></entry> |
| <entry>Local configuration</entry> |
| </row> |
| <row> |
| <entry><filename>/run/systemd/system</filename></entry> |
| <entry>Runtime units</entry> |
| </row> |
| <row> |
| <entry><filename>/usr/lib/systemd/system</filename></entry> |
| <entry>Units of installed packages</entry> |
| </row> |
| </tbody> |
| </tgroup> |
| </table> |
| |
| <table> |
| <title> |
| Load path when running in user mode (<option>--user</option>). |
| </title> |
| |
| <tgroup cols='2'> |
| <colspec colname='path' /> |
| <colspec colname='expl' /> |
| <thead> |
| <row> |
| <entry>Path</entry> |
| <entry>Description</entry> |
| </row> |
| </thead> |
| <tbody> |
| <row> |
| <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename></entry> |
| <entry>User configuration (only used when $XDG_CONFIG_HOME is set)</entry> |
| </row> |
| <row> |
| <entry><filename>$HOME/.config/systemd/user</filename></entry> |
| <entry>User configuration (only used when $XDG_CONFIG_HOME is not set)</entry> |
| </row> |
| <row> |
| <entry><filename>/etc/systemd/user</filename></entry> |
| <entry>Local configuration</entry> |
| </row> |
| <row> |
| <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry> |
| <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry> |
| </row> |
| <row> |
| <entry><filename>/run/systemd/user</filename></entry> |
| <entry>Runtime units</entry> |
| </row> |
| <row> |
| <entry><filename>$XDG_DATA_HOME/systemd/user</filename></entry> |
| <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is set)</entry> |
| </row> |
| <row> |
| <entry><filename>$HOME/.local/share/systemd/user</filename></entry> |
| <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is not set)</entry> |
| </row> |
| <row> |
| <entry><filename>/usr/lib/systemd/user</filename></entry> |
| <entry>Units of packages that have been installed system-wide</entry> |
| </row> |
| </tbody> |
| </tgroup> |
| </table> |
| |
| <para>Additional units might be loaded into systemd ("linked") |
| from directories not on the unit load path. See the |
| <command>link</command> command for |
| <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
| Also, some units are dynamically created via a |
| <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>. |
| </para> |
| </refsect1> |
| |
| <refsect1> |
| <title>[Unit] Section Options</title> |
| |
| <para>The unit file may include a [Unit] section, which carries |
| generic information about the unit that is not dependent on the |
| type of unit:</para> |
| |
| <variablelist class='unit-directives'> |
| |
| <varlistentry> |
| <term><varname>Description=</varname></term> |
| <listitem><para>A free-form string describing the unit. This |
| is intended for use in UIs to show descriptive information |
| along with the unit name. The description should contain a |
| name that means something to the end user. <literal>Apache2 |
| Web Server</literal> is a good example. Bad examples are |
| <literal>high-performance light-weight HTTP server</literal> |
| (too generic) or <literal>Apache2</literal> (too specific and |
| meaningless for people who do not know |
| Apache).</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>Documentation=</varname></term> |
| <listitem><para>A space-separated list of URIs referencing |
| documentation for this unit or its configuration. Accepted are |
| only URIs of the types <literal>http://</literal>, |
| <literal>https://</literal>, <literal>file:</literal>, |
| <literal>info:</literal>, <literal>man:</literal>. For more |
| information about the syntax of these URIs, see <citerefentry |
| project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>. |
| The URIs should be listed in order of relevance, starting with |
| the most relevant. It is a good idea to first reference |
| documentation that explains what the unit's purpose is, |
| followed by how it is configured, followed by any other |
| related documentation. This option may be specified more than |
| once, in which case the specified list of URIs is merged. If |
| the empty string is assigned to this option, the list is reset |
| and all prior assignments will have no |
| effect.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>Requires=</varname></term> |
| |
| <listitem><para>Configures requirement dependencies on other units. If this unit gets activated, the units |
| listed here will be activated as well. If one of the other units fails to activate, and an ordering dependency |
| <varname>After=</varname> on the failing unit is set, this |
| unit will not be started. This option may be specified more than once or multiple space-separated units may be |
| specified in one option in which case requirement dependencies for all listed names will be created. Note that |
| requirement dependencies do not influence the order in which services are started or stopped. This has to be |
| configured independently with the <varname>After=</varname> or <varname>Before=</varname> options. If a unit |
| <filename>foo.service</filename> requires a unit <filename>bar.service</filename> as configured with |
| <varname>Requires=</varname> and no ordering is configured with <varname>After=</varname> or |
| <varname>Before=</varname>, then both units will be started simultaneously and without any delay between them |
| if <filename>foo.service</filename> is activated. Often, it is a better choice to use <varname>Wants=</varname> |
| instead of <varname>Requires=</varname> in order to achieve a system that is more robust when dealing with |
| failing services.</para> |
| |
| <para>Note that this dependency type does not imply that the other unit always has to be in active state when |
| this unit is running. Specifically: failing condition checks (such as <varname>ConditionPathExists=</varname>, |
| <varname>ConditionPathIsSymbolicLink=</varname>, … — see below) do not cause the start job of a unit with a |
| <varname>Requires=</varname> dependency on it to fail. Also, some unit types may deactivate on their own (for |
| example, a service process may decide to exit cleanly, or a device may be unplugged by the user), which is not |
| propagated to units having a <varname>Requires=</varname> dependency. Use the <varname>BindsTo=</varname> |
| dependency type together with <varname>After=</varname> to ensure that a unit may never be in active state |
| without a specific other unit also in active state (see below).</para> |
| |
| <para>Note that dependencies of this type may also be configured outside of the unit configuration file by |
| adding a symlink to a <filename>.requires/</filename> directory accompanying the unit file. For details, see |
| above.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>Requisite=</varname></term> |
| |
| <listitem><para>Similar to <varname>Requires=</varname>. |
| However, if the units listed here are not started already, |
| they will not be started and the transaction will fail |
| immediately. </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>Wants=</varname></term> |
| |
| <listitem><para>A weaker version of |
| <varname>Requires=</varname>. Units listed in this option will |
| be started if the configuring unit is. However, if the listed |
| units fail to start or cannot be added to the transaction, |
| this has no impact on the validity of the transaction as a |
| whole. This is the recommended way to hook start-up of one |
| unit to the start-up of another unit.</para> |
| |
| <para>Note that dependencies of this type may also be |
| configured outside of the unit configuration file by adding |
| symlinks to a <filename>.wants/</filename> directory |
| accompanying the unit file. For details, see |
| above.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>BindsTo=</varname></term> |
| |
| <listitem><para>Configures requirement dependencies, very similar in style to |
| <varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effect of |
| <varname>Requires=</varname> it declares that if the unit bound to is stopped, this unit will be stopped |
| too. This means a unit bound to another unit that suddenly enters inactive state will be stopped too. |
| Units can suddenly, unexpectedly enter inactive state for different reasons: the main process of a service unit |
| might terminate on its own choice, the backing device of a device unit might be unplugged or the mount point of |
| a mount unit might be unmounted without involvement of the system and service manager.</para> |
| |
| <para>When used in conjunction with <varname>After=</varname> on the same unit the behaviour of |
| <varname>BindsTo=</varname> is even stronger. In this case, the unit bound to strictly has to be in active |
| state for this unit to also be in active state. This not only means a unit bound to another unit that suddenly |
| enters inactive state, but also one that is bound to another unit that gets skipped due to a failed condition |
| check (such as <varname>ConditionPathExists=</varname>, <varname>ConditionPathIsSymbolicLink=</varname>, … — |
| see below) will be stopped, should it be running. Hence, in many cases it is best to combine |
| <varname>BindsTo=</varname> with <varname>After=</varname>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>PartOf=</varname></term> |
| |
| <listitem><para>Configures dependencies similar to |
| <varname>Requires=</varname>, but limited to stopping and |
| restarting of units. When systemd stops or restarts the units |
| listed here, the action is propagated to this unit. Note that |
| this is a one-way dependency — changes to this unit do not |
| affect the listed units. </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>Conflicts=</varname></term> |
| |
| <listitem><para>A space-separated list of unit names. |
| Configures negative requirement dependencies. If a unit has a |
| <varname>Conflicts=</varname> setting on another unit, |
| starting the former will stop the latter and vice versa. Note |
| that this setting is independent of and orthogonal to the |
| <varname>After=</varname> and <varname>Before=</varname> |
| ordering dependencies.</para> |
| |
| <para>If a unit A that conflicts with a unit B is scheduled to |
| be started at the same time as B, the transaction will either |
| fail (in case both are required part of the transaction) or be |
| modified to be fixed (in case one or both jobs are not a |
| required part of the transaction). In the latter case, the job |
| that is not the required will be removed, or in case both are |
| not required, the unit that conflicts will be started and the |
| unit that is conflicted is stopped.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>Before=</varname></term> |
| <term><varname>After=</varname></term> |
| |
| <listitem><para>These two settings expect a space-separated list of unit names. They configure ordering |
| dependencies between units. If a unit <filename>foo.service</filename> contains a setting |
| <option>Before=bar.service</option> and both units are being started, <filename>bar.service</filename>'s |
| start-up is delayed until <filename>foo.service</filename> has finished starting up. Note that this setting is |
| independent of and orthogonal to the requirement dependencies as configured by <varname>Requires=</varname>, |
| <varname>Wants=</varname> or <varname>BindsTo=</varname>. It is a common pattern to include a unit name in both |
| the <varname>After=</varname> and <varname>Requires=</varname> options, in which case the unit listed will be |
| started before the unit that is configured with these options. This option may be specified more than once, in |
| which case ordering dependencies for all listed names are created. <varname>After=</varname> is the inverse of |
| <varname>Before=</varname>, i.e. while <varname>After=</varname> ensures that the configured unit is started |
| after the listed unit finished starting up, <varname>Before=</varname> ensures the opposite, that the |
| configured unit is fully started up before the listed unit is started. Note that when two units with an |
| ordering dependency between them are shut down, the inverse of the start-up order is applied. i.e. if a unit is |
| configured with <varname>After=</varname> on another unit, the former is stopped before the latter if both are |
| shut down. Given two units with any ordering dependency between them, if one unit is shut down and the other is |
| started up, the shutdown is ordered before the start-up. It doesn't matter if the ordering dependency is |
| <varname>After=</varname> or <varname>Before=</varname>, in this case. It also doesn't matter which of the two |
| is shut down, as long as one is shut down and the other is started up. The shutdown is ordered before the |
| start-up in all cases. If two units have no ordering dependencies between them, they are shut down or started |
| up simultaneously, and no ordering takes place. It depends on the unit type when precisely a unit has finished |
| starting up. Most importantly, for service units start-up is considered completed for the purpose of |
| <varname>Before=</varname>/<varname>After=</varname> when all its configured start-up commands have been |
| invoked and they either failed or reported start-up success.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>OnFailure=</varname></term> |
| |
| <listitem><para>A space-separated list of one or more units |
| that are activated when this unit enters the |
| <literal>failed</literal> state.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>PropagatesReloadTo=</varname></term> |
| <term><varname>ReloadPropagatedFrom=</varname></term> |
| |
| <listitem><para>A space-separated list of one or more units |
| where reload requests on this unit will be propagated to, or |
| reload requests on the other unit will be propagated to this |
| unit, respectively. Issuing a reload request on a unit will |
| automatically also enqueue a reload request on all units that |
| the reload request shall be propagated to via these two |
| settings.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>JoinsNamespaceOf=</varname></term> |
| |
| <listitem><para>For units that start processes (such as |
| service units), lists one or more other units whose network |
| and/or temporary file namespace to join. This only applies to |
| unit types which support the |
| <varname>PrivateNetwork=</varname> and |
| <varname>PrivateTmp=</varname> directives (see |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details). If a unit that has this setting set is started, |
| its processes will see the same <filename>/tmp</filename>, |
| <filename>/var/tmp</filename> and network namespace as one |
| listed unit that is started. If multiple listed units are |
| already started, it is not defined which namespace is joined. |
| Note that this setting only has an effect if |
| <varname>PrivateNetwork=</varname> and/or |
| <varname>PrivateTmp=</varname> is enabled for both the unit |
| that joins the namespace and the unit whose namespace is |
| joined.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RequiresMountsFor=</varname></term> |
| |
| <listitem><para>Takes a space-separated list of absolute |
| paths. Automatically adds dependencies of type |
| <varname>Requires=</varname> and <varname>After=</varname> for |
| all mount units required to access the specified path.</para> |
| |
| <para>Mount points marked with <option>noauto</option> are not |
| mounted automatically through <filename>local-fs.target</filename>, |
| but are still honored for the purposes of this option, i.e. they |
| will be pulled in by this unit.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>OnFailureJobMode=</varname></term> |
| |
| <listitem><para>Takes a value of |
| <literal>fail</literal>, |
| <literal>replace</literal>, |
| <literal>replace-irreversibly</literal>, |
| <literal>isolate</literal>, |
| <literal>flush</literal>, |
| <literal>ignore-dependencies</literal> or |
| <literal>ignore-requirements</literal>. Defaults to |
| <literal>replace</literal>. Specifies how the units listed in |
| <varname>OnFailure=</varname> will be enqueued. See |
| <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s |
| <option>--job-mode=</option> option for details on the |
| possible values. If this is set to <literal>isolate</literal>, |
| only a single unit may be listed in |
| <varname>OnFailure=</varname>..</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>IgnoreOnIsolate=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. If <option>true</option>, this unit |
| will not be stopped when isolating another unit. Defaults to |
| <option>false</option> for service, target, socket, busname, timer, and path |
| units, and <option>true</option> for slice, scope, device, swap, mount, and |
| automount units.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>StopWhenUnneeded=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. If |
| <option>true</option>, this unit will be stopped when it is no |
| longer used. Note that, in order to minimize the work to be |
| executed, systemd will not stop units by default unless they |
| are conflicting with other units, or the user explicitly |
| requested their shut down. If this option is set, a unit will |
| be automatically cleaned up if no other active unit requires |
| it. Defaults to <option>false</option>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RefuseManualStart=</varname></term> |
| <term><varname>RefuseManualStop=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. If |
| <option>true</option>, this unit can only be activated or |
| deactivated indirectly. In this case, explicit start-up or |
| termination requested by the user is denied, however if it is |
| started or stopped as a dependency of another unit, start-up |
| or termination will succeed. This is mostly a safety feature |
| to ensure that the user does not accidentally activate units |
| that are not intended to be activated explicitly, and not |
| accidentally deactivate units that are not intended to be |
| deactivated. These options default to |
| <option>false</option>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>AllowIsolate=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. If |
| <option>true</option>, this unit may be used with the |
| <command>systemctl isolate</command> command. Otherwise, this |
| will be refused. It probably is a good idea to leave this |
| disabled except for target units that shall be used similar to |
| runlevels in SysV init systems, just as a precaution to avoid |
| unusable system states. This option defaults to |
| <option>false</option>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultDependencies=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. If |
| <option>true</option>, (the default), a few default |
| dependencies will implicitly be created for the unit. The |
| actual dependencies created depend on the unit type. For |
| example, for service units, these dependencies ensure that the |
| service is started only after basic system initialization is |
| completed and is properly terminated on system shutdown. See |
| the respective man pages for details. Generally, only services |
| involved with early boot or late shutdown should set this |
| option to <option>false</option>. It is highly recommended to |
| leave this option enabled for the majority of common units. If |
| set to <option>false</option>, this option does not disable |
| all implicit dependencies, just non-essential |
| ones.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>JobTimeoutSec=</varname></term> |
| <term><varname>JobRunningTimeoutSec=</varname></term> |
| <term><varname>JobTimeoutAction=</varname></term> |
| <term><varname>JobTimeoutRebootArgument=</varname></term> |
| |
| <listitem><para>When a job for this unit is queued, a time-out <varname>JobTimeoutSec=</varname> may be |
| configured. Similarly, <varname>JobRunningTimeoutSec=</varname> starts counting when the queued job is actually |
| started. If either time limit is reached, the job will be cancelled, the unit however will not change state or |
| even enter the <literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts |
| disabled), except for device units (<varname>JobRunningTimeoutSec=</varname> defaults to |
| <varname>DefaultTimeoutStartSec=</varname>). NB: this timeout is independent from any unit-specific timeout |
| (for example, the timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has |
| no effect on the unit itself, only on the job that might be pending for it. Or in other words: unit-specific |
| timeouts are useful to abort unit state changes, and revert them. The job timeout set with this option however |
| is useful to abort only the job waiting for the unit state to change.</para> |
| |
| <para><varname>JobTimeoutAction=</varname> optionally configures an additional action to take when the time-out |
| is hit. It takes the same values as <varname>StartLimitAction=</varname>. Defaults to <option>none</option>. |
| <varname>JobTimeoutRebootArgument=</varname> configures an optional reboot string to pass to the |
| <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
| system call.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>StartLimitIntervalSec=</varname></term> |
| <term><varname>StartLimitBurst=</varname></term> |
| |
| <listitem><para>Configure unit start rate limiting. By default, units which are started more than 5 times |
| within 10 seconds are not permitted to start any more times until the 10 second interval ends. With these two |
| options, this rate limiting may be modified. Use <varname>StartLimitIntervalSec=</varname> to configure the |
| checking interval (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, |
| set to 0 to disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many |
| starts per interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager |
| configuration file). These configuration options are particularly useful in conjunction with the service |
| setting <varname>Restart=</varname> (see |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however, |
| they apply to all kinds of starts (including manual), not just those triggered by the |
| <varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and |
| which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted |
| manually at a later point, from which point on, the restart logic is again activated. Note that |
| <command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed, |
| which is useful if the administrator wants to manually start a unit and the start limit interferes with |
| that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit |
| activations with failing conditions are not counted by this rate limiting. Slice, target, device and scope |
| units do not enforce this setting, as they are unit types whose activation may either never fail, or may |
| succeed only a single time.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>StartLimitAction=</varname></term> |
| |
| <listitem><para>Configure the action to take if the rate limit configured with |
| <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of |
| <option>none</option>, <option>reboot</option>, <option>reboot-force</option>, |
| <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or |
| <option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no |
| action besides that the start will not be permitted. <option>reboot</option> causes a reboot following the |
| normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>). |
| <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should |
| cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and |
| <option>reboot-immediate</option> causes immediate execution of the |
| <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which |
| might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>, |
| <option>poweroff-immediate</option> have the effect of powering down the system with similar |
| semantics. Defaults to <option>none</option>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RebootArgument=</varname></term> |
| <listitem><para>Configure the optional argument for the |
| <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if |
| <varname>StartLimitAction=</varname> or a service's <varname>FailureAction=</varname> is a reboot action. This |
| works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>ConditionArchitecture=</varname></term> |
| <term><varname>ConditionVirtualization=</varname></term> |
| <term><varname>ConditionHost=</varname></term> |
| <term><varname>ConditionKernelCommandLine=</varname></term> |
| <term><varname>ConditionSecurity=</varname></term> |
| <term><varname>ConditionCapability=</varname></term> |
| <term><varname>ConditionACPower=</varname></term> |
| <term><varname>ConditionNeedsUpdate=</varname></term> |
| <term><varname>ConditionFirstBoot=</varname></term> |
| <term><varname>ConditionPathExists=</varname></term> |
| <term><varname>ConditionPathExistsGlob=</varname></term> |
| <term><varname>ConditionPathIsDirectory=</varname></term> |
| <term><varname>ConditionPathIsSymbolicLink=</varname></term> |
| <term><varname>ConditionPathIsMountPoint=</varname></term> |
| <term><varname>ConditionPathIsReadWrite=</varname></term> |
| <term><varname>ConditionDirectoryNotEmpty=</varname></term> |
| <term><varname>ConditionFileNotEmpty=</varname></term> |
| <term><varname>ConditionFileIsExecutable=</varname></term> |
| <term><varname>ConditionUser=</varname></term> |
| <term><varname>ConditionGroup=</varname></term> |
| |
| <!-- We do not document ConditionNull= |
| here, as it is not particularly |
| useful and probably just |
| confusing. --> |
| |
| <listitem><para>Before starting a unit, verify that the specified condition is true. If it is not true, the |
| starting of the unit will be (mostly silently) skipped, however all ordering dependencies of it are still |
| respected. A failing condition will not result in the unit being moved into a failure state. The condition is |
| checked at the time the queued start job is to be executed. Use condition expressions in order to silently skip |
| units that do not apply to the local running system, for example because the kernel or runtime environment |
| doesn't require its functionality. Use the various <varname>AssertArchitecture=</varname>, |
| <varname>AssertVirtualization=</varname>, … options for a similar mechanism that puts the unit in a failure |
| state and logs about the failed check (see below).</para> |
| |
| <para><varname>ConditionArchitecture=</varname> may be used to |
| check whether the system is running on a specific |
| architecture. Takes one of |
| <varname>x86</varname>, |
| <varname>x86-64</varname>, |
| <varname>ppc</varname>, |
| <varname>ppc-le</varname>, |
| <varname>ppc64</varname>, |
| <varname>ppc64-le</varname>, |
| <varname>ia64</varname>, |
| <varname>parisc</varname>, |
| <varname>parisc64</varname>, |
| <varname>s390</varname>, |
| <varname>s390x</varname>, |
| <varname>sparc</varname>, |
| <varname>sparc64</varname>, |
| <varname>mips</varname>, |
| <varname>mips-le</varname>, |
| <varname>mips64</varname>, |
| <varname>mips64-le</varname>, |
| <varname>alpha</varname>, |
| <varname>arm</varname>, |
| <varname>arm-be</varname>, |
| <varname>arm64</varname>, |
| <varname>arm64-be</varname>, |
| <varname>sh</varname>, |
| <varname>sh64</varname>, |
| <varname>m68k</varname>, |
| <varname>tilegx</varname>, |
| <varname>cris</varname>, |
| <varname>arc</varname>, |
| <varname>arc-be</varname> to test |
| against a specific architecture. The architecture is |
| determined from the information returned by |
| <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
| and is thus subject to |
| <citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>. |
| Note that a <varname>Personality=</varname> setting in the |
| same unit file has no effect on this condition. A special |
| architecture name <varname>native</varname> is mapped to the |
| architecture the system manager itself is compiled for. The |
| test may be negated by prepending an exclamation mark.</para> |
| |
| <para><varname>ConditionVirtualization=</varname> may be used |
| to check whether the system is executed in a virtualized |
| environment and optionally test whether it is a specific |
| implementation. Takes either boolean value to check if being |
| executed in any virtualized environment, or one of |
| <varname>vm</varname> and |
| <varname>container</varname> to test against a generic type of |
| virtualization solution, or one of |
| <varname>qemu</varname>, |
| <varname>kvm</varname>, |
| <varname>zvm</varname>, |
| <varname>vmware</varname>, |
| <varname>microsoft</varname>, |
| <varname>oracle</varname>, |
| <varname>xen</varname>, |
| <varname>bochs</varname>, |
| <varname>uml</varname>, |
| <varname>openvz</varname>, |
| <varname>lxc</varname>, |
| <varname>lxc-libvirt</varname>, |
| <varname>systemd-nspawn</varname>, |
| <varname>docker</varname>, |
| <varname>rkt</varname> to test |
| against a specific implementation, or |
| <varname>private-users</varname> to check whether we are running in a user namespace. See |
| <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| for a full list of known virtualization technologies and their |
| identifiers. If multiple virtualization technologies are |
| nested, only the innermost is considered. The test may be |
| negated by prepending an exclamation mark.</para> |
| |
| <para><varname>ConditionHost=</varname> may be used to match |
| against the hostname or machine ID of the host. This either |
| takes a hostname string (optionally with shell style globs) |
| which is tested against the locally set hostname as returned |
| by |
| <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>, |
| or a machine ID formatted as string (see |
| <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>). |
| The test may be negated by prepending an exclamation |
| mark.</para> |
| |
| <para><varname>ConditionKernelCommandLine=</varname> may be |
| used to check whether a specific kernel command line option is |
| set (or if prefixed with the exclamation mark unset). The |
| argument must either be a single word, or an assignment (i.e. |
| two words, separated <literal>=</literal>). In the former case |
| the kernel command line is searched for the word appearing as |
| is, or as left hand side of an assignment. In the latter case, |
| the exact assignment is looked for with right and left hand |
| side matching.</para> |
| |
| <para><varname>ConditionSecurity=</varname> may be used to |
| check whether the given security module is enabled on the |
| system. Currently, the recognized values are |
| <varname>selinux</varname>, |
| <varname>apparmor</varname>, |
| <varname>ima</varname>, |
| <varname>smack</varname> and |
| <varname>audit</varname>. The test may be negated by |
| prepending an exclamation mark.</para> |
| |
| <para><varname>ConditionCapability=</varname> may be used to |
| check whether the given capability exists in the capability |
| bounding set of the service manager (i.e. this does not check |
| whether capability is actually available in the permitted or |
| effective sets, see |
| <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for details). Pass a capability name such as |
| <literal>CAP_MKNOD</literal>, possibly prefixed with an |
| exclamation mark to negate the check.</para> |
| |
| <para><varname>ConditionACPower=</varname> may be used to |
| check whether the system has AC power, or is exclusively |
| battery powered at the time of activation of the unit. This |
| takes a boolean argument. If set to <varname>true</varname>, |
| the condition will hold only if at least one AC connector of |
| the system is connected to a power source, or if no AC |
| connectors are known. Conversely, if set to |
| <varname>false</varname>, the condition will hold only if |
| there is at least one AC connector known and all AC connectors |
| are disconnected from a power source.</para> |
| |
| <para><varname>ConditionNeedsUpdate=</varname> takes one of |
| <filename>/var</filename> or <filename>/etc</filename> as |
| argument, possibly prefixed with a <literal>!</literal> (for |
| inverting the condition). This condition may be used to |
| conditionalize units on whether the specified directory |
| requires an update because <filename>/usr</filename>'s |
| modification time is newer than the stamp file |
| <filename>.updated</filename> in the specified directory. This |
| is useful to implement offline updates of the vendor operating |
| system resources in <filename>/usr</filename> that require |
| updating of <filename>/etc</filename> or |
| <filename>/var</filename> on the next following boot. Units |
| making use of this condition should order themselves before |
| <citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| to make sure they run before the stamp file's modification |
| time gets reset indicating a completed update.</para> |
| |
| <para><varname>ConditionFirstBoot=</varname> takes a boolean argument. This condition may be used to |
| conditionalize units on whether the system is booting up with an unpopulated <filename>/etc</filename> |
| directory (specifically: an <filename>/etc</filename> with no <filename>/etc/machine-id</filename>). This may |
| be used to populate <filename>/etc</filename> on the first boot after factory reset, or when a new system |
| instance boots up for the first time.</para> |
| |
| <para>With <varname>ConditionPathExists=</varname> a file |
| existence condition is checked before a unit is started. If |
| the specified absolute path name does not exist, the condition |
| will fail. If the absolute path name passed to |
| <varname>ConditionPathExists=</varname> is prefixed with an |
| exclamation mark (<literal>!</literal>), the test is negated, |
| and the unit is only started if the path does not |
| exist.</para> |
| |
| <para><varname>ConditionPathExistsGlob=</varname> is similar |
| to <varname>ConditionPathExists=</varname>, but checks for the |
| existence of at least one file or directory matching the |
| specified globbing pattern.</para> |
| |
| <para><varname>ConditionPathIsDirectory=</varname> is similar |
| to <varname>ConditionPathExists=</varname> but verifies |
| whether a certain path exists and is a directory.</para> |
| |
| <para><varname>ConditionPathIsSymbolicLink=</varname> is |
| similar to <varname>ConditionPathExists=</varname> but |
| verifies whether a certain path exists and is a symbolic |
| link.</para> |
| |
| <para><varname>ConditionPathIsMountPoint=</varname> is similar |
| to <varname>ConditionPathExists=</varname> but verifies |
| whether a certain path exists and is a mount point.</para> |
| |
| <para><varname>ConditionPathIsReadWrite=</varname> is similar |
| to <varname>ConditionPathExists=</varname> but verifies |
| whether the underlying file system is readable and writable |
| (i.e. not mounted read-only).</para> |
| |
| <para><varname>ConditionDirectoryNotEmpty=</varname> is |
| similar to <varname>ConditionPathExists=</varname> but |
| verifies whether a certain path exists and is a non-empty |
| directory.</para> |
| |
| <para><varname>ConditionFileNotEmpty=</varname> is similar to |
| <varname>ConditionPathExists=</varname> but verifies whether a |
| certain path exists and refers to a regular file with a |
| non-zero size.</para> |
| |
| <para><varname>ConditionFileIsExecutable=</varname> is similar |
| to <varname>ConditionPathExists=</varname> but verifies |
| whether a certain path exists, is a regular file and marked |
| executable.</para> |
| |
| <para><varname>ConditionUser=</varname> takes a numeric |
| <literal>UID</literal>, a UNIX user name, or the special value |
| <literal>@system</literal>. This condition may be used to check |
| whether the service manager is running as the given user. The |
| special value <literal>@system</literal> can be used to check |
| if the user id is within the system user range. This option is not |
| useful for system services, as the system manager exclusively |
| runs as the root user, and thus the test result is constant.</para> |
| |
| <para><varname>ConditionGroup=</varname> is similar |
| to <varname>ConditionUser=</varname> but verifies that the |
| service manager's real or effective group, or any of its |
| auxiliary groups match the specified group or GID. This setting |
| does not have a special value <literal>@system</literal>.</para> |
| |
| <para>If multiple conditions are specified, the unit will be |
| executed if all of them apply (i.e. a logical AND is applied). |
| Condition checks can be prefixed with a pipe symbol (|) in |
| which case a condition becomes a triggering condition. If at |
| least one triggering condition is defined for a unit, then the |
| unit will be executed if at least one of the triggering |
| conditions apply and all of the non-triggering conditions. If |
| you prefix an argument with the pipe symbol and an exclamation |
| mark, the pipe symbol must be passed first, the exclamation |
| second. Except for |
| <varname>ConditionPathIsSymbolicLink=</varname>, all path |
| checks follow symlinks. If any of these options is assigned |
| the empty string, the list of conditions is reset completely, |
| all previous condition settings (of any kind) will have no |
| effect.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>AssertArchitecture=</varname></term> |
| <term><varname>AssertVirtualization=</varname></term> |
| <term><varname>AssertHost=</varname></term> |
| <term><varname>AssertKernelCommandLine=</varname></term> |
| <term><varname>AssertSecurity=</varname></term> |
| <term><varname>AssertCapability=</varname></term> |
| <term><varname>AssertACPower=</varname></term> |
| <term><varname>AssertNeedsUpdate=</varname></term> |
| <term><varname>AssertFirstBoot=</varname></term> |
| <term><varname>AssertPathExists=</varname></term> |
| <term><varname>AssertPathExistsGlob=</varname></term> |
| <term><varname>AssertPathIsDirectory=</varname></term> |
| <term><varname>AssertPathIsSymbolicLink=</varname></term> |
| <term><varname>AssertPathIsMountPoint=</varname></term> |
| <term><varname>AssertPathIsReadWrite=</varname></term> |
| <term><varname>AssertDirectoryNotEmpty=</varname></term> |
| <term><varname>AssertFileNotEmpty=</varname></term> |
| <term><varname>AssertFileIsExecutable=</varname></term> |
| <term><varname>AssertUser=</varname></term> |
| <term><varname>AssertGroup=</varname></term> |
| |
| <listitem><para>Similar to the <varname>ConditionArchitecture=</varname>, |
| <varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add |
| assertion checks to the start-up of the unit. However, unlike the conditions settings, any assertion setting |
| that is not met results in failure of the start job (which means this is logged loudly). Use assertion |
| expressions for units that cannot operate when specific requirements are not met, and when this is something |
| the administrator or user should look into.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>SourcePath=</varname></term> |
| <listitem><para>A path to a configuration file this unit has |
| been generated from. This is primarily useful for |
| implementation of generator tools that convert configuration |
| from an external configuration file format into native unit |
| files. This functionality should not be used in normal |
| units.</para></listitem> |
| </varlistentry> |
| |
| </variablelist> |
| |
| </refsect1> |
| |
| <refsect1> |
| <title>[Install] Section Options</title> |
| |
| <para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for |
| the unit. This section is not interpreted by |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is |
| used by the <command>enable</command> and <command>disable</command> commands of the |
| <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during |
| installation of a unit. Note that settings in the <literal>[Install]</literal> section may not appear in |
| <filename>.d/*.conf</filename> unit file drop-ins (see above).</para> |
| |
| <variablelist class='unit-directives'> |
| <varlistentry> |
| <term><varname>Alias=</varname></term> |
| |
| <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed |
| here must have the same suffix (i.e. type) as the unit filename. This option may be specified more than once, |
| in which case all listed names are used. At installation time, <command>systemctl enable</command> will create |
| symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this |
| setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support |
| aliasing.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>WantedBy=</varname></term> |
| <term><varname>RequiredBy=</varname></term> |
| |
| <listitem><para>This option may be used more than once, or a |
| space-separated list of unit names may be given. A symbolic |
| link is created in the <filename>.wants/</filename> or |
| <filename>.requires/</filename> directory of each of the |
| listed units when this unit is installed by <command>systemctl |
| enable</command>. This has the effect that a dependency of |
| type <varname>Wants=</varname> or <varname>Requires=</varname> |
| is added from the listed unit to the current unit. The primary |
| result is that the current unit will be started when the |
| listed unit is started. See the description of |
| <varname>Wants=</varname> and <varname>Requires=</varname> in |
| the [Unit] section for details.</para> |
| |
| <para><command>WantedBy=foo.service</command> in a service |
| <filename>bar.service</filename> is mostly equivalent to |
| <command>Alias=foo.service.wants/bar.service</command> in the |
| same file. In case of template units, <command>systemctl |
| enable</command> must be called with an instance name, and |
| this instance will be added to the |
| <filename>.wants/</filename> or |
| <filename>.requires/</filename> list of the listed unit. E.g. |
| <command>WantedBy=getty.target</command> in a service |
| <filename>getty@.service</filename> will result in |
| <command>systemctl enable getty@tty2.service</command> |
| creating a |
| <filename>getty.target.wants/getty@tty2.service</filename> |
| link to <filename>getty@.service</filename>. |
| </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>Also=</varname></term> |
| |
| <listitem><para>Additional units to install/deinstall when |
| this unit is installed/deinstalled. If the user requests |
| installation/deinstallation of a unit with this option |
| configured, <command>systemctl enable</command> and |
| <command>systemctl disable</command> will automatically |
| install/uninstall units listed in this option as well.</para> |
| |
| <para>This option may be used more than once, or a |
| space-separated list of unit names may be |
| given.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultInstance=</varname></term> |
| |
| <listitem><para>In template unit files, this specifies for |
| which instance the unit shall be enabled if the template is |
| enabled without any explicitly set instance. This option has |
| no effect in non-template unit files. The specified string |
| must be usable as instance identifier.</para></listitem> |
| </varlistentry> |
| </variablelist> |
| |
| <para>The following specifiers are interpreted in the Install |
| section: %n, %N, %p, %i, %U, %u, %m, %H, %b, %v. For their meaning |
| see the next section. |
| </para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Specifiers</title> |
| |
| <para>Many settings resolve specifiers which may be used to write |
| generic unit files referring to runtime or unit parameters that |
| are replaced when the unit files are loaded. The following |
| specifiers are understood:</para> |
| |
| <table> |
| <title>Specifiers available in unit files</title> |
| <tgroup cols='3' align='left' colsep='1' rowsep='1'> |
| <colspec colname="spec" /> |
| <colspec colname="mean" /> |
| <colspec colname="detail" /> |
| <thead> |
| <row> |
| <entry>Specifier</entry> |
| <entry>Meaning</entry> |
| <entry>Details</entry> |
| </row> |
| </thead> |
| <tbody> |
| <row> |
| <entry><literal>%n</literal></entry> |
| <entry>Full unit name</entry> |
| <entry></entry> |
| </row> |
| <row> |
| <entry><literal>%N</literal></entry> |
| <entry>Unescaped full unit name</entry> |
| <entry>Same as <literal>%n</literal>, but with escaping undone</entry> |
| </row> |
| <row> |
| <entry><literal>%p</literal></entry> |
| <entry>Prefix name</entry> |
| <entry>For instantiated units, this refers to the string before the <literal>@</literal> character of the unit name. For non-instantiated units, this refers to the name of the unit with the type suffix removed.</entry> |
| </row> |
| <row> |
| <entry><literal>%P</literal></entry> |
| <entry>Unescaped prefix name</entry> |
| <entry>Same as <literal>%p</literal>, but with escaping undone</entry> |
| </row> |
| <row> |
| <entry><literal>%i</literal></entry> |
| <entry>Instance name</entry> |
| <entry>For instantiated units: this is the string between the <literal>@</literal> character and the suffix of the unit name.</entry> |
| </row> |
| <row> |
| <entry><literal>%I</literal></entry> |
| <entry>Unescaped instance name</entry> |
| <entry>Same as <literal>%i</literal>, but with escaping undone</entry> |
| </row> |
| <row> |
| <entry><literal>%f</literal></entry> |
| <entry>Unescaped filename</entry> |
| <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>.</entry> |
| </row> |
| <row> |
| <entry><literal>%t</literal></entry> |
| <entry>Runtime directory</entry> |
| <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry> |
| </row> |
| <row> |
| <entry><literal>%u</literal></entry> |
| <entry>User name</entry> |
| <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> |
| </row> |
| <row> |
| <entry><literal>%U</literal></entry> |
| <entry>User UID</entry> |
| <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> |
| </row> |
| <row> |
| <entry><literal>%h</literal></entry> |
| <entry>User home directory</entry> |
| <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry> |
| </row> |
| <row> |
| <entry><literal>%s</literal></entry> |
| <entry>User shell</entry> |
| <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry> |
| </row> |
| <row> |
| <entry><literal>%m</literal></entry> |
| <entry>Machine ID</entry> |
| <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry> |
| </row> |
| <row> |
| <entry><literal>%b</literal></entry> |
| <entry>Boot ID</entry> |
| <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry> |
| </row> |
| <row> |
| <entry><literal>%H</literal></entry> |
| <entry>Host name</entry> |
| <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry> |
| </row> |
| <row> |
| <entry><literal>%v</literal></entry> |
| <entry>Kernel release</entry> |
| <entry>Identical to <command>uname -r</command> output</entry> |
| </row> |
| <row> |
| <entry><literal>%%</literal></entry> |
| <entry>Single percent sign</entry> |
| <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry> |
| </row> |
| </tbody> |
| </tgroup> |
| </table> |
| |
| </refsect1> |
| |
| <refsect1> |
| <title>Examples</title> |
| |
| <example> |
| <title>Allowing units to be enabled</title> |
| |
| <para>The following snippet (highlighted) allows a unit (e.g. |
| <filename>foo.service</filename>) to be enabled via |
| <command>systemctl enable</command>:</para> |
| |
| <programlisting>[Unit] |
| Description=Foo |
| |
| [Service] |
| ExecStart=/usr/sbin/foo-daemon |
| |
| <emphasis>[Install]</emphasis> |
| <emphasis>WantedBy=multi-user.target</emphasis></programlisting> |
| |
| <para>After running <command>systemctl enable</command>, a |
| symlink |
| <filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename> |
| linking to the actual unit will be created. It tells systemd to |
| pull in the unit when starting |
| <filename>multi-user.target</filename>. The inverse |
| <command>systemctl disable</command> will remove that symlink |
| again.</para> |
| </example> |
| |
| <example> |
| <title>Overriding vendor settings</title> |
| |
| <para>There are two methods of overriding vendor settings in |
| unit files: copying the unit file from |
| <filename>/usr/lib/systemd/system</filename> to |
| <filename>/etc/systemd/system</filename> and modifying the |
| chosen settings. Alternatively, one can create a directory named |
| <filename><replaceable>unit</replaceable>.d/</filename> within |
| <filename>/etc/systemd/system</filename> and place a drop-in |
| file <filename><replaceable>name</replaceable>.conf</filename> |
| there that only changes the specific settings one is interested |
| in. Note that multiple such drop-in files are read if |
| present, processed in lexicographic order of their filename.</para> |
| |
| <para>The advantage of the first method is that one easily |
| overrides the complete unit, the vendor unit is not parsed at |
| all anymore. It has the disadvantage that improvements to the |
| unit file by the vendor are not automatically incorporated on |
| updates.</para> |
| |
| <para>The advantage of the second method is that one only |
| overrides the settings one specifically wants, where updates to |
| the unit by the vendor automatically apply. This has the |
| disadvantage that some future updates by the vendor might be |
| incompatible with the local changes.</para> |
| |
| <para>Note that for drop-in files, if one wants to remove |
| entries from a setting that is parsed as a list (and is not a |
| dependency), such as <varname>ConditionPathExists=</varname> (or |
| e.g. <varname>ExecStart=</varname> in service units), one needs |
| to first clear the list before re-adding all entries except the |
| one that is to be removed. See below for an example.</para> |
| |
| <para>This also applies for user instances of systemd, but with |
| different locations for the unit files. See the section on unit |
| load paths for further details.</para> |
| |
| <para>Suppose there is a vendor-supplied unit |
| <filename>/usr/lib/systemd/system/httpd.service</filename> with |
| the following contents:</para> |
| |
| <programlisting>[Unit] |
| Description=Some HTTP server |
| After=remote-fs.target sqldb.service |
| Requires=sqldb.service |
| AssertPathExists=/srv/webserver |
| |
| [Service] |
| Type=notify |
| ExecStart=/usr/sbin/some-fancy-httpd-server |
| Nice=5 |
| |
| [Install] |
| WantedBy=multi-user.target</programlisting> |
| |
| <para>Now one wants to change some settings as an administrator: |
| firstly, in the local setup, <filename>/srv/webserver</filename> |
| might not exist, because the HTTP server is configured to use |
| <filename>/srv/www</filename> instead. Secondly, the local |
| configuration makes the HTTP server also depend on a memory |
| cache service, <filename>memcached.service</filename>, that |
| should be pulled in (<varname>Requires=</varname>) and also be |
| ordered appropriately (<varname>After=</varname>). Thirdly, in |
| order to harden the service a bit more, the administrator would |
| like to set the <varname>PrivateTmp=</varname> setting (see |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details). And lastly, the administrator would like to reset |
| the niceness of the service to its default value of 0.</para> |
| |
| <para>The first possibility is to copy the unit file to |
| <filename>/etc/systemd/system/httpd.service</filename> and |
| change the chosen settings:</para> |
| |
| <programlisting>[Unit] |
| Description=Some HTTP server |
| After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis> |
| Requires=sqldb.service <emphasis>memcached.service</emphasis> |
| AssertPathExists=<emphasis>/srv/www</emphasis> |
| |
| [Service] |
| Type=notify |
| ExecStart=/usr/sbin/some-fancy-httpd-server |
| <emphasis>Nice=0</emphasis> |
| <emphasis>PrivateTmp=yes</emphasis> |
| |
| [Install] |
| WantedBy=multi-user.target</programlisting> |
| |
| <para>Alternatively, the administrator could create a drop-in |
| file |
| <filename>/etc/systemd/system/httpd.service.d/local.conf</filename> |
| with the following contents:</para> |
| |
| <programlisting>[Unit] |
| After=memcached.service |
| Requires=memcached.service |
| # Reset all assertions and then re-add the condition we want |
| AssertPathExists= |
| AssertPathExists=/srv/www |
| |
| [Service] |
| Nice=0 |
| PrivateTmp=yes</programlisting> |
| |
| <para>Note that dependencies (<varname>After=</varname>, etc.) |
| cannot be reset to an empty list, so dependencies can only be |
| added in drop-ins. If you want to remove dependencies, you have |
| to override the entire unit.</para> |
| |
| </example> |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| |
| </refentry> |