diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:25:50 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:25:50 +0000 |
| commit | 19f4f86bfed21c5326ed2acebe1163f3a83e832b (patch) | |
| tree | d59b9989ce55ed23693e80974d94c856f1c2c8b1 /man/systemd.unit.xml | |
| parent | Initial commit. (diff) | |
| download | systemd-19f4f86bfed21c5326ed2acebe1163f3a83e832b.tar.xz systemd-19f4f86bfed21c5326ed2acebe1163f3a83e832b.zip | |
Adding upstream version 241.upstream/241upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/systemd.unit.xml')
| -rw-r--r-- | man/systemd.unit.xml | 1866 |
1 files changed, 1866 insertions, 0 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml new file mode 100644 index 0000000..f21f9ea --- /dev/null +++ b/man/systemd.unit.xml @@ -0,0 +1,1866 @@ +<?xml version='1.0'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ +<!ENTITY % entities SYSTEM "custom-entities.ent" > +%entities; +]> + +<!-- + SPDX-License-Identifier: LGPL-2.1+ +--> + +<refentry id="systemd.unit"> + + <refentryinfo> + <title>systemd.unit</title> + <productname>systemd</productname> + </refentryinfo> + + <refmeta> + <refentrytitle>systemd.unit</refentrytitle> + <manvolnum>5</manvolnum> + </refmeta> + + <refnamediv> + <refname>systemd.unit</refname> + <refpurpose>Unit configuration</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <para><filename><replaceable>service</replaceable>.service</filename>, + <filename><replaceable>socket</replaceable>.socket</filename>, + <filename><replaceable>device</replaceable>.device</filename>, + <filename><replaceable>mount</replaceable>.mount</filename>, + <filename><replaceable>automount</replaceable>.automount</filename>, + <filename><replaceable>swap</replaceable>.swap</filename>, + <filename><replaceable>target</replaceable>.target</filename>, + <filename><replaceable>path</replaceable>.path</filename>, + <filename><replaceable>timer</replaceable>.timer</filename>, + <filename><replaceable>slice</replaceable>.slice</filename>, + <filename><replaceable>scope</replaceable>.scope</filename></para> + + <refsect2> + <title>System Unit Search Path</title> + + <para><literallayout><filename>/etc/systemd/system.control/*</filename> +<filename>/run/systemd/system.control/*</filename> +<filename>/run/systemd/transient/*</filename> +<filename>/run/systemd/generator.early/*</filename> +<filename>/etc/systemd/system/*</filename> +<filename>/etc/systemd/systemd.attached/*</filename> +<filename>/run/systemd/system/*</filename> +<filename>/run/systemd/systemd.attached/*</filename> +<filename>/run/systemd/generator/*</filename> +<filename>…</filename> +<filename>/usr/lib/systemd/system/*</filename> +<filename>/run/systemd/generator.late/*</filename></literallayout></para> + </refsect2> + + <refsect2> + <title>User Unit Search Path</title> + <para><literallayout><filename>~/.config/systemd/user.control/*</filename> +<filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename> +<filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename> +<filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename> +<filename>~/.config/systemd/user/*</filename> +<filename>/etc/systemd/user/*</filename> +<filename>$XDG_RUNTIME_DIR/systemd/user/*</filename> +<filename>/run/systemd/user/*</filename> +<filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename> +<filename>~/.local/share/systemd/user/*</filename> +<filename>…</filename> +<filename>/usr/lib/systemd/user/*</filename> +<filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></literallayout></para> + </refsect2> + + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <para>A unit file is a plain text ini-style file that encodes information about a service, a + socket, a device, a mount point, an automount point, a swap file or partition, a start-up + target, a watched file system path, a timer controlled and supervised by + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, a + resource management slice or a group of externally created processes. See + <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for a general description of the syntax.</para> + + <para>This man page lists the common configuration options of all + the unit types. These options need to be configured in the [Unit] + or [Install] sections of the unit files.</para> + + <para>In addition to the generic [Unit] and [Install] sections + described here, each unit may have a type-specific section, e.g. + [Service] for a service unit. See the respective man pages for + more information: + <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> + + <para>Unit files are loaded from a set of paths determined during + compilation, described in the next section.</para> + + <para>Unit files can be parameterized by a single argument called the "instance name". The unit + is then constructed based on a "template file" which serves as the definition of multiple + services or other units. A template unit must have a single <literal>@</literal> at the end of + the name (right before the type suffix). The name of the full unit is formed by inserting the + instance name between <literal>@</literal> and the unit type suffix. In the unit file itself, + the instance parameter may be referred to using <literal>%i</literal> and other specifiers, see + below.</para> + + <para>Unit files may contain additional options on top of those + listed here. If systemd encounters an unknown option, it will + write a warning log message but continue loading the unit. If an + option or section name is prefixed with <option>X-</option>, it is + ignored completely by systemd. Options within an ignored section + do not need the prefix. Applications may use this to include + additional information in the unit files.</para> + + <para>Units can be aliased (have an alternative name), by creating a symlink from the new name + to the existing name in one of the unit search paths. For example, + <filename>systemd-networkd.service</filename> has the alias + <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the + symlink <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In + addition, unit files may specify aliases through the <varname>Alias=</varname> directive in the + [Install] section; those aliases are only effective when the unit is enabled. When the unit is + enabled, symlinks will be created for those names, and removed when the unit is disabled. For + example, <filename>reboot.target</filename> specifies + <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever + CTRL+ALT+DEL is pressed. Alias names may be used in commands like <command>enable</command>, + <command>disable</command>, <command>start</command>, <command>stop</command>, + <command>status</command>, …, and in unit dependency directives <varname>Wants=</varname>, + <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …, with the + limitation that aliases specified through <varname>Alias=</varname> are only effective when the + unit is enabled. Aliases cannot be used with the <command>preset</command> command.</para> + + <para>Along with a unit file <filename>foo.service</filename>, the directory + <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a + directory are implicitly added as dependencies of type <varname>Wants=</varname> to the unit. + This is useful to hook units into the start-up of other units, without having to modify their + unit files. For details about the semantics of <varname>Wants=</varname>, see below. The + preferred way to create symlinks in the <filename>.wants/</filename> directory of a unit file is + with the <command>enable</command> command of the + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> + tool which reads information from the [Install] section of unit files (see below). A similar + functionality exists for <varname>Requires=</varname> type dependencies as well, the directory + suffix is <filename>.requires/</filename> in this case.</para> + + <para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory + <filename>foo.service.d/</filename> may exist. All files with the suffix <literal>.conf</literal> from this + directory will be parsed after the unit file itself is parsed. This is useful to alter or add configuration + settings for a unit, without having to modify unit files. Drop-in files must contain appropriate section + headers. For instantiated units, this logic will first look for the instance <literal>.d/</literal> subdirectory + (e.g. <literal>foo@bar.service.d/</literal>) and read its <literal>.conf</literal> files, followed by the template + <literal>.d/</literal> subdirectory (e.g. <literal>foo@.service.d/</literal>) and the <literal>.conf</literal> + files there. Moreover for units names containing dashes (<literal>-</literal>), the set of directories generated by + truncating the unit name after all dashes is searched too. Specifically, for a unit name + <filename>foo-bar-baz.service</filename> not only the regular drop-in directory + <filename>foo-bar-baz.service.d/</filename> is searched but also both <filename>foo-bar-.service.d/</filename> and + <filename>foo-.service.d/</filename>. This is useful for defining common drop-ins for a set of related units, whose + names begin with a common prefix. This scheme is particularly useful for mount, automount and slice units, whose + systematic naming structure is built around dashes as component separators. Note that equally named drop-in files + further down the prefix hierarchy override those further up, + i.e. <filename>foo-bar-.service.d/10-override.conf</filename> overrides + <filename>foo-.service.d/10-override.conf</filename>.</para> + + <para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d/</literal> + directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or + <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename> + take precedence over those in <filename>/run</filename> which in turn take precedence over those + in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence + over unit files wherever located. Multiple drop-in files with different names are applied in + lexicographic order, regardless of which of the directories they reside in.</para> + + <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want + people to use .d/ drop-ins instead. --> + + <para>Note that while systemd offers a flexible dependency system + between units it is recommended to use this functionality only + sparingly and instead rely on techniques such as bus-based or + socket-based activation which make dependencies implicit, + resulting in a both simpler and more flexible system.</para> + + <para>As mentioned above, a unit may be instantiated from a template file. This allows creation + of multiple units from a single configuration file. If systemd looks for a unit configuration + file, it will first search for the literal unit name in the file system. If that yields no + success and the unit name contains an <literal>@</literal> character, systemd will look for a + unit template that shares the same name but with the instance string (i.e. the part between the + <literal>@</literal> character and the suffix) removed. Example: if a service + <filename>getty@tty3.service</filename> is requested and no file by that name is found, systemd + will look for <filename>getty@.service</filename> and instantiate a service from that + configuration file if it is found.</para> + + <para>To refer to the instance string from within the + configuration file you may use the special <literal>%i</literal> + specifier in many of the configuration options. See below for + details.</para> + + <para>If a unit file is empty (i.e. has the file size 0) or is + symlinked to <filename>/dev/null</filename>, its configuration + will not be loaded and it appears with a load state of + <literal>masked</literal>, and cannot be activated. Use this as an + effective way to fully disable a unit, making it impossible to + start it even manually.</para> + + <para>The unit file format is covered by the + <ulink + url="https://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise">Interface + Stability Promise</ulink>.</para> + + </refsect1> + + <refsect1> + <title>String Escaping for Inclusion in Unit Names</title> + + <para>Sometimes it is useful to convert arbitrary strings into unit names. To facilitate this, a method of string + escaping is used, in order to map strings containing arbitrary byte values (except NUL) into valid unit names and + their restricted character set. A common special case are unit names that reflect paths to objects in the file + system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device with the device + node <filename noindex='true'>/dev/sda</filename> in the file system.</para> + + <para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is replaced by + <literal>-</literal>, and all other characters which are not ASCII alphanumerics or <literal>_</literal> are + replaced by C-style <literal>\x2d</literal> escapes. In addition, <literal>.</literal> is replaced with such a + C-style escape when it would appear as the first character in the escaped string.</para> + + <para>When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the + root directory <literal>/</literal> is encoded as single dash <literal>-</literal>. In addition, any leading, + trailing or duplicate <literal>/</literal> characters are removed from the string before transformation. Example: + <filename>/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para> + + <para>This escaping is fully reversible, as long as it is known whether the escaped string was a path (the + unescaping results are different for paths and non-path strings). The + <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> command may be + used to apply and reverse escaping on arbitrary strings. Use <command>systemd-escape --path</command> to escape + path strings, and <command>systemd-escape</command> without <option>--path</option> otherwise.</para> + </refsect1> + + <refsect1> + <title>Automatic dependencies</title> + + <refsect2> + <title>Implicit Dependencies</title> + + <para>A number of unit dependencies are implicitly established, depending on unit type and + unit configuration. These implicit dependencies can make unit configuration file cleaner. For + the implicit dependencies in each unit type, please refer to section "Implicit Dependencies" + in respective man pages.</para> + + <para>For example, service units with <varname>Type=dbus</varname> automatically acquire + dependencies of type <varname>Requires=</varname> and <varname>After=</varname> on + <filename>dbus.socket</filename>. See + <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details.</para> + </refsect2> + + <refsect2> + <title>Default Dependencies</title> + + <para>Default dependencies are similar to implicit dependencies, but can be turned on and off + by setting <varname>DefaultDependencies=</varname> to <varname>yes</varname> (the default) and + <varname>no</varname>, while implicit dependencies are always in effect. See section "Default + Dependencies" in respective man pages for the effect of enabling + <varname>DefaultDependencies=</varname> in each unit types.</para> + + <para>For example, target units will complement all configured dependencies of type + <varname>Wants=</varname> or <varname>Requires=</varname> with dependencies of type + <varname>After=</varname> unless <varname>DefaultDependencies=no</varname> is set in the + specified units. See + <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details. Note that this behavior can be turned off by setting + <varname>DefaultDependencies=no</varname>.</para> + </refsect2> + </refsect1> + + <refsect1> + <title>Unit File Load Path</title> + + <para>Unit files are loaded from a set of paths determined during + compilation, described in the two tables below. Unit files found + in directories listed earlier override files with the same name in + directories lower in the list.</para> + + <para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set, + the contents of this variable overrides the unit load path. If + <varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component + (<literal>:</literal>), the usual unit load path will be appended + to the contents of the variable.</para> + + <table> + <title> + Load path when running in system mode (<option>--system</option>). + </title> + + <tgroup cols='2'> + <colspec colname='path' /> + <colspec colname='expl' /> + <thead> + <row> + <entry>Path</entry> + <entry>Description</entry> + </row> + </thead> + <tbody> + <row> + <entry><filename>/etc/systemd/system.control</filename></entry> + <entry morerows="1">Persistent and transient configuration created using the dbus API</entry> + </row> + <row> + <entry><filename>/run/systemd/system.control</filename></entry> + </row> + <row> + <entry><filename>/run/systemd/transient</filename></entry> + <entry>Dynamic configuration for transient units</entry> + </row> + <row> + <entry><filename>/run/systemd/generator.early</filename></entry> + <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry + ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> + </row> + <row> + <entry><filename>/etc/systemd/system</filename></entry> + <entry>Local configuration</entry> + </row> + <row> + <entry><filename>/run/systemd/system</filename></entry> + <entry>Runtime units</entry> + </row> + <row> + <entry><filename>/run/systemd/generator</filename></entry> + <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry + ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> + </row> + <row> + <entry><filename>/usr/local/lib/systemd/system</filename></entry> + <entry morerows="1">Units of installed packages</entry> + </row> + <row> + <entry><filename>/usr/lib/systemd/system</filename></entry> + </row> + <row> + <entry><filename>/run/systemd/generator.late</filename></entry> + <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry + ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> + </row> + </tbody> + </tgroup> + </table> + + <table> + <title> + Load path when running in user mode (<option>--user</option>). + </title> + + <tgroup cols='2'> + <colspec colname='path' /> + <colspec colname='expl' /> + <thead> + <row> + <entry>Path</entry> + <entry>Description</entry> + </row> + </thead> + <tbody> + <row> + <entry><filename>$XDG_CONFIG_HOME/systemd/user.control</filename> or <filename + >~/.config/systemd/user.control</filename></entry> + <entry morerows="1">Persistent and transient configuration created using the dbus API (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry> + </row> + <row> + <entry><filename>$XDG_RUNTIME_DIR/systemd/user.control</filename></entry> + </row> + <row> + <entry><filename>/run/systemd/transient</filename></entry> + <entry>Dynamic configuration for transient units</entry> + </row> + <row> + <entry><filename>/run/systemd/generator.early</filename></entry> + <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry + ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> + </row> + <row> + <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename> or <filename>$HOME/.config/systemd/user</filename></entry> + <entry>User configuration (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry> + </row> + <row> + <entry><filename>/etc/systemd/user</filename></entry> + <entry>Local configuration</entry> + </row> + <row> + <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry> + <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry> + </row> + <row> + <entry><filename>/run/systemd/user</filename></entry> + <entry>Runtime units</entry> + </row> + <row> + <entry><filename>$XDG_RUNTIME_DIR/systemd/generator</filename></entry> + <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry + ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> + </row> + <row> + <entry><filename>$XDG_DATA_HOME/systemd/user</filename> or <filename>$HOME/.local/share/systemd/user</filename></entry> + <entry>Units of packages that have been installed in the home directory (<varname>$XDG_DATA_HOME</varname> is used if set, <filename>~/.local/share</filename> otherwise)</entry> + </row> + <row> + <entry><filename>$dir/systemd/user</filename> for each <varname noindex='true'>$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry> + <entry>Additional locations for installed user units, one for each entry in <varname>$XDG_DATA_DIRS</varname></entry> + </row> + <row> + <entry><filename>/usr/local/lib/systemd/user</filename></entry> + <entry morerows="1">Units of packages that have been installed system-wide</entry> + </row> + <row> + <entry><filename>/usr/lib/systemd/user</filename></entry> + </row> + <row> + <entry><filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename></entry> + <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry + ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> + </row> + </tbody> + </tgroup> + </table> + + <para>The set of load paths for the user manager instance may be augmented or + changed using various environment variables. And environment variables may in + turn be set using environment generators, see + <citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>. + In particular, <varname>$XDG_DATA_HOME</varname> and + <varname>$XDG_DATA_DIRS</varname> may be easily set using + <citerefentry><refentrytitle>systemd-environment-d-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>. + Thus, directories listed here are just the defaults. To see the actual list that + would be used based on compilation options and current environment use + <programlisting>systemd-analyze --user unit-paths</programlisting> + </para> + + <para>Moreover, additional units might be loaded into systemd ("linked") from + directories not on the unit load path. See the <command>link</command> command + for + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. + </para> + </refsect1> + + <refsect1> + <title>Unit Garbage Collection</title> + + <para>The system and service manager loads a unit's configuration automatically when a unit is referenced for the + first time. It will automatically unload the unit configuration and state again when the unit is not needed anymore + ("garbage collection"). A unit may be referenced through a number of different mechanisms:</para> + + <orderedlist> + <listitem><para>Another loaded unit references it with a dependency such as <varname>After=</varname>, + <varname>Wants=</varname>, …</para></listitem> + + <listitem><para>The unit is currently starting, running, reloading or stopping.</para></listitem> + + <listitem><para>The unit is currently in the <constant>failed</constant> state. (But see below.)</para></listitem> + + <listitem><para>A job for the unit is pending.</para></listitem> + + <listitem><para>The unit is pinned by an active IPC client program.</para></listitem> + + <listitem><para>The unit is a special "perpetual" unit that is always active and loaded. Examples for perpetual + units are the root mount unit <filename>-.mount</filename> or the scope unit <filename>init.scope</filename> that + the service manager itself lives in.</para></listitem> + + <listitem><para>The unit has running processes associated with it.</para></listitem> + </orderedlist> + + <para>The garbage collection logic may be altered with the <varname>CollectMode=</varname> option, which allows + configuration whether automatic unloading of units that are in <constant>failed</constant> state is permissible, + see below.</para> + + <para>Note that when a unit's configuration and state is unloaded, all execution results, such as exit codes, exit + signals, resource consumption and other statistics are lost, except for what is stored in the log subsystem.</para> + + <para>Use <command>systemctl daemon-reload</command> or an equivalent command to reload unit configuration while + the unit is already loaded. In this case all configuration settings are flushed out and replaced with the new + configuration (which however might not be in effect immediately), however all runtime state is + saved/restored.</para> + </refsect1> + + <refsect1> + <title>[Unit] Section Options</title> + + <para>The unit file may include a [Unit] section, which carries + generic information about the unit that is not dependent on the + type of unit:</para> + + <variablelist class='unit-directives'> + + <varlistentry> + <term><varname>Description=</varname></term> + <listitem><para>A human readable name for the unit. This is used by + <command>systemd</command> (and other UIs) as the label for the unit, so this string should + identify the unit rather than describe it, despite the name. <literal>Apache2 Web + Server</literal> is a good example. Bad examples are <literal>high-performance light-weight + HTTP server</literal> (too generic) or <literal>Apache2</literal> (too specific and + meaningless for people who do not know Apache). <command>systemd</command> will use this + string as a noun in status messages (<literal>Starting + <replaceable>description</replaceable>...</literal>, <literal>Started + <replaceable>description</replaceable>.</literal>, <literal>Reached target + <replaceable>description</replaceable>.</literal>, <literal>Failed to start + <replaceable>description</replaceable>.</literal>), so it should be capitalized, and should + not be a full sentence or a phrase with a continous verb. Bad examples include + <literal>exiting the container</literal> or <literal>updating the database once per + day.</literal>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>Documentation=</varname></term> + <listitem><para>A space-separated list of URIs referencing + documentation for this unit or its configuration. Accepted are + only URIs of the types <literal>http://</literal>, + <literal>https://</literal>, <literal>file:</literal>, + <literal>info:</literal>, <literal>man:</literal>. For more + information about the syntax of these URIs, see <citerefentry + project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>. + The URIs should be listed in order of relevance, starting with + the most relevant. It is a good idea to first reference + documentation that explains what the unit's purpose is, + followed by how it is configured, followed by any other + related documentation. This option may be specified more than + once, in which case the specified list of URIs is merged. If + the empty string is assigned to this option, the list is reset + and all prior assignments will have no + effect.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>Requires=</varname></term> + + <listitem><para>Configures requirement dependencies on other units. If this unit gets activated, the units + listed here will be activated as well. If one of the other units fails to activate, and an ordering dependency + <varname>After=</varname> on the failing unit is set, this unit will not be started. Besides, with or without + specifying <varname>After=</varname>, this unit will be stopped if one of the other units is explicitly + stopped. This option may be specified more than once or multiple space-separated units may be + specified in one option in which case requirement dependencies for all listed names will be created. Note that + requirement dependencies do not influence the order in which services are started or stopped. This has to be + configured independently with the <varname>After=</varname> or <varname>Before=</varname> options. If a unit + <filename>foo.service</filename> requires a unit <filename>bar.service</filename> as configured with + <varname>Requires=</varname> and no ordering is configured with <varname>After=</varname> or + <varname>Before=</varname>, then both units will be started simultaneously and without any delay between them + if <filename>foo.service</filename> is activated. Often, it is a better choice to use <varname>Wants=</varname> + instead of <varname>Requires=</varname> in order to achieve a system that is more robust when dealing with + failing services.</para> + + <para>Note that this dependency type does not imply that the other unit always has to be in active state when + this unit is running. Specifically: failing condition checks (such as <varname>ConditionPathExists=</varname>, + <varname>ConditionPathIsSymbolicLink=</varname>, … — see below) do not cause the start job of a unit with a + <varname>Requires=</varname> dependency on it to fail. Also, some unit types may deactivate on their own (for + example, a service process may decide to exit cleanly, or a device may be unplugged by the user), which is not + propagated to units having a <varname>Requires=</varname> dependency. Use the <varname>BindsTo=</varname> + dependency type together with <varname>After=</varname> to ensure that a unit may never be in active state + without a specific other unit also in active state (see below).</para> + + <para>Note that dependencies of this type may also be configured outside of the unit configuration file by + adding a symlink to a <filename>.requires/</filename> directory accompanying the unit file. For details, see + above.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>Requisite=</varname></term> + + <listitem><para>Similar to <varname>Requires=</varname>. However, if the units listed here + are not started already, they will not be started and the starting of this unit will fail + immediately. <varname>Requisite=</varname> does not imply an ordering dependency, even if + both units are started in the same transaction. Hence this setting should usually be + combined with <varname>After=</varname>, to ensure this unit is not started before the other + unit.</para> + + <para>When <varname>Requisite=b.service</varname> is used on + <filename>a.service</filename>, this dependency will show as + <varname>RequisiteOf=a.service</varname> in property listing of + <filename>b.service</filename>. <varname>RequisiteOf=</varname> + dependency cannot be specified directly.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>Wants=</varname></term> + + <listitem><para>A weaker version of + <varname>Requires=</varname>. Units listed in this option will + be started if the configuring unit is. However, if the listed + units fail to start or cannot be added to the transaction, + this has no impact on the validity of the transaction as a + whole. This is the recommended way to hook start-up of one + unit to the start-up of another unit.</para> + + <para>Note that dependencies of this type may also be + configured outside of the unit configuration file by adding + symlinks to a <filename>.wants/</filename> directory + accompanying the unit file. For details, see + above.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>BindsTo=</varname></term> + + <listitem><para>Configures requirement dependencies, very similar in style to + <varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effect of + <varname>Requires=</varname> it declares that if the unit bound to is stopped, this unit will be stopped + too. This means a unit bound to another unit that suddenly enters inactive state will be stopped too. + Units can suddenly, unexpectedly enter inactive state for different reasons: the main process of a service unit + might terminate on its own choice, the backing device of a device unit might be unplugged or the mount point of + a mount unit might be unmounted without involvement of the system and service manager.</para> + + <para>When used in conjunction with <varname>After=</varname> on the same unit the behaviour of + <varname>BindsTo=</varname> is even stronger. In this case, the unit bound to strictly has to be in active + state for this unit to also be in active state. This not only means a unit bound to another unit that suddenly + enters inactive state, but also one that is bound to another unit that gets skipped due to a failed condition + check (such as <varname>ConditionPathExists=</varname>, <varname>ConditionPathIsSymbolicLink=</varname>, … — + see below) will be stopped, should it be running. Hence, in many cases it is best to combine + <varname>BindsTo=</varname> with <varname>After=</varname>.</para> + + <para>When <varname>BindsTo=b.service</varname> is used on + <filename>a.service</filename>, this dependency will show as + <varname>BoundBy=a.service</varname> in property listing of + <filename>b.service</filename>. <varname>BoundBy=</varname> + dependency cannot be specified directly.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>PartOf=</varname></term> + + <listitem><para>Configures dependencies similar to + <varname>Requires=</varname>, but limited to stopping and + restarting of units. When systemd stops or restarts the units + listed here, the action is propagated to this unit. Note that + this is a one-way dependency — changes to this unit do not + affect the listed units.</para> + + <para>When <varname>PartOf=b.service</varname> is used on + <filename>a.service</filename>, this dependency will show as + <varname>ConsistsOf=a.service</varname> in property listing of + <filename>b.service</filename>. <varname>ConsistsOf=</varname> + dependency cannot be specified directly.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>Conflicts=</varname></term> + + <listitem><para>A space-separated list of unit names. + Configures negative requirement dependencies. If a unit has a + <varname>Conflicts=</varname> setting on another unit, + starting the former will stop the latter and vice versa. Note + that this setting is independent of and orthogonal to the + <varname>After=</varname> and <varname>Before=</varname> + ordering dependencies.</para> + + <para>If a unit A that conflicts with a unit B is scheduled to + be started at the same time as B, the transaction will either + fail (in case both are required parts of the transaction) or be + modified to be fixed (in case one or both jobs are not a + required part of the transaction). In the latter case, the job + that is not required will be removed, or in case both are + not required, the unit that conflicts will be started and the + unit that is conflicted is stopped.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>Before=</varname></term> + <term><varname>After=</varname></term> + + <listitem><para>These two settings expect a space-separated list of unit names. They configure ordering + dependencies between units. If a unit <filename>foo.service</filename> contains a setting + <option>Before=bar.service</option> and both units are being started, <filename>bar.service</filename>'s + start-up is delayed until <filename>foo.service</filename> has finished starting up. Note that this setting is + independent of and orthogonal to the requirement dependencies as configured by <varname>Requires=</varname>, + <varname>Wants=</varname> or <varname>BindsTo=</varname>. It is a common pattern to include a unit name in both + the <varname>After=</varname> and <varname>Requires=</varname> options, in which case the unit listed will be + started before the unit that is configured with these options. This option may be specified more than once, in + which case ordering dependencies for all listed names are created. <varname>After=</varname> is the inverse of + <varname>Before=</varname>, i.e. while <varname>After=</varname> ensures that the configured unit is started + after the listed unit finished starting up, <varname>Before=</varname> ensures the opposite, that the + configured unit is fully started up before the listed unit is started. Note that when two units with an + ordering dependency between them are shut down, the inverse of the start-up order is applied. i.e. if a unit is + configured with <varname>After=</varname> on another unit, the former is stopped before the latter if both are + shut down. Given two units with any ordering dependency between them, if one unit is shut down and the other is + started up, the shutdown is ordered before the start-up. It doesn't matter if the ordering dependency is + <varname>After=</varname> or <varname>Before=</varname>, in this case. It also doesn't matter which of the two + is shut down, as long as one is shut down and the other is started up. The shutdown is ordered before the + start-up in all cases. If two units have no ordering dependencies between them, they are shut down or started + up simultaneously, and no ordering takes place. It depends on the unit type when precisely a unit has finished + starting up. Most importantly, for service units start-up is considered completed for the purpose of + <varname>Before=</varname>/<varname>After=</varname> when all its configured start-up commands have been + invoked and they either failed or reported start-up success.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>OnFailure=</varname></term> + + <listitem><para>A space-separated list of one or more units + that are activated when this unit enters the + <literal>failed</literal> state. A service unit using + <varname>Restart=</varname> enters the failed state only after + the start limits are reached.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>PropagatesReloadTo=</varname></term> + <term><varname>ReloadPropagatedFrom=</varname></term> + + <listitem><para>A space-separated list of one or more units + where reload requests on this unit will be propagated to, or + reload requests on the other unit will be propagated to this + unit, respectively. Issuing a reload request on a unit will + automatically also enqueue a reload request on all units that + the reload request shall be propagated to via these two + settings.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>JoinsNamespaceOf=</varname></term> + + <listitem><para>For units that start processes (such as + service units), lists one or more other units whose network + and/or temporary file namespace to join. This only applies to + unit types which support the + <varname>PrivateNetwork=</varname> and + <varname>PrivateTmp=</varname> directives (see + <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details). If a unit that has this setting set is started, + its processes will see the same <filename>/tmp</filename>, + <filename>/var/tmp</filename> and network namespace as one + listed unit that is started. If multiple listed units are + already started, it is not defined which namespace is joined. + Note that this setting only has an effect if + <varname>PrivateNetwork=</varname> and/or + <varname>PrivateTmp=</varname> is enabled for both the unit + that joins the namespace and the unit whose namespace is + joined.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>RequiresMountsFor=</varname></term> + + <listitem><para>Takes a space-separated list of absolute + paths. Automatically adds dependencies of type + <varname>Requires=</varname> and <varname>After=</varname> for + all mount units required to access the specified path.</para> + + <para>Mount points marked with <option>noauto</option> are not + mounted automatically through <filename>local-fs.target</filename>, + but are still honored for the purposes of this option, i.e. they + will be pulled in by this unit.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>OnFailureJobMode=</varname></term> + + <listitem><para>Takes a value of + <literal>fail</literal>, + <literal>replace</literal>, + <literal>replace-irreversibly</literal>, + <literal>isolate</literal>, + <literal>flush</literal>, + <literal>ignore-dependencies</literal> or + <literal>ignore-requirements</literal>. Defaults to + <literal>replace</literal>. Specifies how the units listed in + <varname>OnFailure=</varname> will be enqueued. See + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s + <option>--job-mode=</option> option for details on the + possible values. If this is set to <literal>isolate</literal>, + only a single unit may be listed in + <varname>OnFailure=</varname>..</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>IgnoreOnIsolate=</varname></term> + + <listitem><para>Takes a boolean argument. If <option>true</option>, this unit + will not be stopped when isolating another unit. Defaults to + <option>false</option> for service, target, socket, busname, timer, and path + units, and <option>true</option> for slice, scope, device, swap, mount, and + automount units.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>StopWhenUnneeded=</varname></term> + + <listitem><para>Takes a boolean argument. If + <option>true</option>, this unit will be stopped when it is no + longer used. Note that, in order to minimize the work to be + executed, systemd will not stop units by default unless they + are conflicting with other units, or the user explicitly + requested their shut down. If this option is set, a unit will + be automatically cleaned up if no other active unit requires + it. Defaults to <option>false</option>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>RefuseManualStart=</varname></term> + <term><varname>RefuseManualStop=</varname></term> + + <listitem><para>Takes a boolean argument. If + <option>true</option>, this unit can only be activated or + deactivated indirectly. In this case, explicit start-up or + termination requested by the user is denied, however if it is + started or stopped as a dependency of another unit, start-up + or termination will succeed. This is mostly a safety feature + to ensure that the user does not accidentally activate units + that are not intended to be activated explicitly, and not + accidentally deactivate units that are not intended to be + deactivated. These options default to + <option>false</option>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>AllowIsolate=</varname></term> + + <listitem><para>Takes a boolean argument. If + <option>true</option>, this unit may be used with the + <command>systemctl isolate</command> command. Otherwise, this + will be refused. It probably is a good idea to leave this + disabled except for target units that shall be used similar to + runlevels in SysV init systems, just as a precaution to avoid + unusable system states. This option defaults to + <option>false</option>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>DefaultDependencies=</varname></term> + + <listitem><para>Takes a boolean argument. If + <option>true</option>, (the default), a few default + dependencies will implicitly be created for the unit. The + actual dependencies created depend on the unit type. For + example, for service units, these dependencies ensure that the + service is started only after basic system initialization is + completed and is properly terminated on system shutdown. See + the respective man pages for details. Generally, only services + involved with early boot or late shutdown should set this + option to <option>false</option>. It is highly recommended to + leave this option enabled for the majority of common units. If + set to <option>false</option>, this option does not disable + all implicit dependencies, just non-essential + ones.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>CollectMode=</varname></term> + + <listitem><para>Tweaks the "garbage collection" algorithm for this unit. Takes one of <option>inactive</option> + or <option>inactive-or-failed</option>. If set to <option>inactive</option> the unit will be unloaded if it is + in the <constant>inactive</constant> state and is not referenced by clients, jobs or other units — however it + is not unloaded if it is in the <constant>failed</constant> state. In <option>failed</option> mode, failed + units are not unloaded until the user invoked <command>systemctl reset-failed</command> on them to reset the + <constant>failed</constant> state, or an equivalent command. This behaviour is altered if this option is set to + <option>inactive-or-failed</option>: in this case the unit is unloaded even if the unit is in a + <constant>failed</constant> state, and thus an explicitly resetting of the <constant>failed</constant> state is + not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed + resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging + subsystem. Defaults to <option>inactive</option>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>FailureAction=</varname></term> + <term><varname>SuccessAction=</varname></term> + + <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state. + Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>, + <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>, + <option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode, + all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and + <option>exit-force</option> are allowed. Both options default to <option>none</option>.</para> + + <para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot + following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>). + <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should + cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and + <option>reboot-immediate</option> causes immediate execution of the + <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which + might result in data loss (i.e. equivalent to <command>systemctl reboot -ff</command>). Similarly, + <option>poweroff</option>, <option>poweroff-force</option>, <option>poweroff-immediate</option> have the effect + of powering down the system with similar semantics. <option>exit</option> causes the manager to exit following + the normal shutdown procedure, and <option>exit-force</option> causes it terminate without shutting down + services. When <option>exit</option> or <option>exit-force</option> is used by default the exit status of the + main process of the unit (if this applies) is returned from the service manager. However, this may be overriden + with <varname>FailureActionExitStatus=</varname>/<varname>SuccessActionExitStatus=</varname>, see + below.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>FailureActionExitStatus=</varname></term> + <term><varname>SuccessActionExitStatus=</varname></term> + + <listitem><para>Controls the exit status to propagate back to an invoking container manager (in case of a + system service) or service manager (in case of a user manager) when the + <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> are set to <option>exit</option> or + <option>exit-force</option> and the action is triggered. By default the exit status of the main process of the + triggering unit (if this applies) is propagated. Takes a value in the range 0…255 or the empty string to + request default behaviour.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>JobTimeoutSec=</varname></term> + <term><varname>JobRunningTimeoutSec=</varname></term> + + <listitem><para>When a job for this unit is queued, a timeout <varname>JobTimeoutSec=</varname> may be + configured. Similarly, <varname>JobRunningTimeoutSec=</varname> starts counting when the queued job is actually + started. If either time limit is reached, the job will be cancelled, the unit however will not change state or + even enter the <literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts + disabled), except for device units (<varname>JobRunningTimeoutSec=</varname> defaults to + <varname>DefaultTimeoutStartSec=</varname>). NB: this timeout is independent from any unit-specific timeout + (for example, the timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has + no effect on the unit itself, only on the job that might be pending for it. Or in other words: unit-specific + timeouts are useful to abort unit state changes, and revert them. The job timeout set with this option however + is useful to abort only the job waiting for the unit state to change.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><varname>JobTimeoutAction=</varname></term> + <term><varname>JobTimeoutRebootArgument=</varname></term> + + <listitem><para><varname>JobTimeoutAction=</varname> optionally configures an additional action to take when + the timeout is hit, see description of <varname>JobTimeoutSec=</varname> and + <varname>JobRunningTimeoutSec=</varname> above. It takes the same values as + <varname>StartLimitAction=</varname>. Defaults to <option>none</option>. + <varname>JobTimeoutRebootArgument=</varname> configures an optional reboot string to pass to the + <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>StartLimitIntervalSec=<replaceable>interval</replaceable></varname></term> + <term><varname>StartLimitBurst=<replaceable>burst</replaceable></varname></term> + + <listitem><para>Configure unit start rate limiting. Units which are started more than + <replaceable>burst</replaceable> times within an <replaceable>interval</replaceable> time interval are not + permitted to start any more. Use <varname>StartLimitIntervalSec=</varname> to configure the checking interval + (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, set it to 0 to + disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many starts per + interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager configuration + file). These configuration options are particularly useful in conjunction with the service setting + <varname>Restart=</varname> (see + <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however, + they apply to all kinds of starts (including manual), not just those triggered by the + <varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and + which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted + manually at a later point, after the <replaceable>interval</replaceable> has passed. From this point on, the + restart logic is activated again. Note that <command>systemctl reset-failed</command> will cause the restart + rate counter for a service to be flushed, which is useful if the administrator wants to manually start a unit + and the start limit interferes with that. Note that this rate-limiting is enforced after any unit condition + checks are executed, and hence unit activations with failing conditions do not count towards this rate + limit. This setting does not apply to slice, target, device, and scope units, since they are unit types whose + activation may either never fail, or may succeed only a single time.</para> + + <para>When a unit is unloaded due to the garbage collection logic (see above) its rate limit counters are + flushed out too. This means that configuring start rate limiting for a unit that is not referenced continuously + has no effect.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>StartLimitAction=</varname></term> + + <listitem><para>Configure an additional action to take if the rate limit configured with + <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same + values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes + the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that + the start will not be permitted. Defaults to <option>none</option>.</para></listitem> + </varlistentry> + + + <varlistentry> + <term><varname>RebootArgument=</varname></term> + <listitem><para>Configure the optional argument for the + <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if + <varname>StartLimitAction=</varname> or <varname>FailureAction=</varname> is a reboot action. This + works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>ConditionArchitecture=</varname></term> + <term><varname>ConditionVirtualization=</varname></term> + <term><varname>ConditionHost=</varname></term> + <term><varname>ConditionKernelCommandLine=</varname></term> + <term><varname>ConditionKernelVersion=</varname></term> + <term><varname>ConditionSecurity=</varname></term> + <term><varname>ConditionCapability=</varname></term> + <term><varname>ConditionACPower=</varname></term> + <term><varname>ConditionNeedsUpdate=</varname></term> + <term><varname>ConditionFirstBoot=</varname></term> + <term><varname>ConditionPathExists=</varname></term> + <term><varname>ConditionPathExistsGlob=</varname></term> + <term><varname>ConditionPathIsDirectory=</varname></term> + <term><varname>ConditionPathIsSymbolicLink=</varname></term> + <term><varname>ConditionPathIsMountPoint=</varname></term> + <term><varname>ConditionPathIsReadWrite=</varname></term> + <term><varname>ConditionDirectoryNotEmpty=</varname></term> + <term><varname>ConditionFileNotEmpty=</varname></term> + <term><varname>ConditionFileIsExecutable=</varname></term> + <term><varname>ConditionUser=</varname></term> + <term><varname>ConditionGroup=</varname></term> + <term><varname>ConditionControlGroupController=</varname></term> + + <!-- We do not document ConditionNull= + here, as it is not particularly + useful and probably just + confusing. --> + + <listitem><para>Before starting a unit, verify that the specified condition is true. If it is not true, the + starting of the unit will be (mostly silently) skipped, however all ordering dependencies of it are still + respected. A failing condition will not result in the unit being moved into the <literal>failed</literal> + state. The condition is checked at the time the queued start job is to be executed. Use condition expressions + in order to silently skip units that do not apply to the local running system, for example because the kernel + or runtime environment doesn't require their functionality. Use the various + <varname>AssertArchitecture=</varname>, <varname>AssertVirtualization=</varname>, … options for a similar + mechanism that causes the job to fail (instead of being skipped) and results in logging about the failed check + (instead of being silently processed). For details about assertion conditions see below.</para> + + <para><varname>ConditionArchitecture=</varname> may be used to + check whether the system is running on a specific + architecture. Takes one of + <varname>x86</varname>, + <varname>x86-64</varname>, + <varname>ppc</varname>, + <varname>ppc-le</varname>, + <varname>ppc64</varname>, + <varname>ppc64-le</varname>, + <varname>ia64</varname>, + <varname>parisc</varname>, + <varname>parisc64</varname>, + <varname>s390</varname>, + <varname>s390x</varname>, + <varname>sparc</varname>, + <varname>sparc64</varname>, + <varname>mips</varname>, + <varname>mips-le</varname>, + <varname>mips64</varname>, + <varname>mips64-le</varname>, + <varname>alpha</varname>, + <varname>arm</varname>, + <varname>arm-be</varname>, + <varname>arm64</varname>, + <varname>arm64-be</varname>, + <varname>sh</varname>, + <varname>sh64</varname>, + <varname>m68k</varname>, + <varname>tilegx</varname>, + <varname>cris</varname>, + <varname>arc</varname>, + <varname>arc-be</varname> to test + against a specific architecture. The architecture is + determined from the information returned by + <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry> + and is thus subject to + <citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>. + Note that a <varname>Personality=</varname> setting in the + same unit file has no effect on this condition. A special + architecture name <varname>native</varname> is mapped to the + architecture the system manager itself is compiled for. The + test may be negated by prepending an exclamation mark.</para> + + <para><varname>ConditionVirtualization=</varname> may be used + to check whether the system is executed in a virtualized + environment and optionally test whether it is a specific + implementation. Takes either boolean value to check if being + executed in any virtualized environment, or one of + <varname>vm</varname> and + <varname>container</varname> to test against a generic type of + virtualization solution, or one of + <varname>qemu</varname>, + <varname>kvm</varname>, + <varname>zvm</varname>, + <varname>vmware</varname>, + <varname>microsoft</varname>, + <varname>oracle</varname>, + <varname>xen</varname>, + <varname>bochs</varname>, + <varname>uml</varname>, + <varname>bhyve</varname>, + <varname>qnx</varname>, + <varname>openvz</varname>, + <varname>lxc</varname>, + <varname>lxc-libvirt</varname>, + <varname>systemd-nspawn</varname>, + <varname>docker</varname>, + <varname>rkt</varname> to test + against a specific implementation, or + <varname>private-users</varname> to check whether we are running in a user namespace. See + <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry> + for a full list of known virtualization technologies and their + identifiers. If multiple virtualization technologies are + nested, only the innermost is considered. The test may be + negated by prepending an exclamation mark.</para> + + <para><varname>ConditionHost=</varname> may be used to match + against the hostname or machine ID of the host. This either + takes a hostname string (optionally with shell style globs) + which is tested against the locally set hostname as returned + by + <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>, + or a machine ID formatted as string (see + <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>). + The test may be negated by prepending an exclamation + mark.</para> + + <para><varname>ConditionKernelCommandLine=</varname> may be + used to check whether a specific kernel command line option is + set (or if prefixed with the exclamation mark unset). The + argument must either be a single word, or an assignment (i.e. + two words, separated <literal>=</literal>). In the former case + the kernel command line is searched for the word appearing as + is, or as left hand side of an assignment. In the latter case, + the exact assignment is looked for with right and left hand + side matching.</para> + + <para><varname>ConditionKernelVersion=</varname> may be used to check whether the kernel version (as reported + by <command>uname -r</command>) matches a certain expression (or if prefixed with the exclamation mark does not + match it). The argument must be a single string. If the string starts with one of <literal><</literal>, + <literal><=</literal>, <literal>=</literal>, <literal>>=</literal>, <literal>></literal> a relative + version comparison is done, otherwise the specified string is matched with shell-style globs.</para> + + <para>Note that using the kernel version string is an unreliable way to determine which features are supported + by a kernel, because of the widespread practice of backporting drivers, features, and fixes from newer upstream + kernels into older versions provided by distributions. Hence, this check is inherently unportable and should + not be used for units which may be used on different distributions.</para> + + <para><varname>ConditionSecurity=</varname> may be used to check + whether the given security technology is enabled on the + system. Currently, the recognized values are + <varname>selinux</varname>, <varname>apparmor</varname>, + <varname>tomoyo</varname>, <varname>ima</varname>, + <varname>smack</varname>, <varname>audit</varname> and + <varname>uefi-secureboot</varname>. The test may be negated by + prepending an exclamation mark.</para> + + <para><varname>ConditionCapability=</varname> may be used to + check whether the given capability exists in the capability + bounding set of the service manager (i.e. this does not check + whether capability is actually available in the permitted or + effective sets, see + <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> + for details). Pass a capability name such as + <literal>CAP_MKNOD</literal>, possibly prefixed with an + exclamation mark to negate the check.</para> + + <para><varname>ConditionACPower=</varname> may be used to + check whether the system has AC power, or is exclusively + battery powered at the time of activation of the unit. This + takes a boolean argument. If set to <varname>true</varname>, + the condition will hold only if at least one AC connector of + the system is connected to a power source, or if no AC + connectors are known. Conversely, if set to + <varname>false</varname>, the condition will hold only if + there is at least one AC connector known and all AC connectors + are disconnected from a power source.</para> + + <para><varname>ConditionNeedsUpdate=</varname> takes one of + <filename>/var</filename> or <filename>/etc</filename> as + argument, possibly prefixed with a <literal>!</literal> (for + inverting the condition). This condition may be used to + conditionalize units on whether the specified directory + requires an update because <filename>/usr</filename>'s + modification time is newer than the stamp file + <filename>.updated</filename> in the specified directory. This + is useful to implement offline updates of the vendor operating + system resources in <filename>/usr</filename> that require + updating of <filename>/etc</filename> or + <filename>/var</filename> on the next following boot. Units + making use of this condition should order themselves before + <citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + to make sure they run before the stamp file's modification + time gets reset indicating a completed update.</para> + + <para><varname>ConditionFirstBoot=</varname> takes a boolean argument. This condition may be used to + conditionalize units on whether the system is booting up with an unpopulated <filename>/etc</filename> + directory (specifically: an <filename>/etc</filename> with no <filename>/etc/machine-id</filename>). This may + be used to populate <filename>/etc</filename> on the first boot after factory reset, or when a new system + instance boots up for the first time.</para> + + <para>With <varname>ConditionPathExists=</varname> a file + existence condition is checked before a unit is started. If + the specified absolute path name does not exist, the condition + will fail. If the absolute path name passed to + <varname>ConditionPathExists=</varname> is prefixed with an + exclamation mark (<literal>!</literal>), the test is negated, + and the unit is only started if the path does not + exist.</para> + + <para><varname>ConditionPathExistsGlob=</varname> is similar + to <varname>ConditionPathExists=</varname>, but checks for the + existence of at least one file or directory matching the + specified globbing pattern.</para> + + <para><varname>ConditionPathIsDirectory=</varname> is similar + to <varname>ConditionPathExists=</varname> but verifies + whether a certain path exists and is a directory.</para> + + <para><varname>ConditionPathIsSymbolicLink=</varname> is + similar to <varname>ConditionPathExists=</varname> but + verifies whether a certain path exists and is a symbolic + link.</para> + + <para><varname>ConditionPathIsMountPoint=</varname> is similar + to <varname>ConditionPathExists=</varname> but verifies + whether a certain path exists and is a mount point.</para> + + <para><varname>ConditionPathIsReadWrite=</varname> is similar + to <varname>ConditionPathExists=</varname> but verifies + whether the underlying file system is readable and writable + (i.e. not mounted read-only).</para> + + <para><varname>ConditionDirectoryNotEmpty=</varname> is + similar to <varname>ConditionPathExists=</varname> but + verifies whether a certain path exists and is a non-empty + directory.</para> + + <para><varname>ConditionFileNotEmpty=</varname> is similar to + <varname>ConditionPathExists=</varname> but verifies whether a + certain path exists and refers to a regular file with a + non-zero size.</para> + + <para><varname>ConditionFileIsExecutable=</varname> is similar + to <varname>ConditionPathExists=</varname> but verifies + whether a certain path exists, is a regular file and marked + executable.</para> + + <para><varname>ConditionUser=</varname> takes a numeric + <literal>UID</literal>, a UNIX user name, or the special value + <literal>@system</literal>. This condition may be used to check + whether the service manager is running as the given user. The + special value <literal>@system</literal> can be used to check + if the user id is within the system user range. This option is not + useful for system services, as the system manager exclusively + runs as the root user, and thus the test result is constant.</para> + + <para><varname>ConditionGroup=</varname> is similar + to <varname>ConditionUser=</varname> but verifies that the + service manager's real or effective group, or any of its + auxiliary groups match the specified group or GID. This setting + does not have a special value <literal>@system</literal>.</para> + + <para><varname>ConditionControlGroupController=</varname> takes a + cgroup controller name (eg. <option>cpu</option>), verifying that it is + available for use on the system. For example, a particular controller + may not be available if it was disabled on the kernel command line with + <varname>cgroup_disable=controller</varname>. Multiple controllers may + be passed with a space separating them; in this case the condition will + only pass if all listed controllers are available for use. Controllers + unknown to systemd are ignored. Valid controllers are + <option>cpu</option>, <option>cpuacct</option>, <option>io</option>, + <option>blkio</option>, <option>memory</option>, + <option>devices</option>, and <option>pids</option>.</para> + + <para>If multiple conditions are specified, the unit will be + executed if all of them apply (i.e. a logical AND is applied). + Condition checks can be prefixed with a pipe symbol (|) in + which case a condition becomes a triggering condition. If at + least one triggering condition is defined for a unit, then the + unit will be executed if at least one of the triggering + conditions apply and all of the non-triggering conditions. If + you prefix an argument with the pipe symbol and an exclamation + mark, the pipe symbol must be passed first, the exclamation + second. Except for + <varname>ConditionPathIsSymbolicLink=</varname>, all path + checks follow symlinks. If any of these options is assigned + the empty string, the list of conditions is reset completely, + all previous condition settings (of any kind) will have no + effect.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>AssertArchitecture=</varname></term> + <term><varname>AssertVirtualization=</varname></term> + <term><varname>AssertHost=</varname></term> + <term><varname>AssertKernelCommandLine=</varname></term> + <term><varname>AssertKernelVersion=</varname></term> + <term><varname>AssertSecurity=</varname></term> + <term><varname>AssertCapability=</varname></term> + <term><varname>AssertACPower=</varname></term> + <term><varname>AssertNeedsUpdate=</varname></term> + <term><varname>AssertFirstBoot=</varname></term> + <term><varname>AssertPathExists=</varname></term> + <term><varname>AssertPathExistsGlob=</varname></term> + <term><varname>AssertPathIsDirectory=</varname></term> + <term><varname>AssertPathIsSymbolicLink=</varname></term> + <term><varname>AssertPathIsMountPoint=</varname></term> + <term><varname>AssertPathIsReadWrite=</varname></term> + <term><varname>AssertDirectoryNotEmpty=</varname></term> + <term><varname>AssertFileNotEmpty=</varname></term> + <term><varname>AssertFileIsExecutable=</varname></term> + <term><varname>AssertUser=</varname></term> + <term><varname>AssertGroup=</varname></term> + <term><varname>AssertControlGroupController=</varname></term> + + <listitem><para>Similar to the <varname>ConditionArchitecture=</varname>, + <varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add + assertion checks to the start-up of the unit. However, unlike the conditions settings, any assertion setting + that is not met results in failure of the start job (which means this is logged loudly). Note that hitting a + configured assertion does not cause the unit to enter the <literal>failed</literal> state (or in fact result in + any state change of the unit), it affects only the job queued for it. Use assertion expressions for units that + cannot operate when specific requirements are not met, and when this is something the administrator or user + should look into.</para> + + <para>Note that neither assertion nor condition expressions result in unit state changes. Also note that both + are checked at the time the job is to be executed, i.e. long after depending jobs and it itself were + queued. Thus, neither condition nor assertion expressions are suitable for conditionalizing unit + dependencies.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>SourcePath=</varname></term> + <listitem><para>A path to a configuration file this unit has + been generated from. This is primarily useful for + implementation of generator tools that convert configuration + from an external configuration file format into native unit + files. This functionality should not be used in normal + units.</para></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> + <title>Mapping of unit properties to their inverses</title> + + <para>Unit settings that create a relationship with a second unit usually show up + in properties of both units, for example in <command>systemctl show</command> + output. In some cases the name of the property is the same as the name of the + configuration setting, but not always. This table lists the properties + that are shown on two units which are connected through some dependency, and shows + which property on "source" unit corresponds to which property on the "target" unit. + </para> + + <table> + <title> + "Forward" and "reverse" unit properties + </title> + + <tgroup cols='2'> + <colspec colname='forward' /> + <colspec colname='reverse' /> + <colspec colname='notes' /> + <thead> + <row> + <entry>"Forward" property</entry> + <entry>"Reverse" property</entry> + <entry>Where used</entry> + </row> + </thead> + <tbody> + <row> + <entry><varname>Before=</varname></entry> + <entry><varname>After=</varname></entry> + <entry morerows='1' valign='middle'>Both are unit file options</entry> + </row> + <row> + <entry><varname>After=</varname></entry> + <entry><varname>Before=</varname></entry> + </row> + <row> + <entry><varname>Requires=</varname></entry> + <entry><varname>RequiredBy=</varname></entry> + <entry>A unit file option; an option in the [Install] section</entry> + </row> + <row> + <entry><varname>Wants=</varname></entry> + <entry><varname>WantedBy=</varname></entry> + <entry>A unit file option; an option in the [Install] section</entry> + </row> + <row> + <entry><varname>PartOf=</varname></entry> + <entry><varname>ConsistsOf=</varname></entry> + <entry>A unit file option; an automatic property</entry> + </row> + <row> + <entry><varname>BindsTo=</varname></entry> + <entry><varname>BoundBy=</varname></entry> + <entry>A unit file option; an automatic property</entry> + </row> + <row> + <entry><varname>Requisite=</varname></entry> + <entry><varname>RequisiteOf=</varname></entry> + <entry>A unit file option; an automatic property</entry> + </row> + <row> + <entry><varname>Triggers=</varname></entry> + <entry><varname>TriggeredBy=</varname></entry> + <entry>Automatic properties, see notes below</entry> + </row> + <row> + <entry><varname>Conflicts=</varname></entry> + <entry><varname>ConflictedBy=</varname></entry> + <entry>A unit file option; an automatic property</entry> + </row> + <row> + <entry><varname>PropagatesReloadTo=</varname></entry> + <entry><varname>ReloadPropagatedFrom=</varname></entry> + <entry morerows='1' valign='middle'>Both are unit file options</entry> + </row> + <row> + <entry><varname>ReloadPropagatedFrom=</varname></entry> + <entry><varname>PropagatesReloadTo=</varname></entry> + </row> + <row> + <entry><varname>Following=</varname></entry> + <entry>n/a</entry> + <entry>An automatic property</entry> + </row> + </tbody> + </tgroup> + </table> + + <para>Note: <varname>WantedBy=</varname> and <varname>RequiredBy=</varname> are + used in the [Install] section to create symlinks in <filename>.wants/</filename> + and <filename>.requires/</filename> directories. They cannot be used directly as a + unit configuration setting.</para> + + <para>Note: <varname>ConsistsOf=</varname>, <varname>BoundBy=</varname>, + <varname>RequisiteOf=</varname>, <varname>ConflictedBy=</varname> are created + implicitly along with their reverse and cannot be specified directly.</para> + + <para>Note: <varname>Triggers=</varname> is created implicitly between a socket, + path unit, or an automount unit, and the unit they activate. By default a unit + with the same name is triggered, but this can be overridden using + <varname>Sockets=</varname>, <varname>Service=</varname>, and <varname>Unit=</varname> + settings. See + <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + and + <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details. <varname>TriggersBy=</varname> is created implicitly on the + triggered unit.</para> + + <para>Note: <varname>Following=</varname> is used to group device aliases and points to the + "primary" device unit that systemd is using to track device state, usually corresponding to a + sysfs path. It does not show up in the "target" unit.</para> + </refsect1> + + <refsect1> + <title>[Install] Section Options</title> + + <para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for + the unit. This section is not interpreted by + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is + used by the <command>enable</command> and <command>disable</command> commands of the + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during + installation of a unit.</para> + + <variablelist class='unit-directives'> + <varlistentry> + <term><varname>Alias=</varname></term> + + <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed + here must have the same suffix (i.e. type) as the unit filename. This option may be specified more than once, + in which case all listed names are used. At installation time, <command>systemctl enable</command> will create + symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this + setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support + aliasing.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>WantedBy=</varname></term> + <term><varname>RequiredBy=</varname></term> + + <listitem><para>This option may be used more than once, or a + space-separated list of unit names may be given. A symbolic + link is created in the <filename>.wants/</filename> or + <filename>.requires/</filename> directory of each of the + listed units when this unit is installed by <command>systemctl + enable</command>. This has the effect that a dependency of + type <varname>Wants=</varname> or <varname>Requires=</varname> + is added from the listed unit to the current unit. The primary + result is that the current unit will be started when the + listed unit is started. See the description of + <varname>Wants=</varname> and <varname>Requires=</varname> in + the [Unit] section for details.</para> + + <para><command>WantedBy=foo.service</command> in a service + <filename>bar.service</filename> is mostly equivalent to + <command>Alias=foo.service.wants/bar.service</command> in the + same file. In case of template units, <command>systemctl + enable</command> must be called with an instance name, and + this instance will be added to the + <filename>.wants/</filename> or + <filename>.requires/</filename> list of the listed unit. E.g. + <command>WantedBy=getty.target</command> in a service + <filename>getty@.service</filename> will result in + <command>systemctl enable getty@tty2.service</command> + creating a + <filename>getty.target.wants/getty@tty2.service</filename> + link to <filename>getty@.service</filename>. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>Also=</varname></term> + + <listitem><para>Additional units to install/deinstall when + this unit is installed/deinstalled. If the user requests + installation/deinstallation of a unit with this option + configured, <command>systemctl enable</command> and + <command>systemctl disable</command> will automatically + install/uninstall units listed in this option as well.</para> + + <para>This option may be used more than once, or a + space-separated list of unit names may be + given.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>DefaultInstance=</varname></term> + + <listitem><para>In template unit files, this specifies for + which instance the unit shall be enabled if the template is + enabled without any explicitly set instance. This option has + no effect in non-template unit files. The specified string + must be usable as instance identifier.</para></listitem> + </varlistentry> + </variablelist> + + <para>The following specifiers are interpreted in the Install + section: %n, %N, %p, %i, %j, %g, %G, %U, %u, %m, %H, %b, %v. For their + meaning see the next section. + </para> + </refsect1> + + <refsect1> + <title>Specifiers</title> + + <para>Many settings resolve specifiers which may be used to write + generic unit files referring to runtime or unit parameters that + are replaced when the unit files are loaded. Specifiers must be known + and resolvable for the setting to be valid. The following + specifiers are understood:</para> + + <table> + <title>Specifiers available in unit files</title> + <tgroup cols='3' align='left' colsep='1' rowsep='1'> + <colspec colname="spec" /> + <colspec colname="mean" /> + <colspec colname="detail" /> + <thead> + <row> + <entry>Specifier</entry> + <entry>Meaning</entry> + <entry>Details</entry> + </row> + </thead> + <tbody> + <row> + <entry><literal>%b</literal></entry> + <entry>Boot ID</entry> + <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry> + </row> + <row> + <entry><literal>%C</literal></entry> + <entry>Cache directory root</entry> + <entry>This is either <filename>/var/cache</filename> (for the system manager) or the path <literal>$XDG_CACHE_HOME</literal> resolves to (for user managers).</entry> + </row> + <row> + <entry><literal>%E</literal></entry> + <entry>Configuration directory root</entry> + <entry>This is either <filename>/etc</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry> + </row> + <row> + <entry><literal>%f</literal></entry> + <entry>Unescaped filename</entry> + <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>. This implements unescaping according to the rules for escaping absolute file system paths discussed above.</entry> + </row> + <row> + <entry><literal>%h</literal></entry> + <entry>User home directory</entry> + <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry> + </row> + <row> + <entry><literal>%H</literal></entry> + <entry>Host name</entry> + <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry> + </row> + <row> + <entry><literal>%i</literal></entry> + <entry>Instance name</entry> + <entry>For instantiated units this is the string between the first <literal>@</literal> character and the type suffix. Empty for non-instantiated units.</entry> + </row> + <row> + <entry><literal>%I</literal></entry> + <entry>Unescaped instance name</entry> + <entry>Same as <literal>%i</literal>, but with escaping undone.</entry> + </row> + <row> + <entry><literal>%j</literal></entry> + <entry>Final component of the prefix</entry> + <entry>This is the string between the last <literal>-</literal> and the end of the prefix name. If there is no <literal>-</literal>, this is the same as <literal>%p</literal>.</entry> + </row> + <row> + <entry><literal>%J</literal></entry> + <entry>Unescaped final component of the prefix</entry> + <entry>Same as <literal>%j</literal>, but with escaping undone.</entry> + </row> + <row> + <entry><literal>%L</literal></entry> + <entry>Log directory root</entry> + <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename noindex='true'>/log</filename> appended (for user managers).</entry> + </row> + <row> + <entry><literal>%m</literal></entry> + <entry>Machine ID</entry> + <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry> + </row> + <row> + <entry><literal>%n</literal></entry> + <entry>Full unit name</entry> + <entry></entry> + </row> + <row> + <entry><literal>%N</literal></entry> + <entry>Full unit name</entry> + <entry>Same as <literal>%n</literal>, but with the type suffix removed.</entry> + </row> + <row> + <entry><literal>%p</literal></entry> + <entry>Prefix name</entry> + <entry>For instantiated units, this refers to the string before the first <literal>@</literal> character of the unit name. For non-instantiated units, same as <literal>%N</literal>.</entry> + </row> + <row> + <entry><literal>%P</literal></entry> + <entry>Unescaped prefix name</entry> + <entry>Same as <literal>%p</literal>, but with escaping undone.</entry> + </row> + <row> + <entry><literal>%s</literal></entry> + <entry>User shell</entry> + <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry> + </row> + <row> + <entry><literal>%S</literal></entry> + <entry>State directory root</entry> + <entry>This is either <filename>/var/lib</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry> + </row> + <row> + <entry><literal>%t</literal></entry> + <entry>Runtime directory root</entry> + <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry> + </row> + <row> + <entry><literal>%T</literal></entry> + <entry>Directory for temporary files</entry> + <entry>This is either <filename>/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> + </row> + <row> + <entry><literal>%g</literal></entry> + <entry>User group</entry> + <entry>This is the name of the group running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> + </row> + <row> + <entry><literal>%G</literal></entry> + <entry>User GID</entry> + <entry>This is the numeric GID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> + </row> + <row> + <entry><literal>%u</literal></entry> + <entry>User name</entry> + <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> + </row> + <row> + <entry><literal>%U</literal></entry> + <entry>User UID</entry> + <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> + </row> + <row> + <entry><literal>%v</literal></entry> + <entry>Kernel release</entry> + <entry>Identical to <command>uname -r</command> output</entry> + </row> + <row> + <entry><literal>%V</literal></entry> + <entry>Directory for larger and persistent temporary files</entry> + <entry>This is either <filename>/var/tmp</filename> or the path <literal>$TMPDIR</literal>, <literal>$TEMP</literal> or <literal>$TMP</literal> are set to.</entry> + </row> + <row> + <entry><literal>%%</literal></entry> + <entry>Single percent sign</entry> + <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry> + </row> + </tbody> + </tgroup> + </table> + </refsect1> + + <refsect1> + <title>Examples</title> + + <example> + <title>Allowing units to be enabled</title> + + <para>The following snippet (highlighted) allows a unit (e.g. + <filename>foo.service</filename>) to be enabled via + <command>systemctl enable</command>:</para> + + <programlisting>[Unit] +Description=Foo + +[Service] +ExecStart=/usr/sbin/foo-daemon + +<emphasis>[Install]</emphasis> +<emphasis>WantedBy=multi-user.target</emphasis></programlisting> + + <para>After running <command>systemctl enable</command>, a + symlink + <filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename> + linking to the actual unit will be created. It tells systemd to + pull in the unit when starting + <filename>multi-user.target</filename>. The inverse + <command>systemctl disable</command> will remove that symlink + again.</para> + </example> + + <example> + <title>Overriding vendor settings</title> + + <para>There are two methods of overriding vendor settings in + unit files: copying the unit file from + <filename>/usr/lib/systemd/system</filename> to + <filename>/etc/systemd/system</filename> and modifying the + chosen settings. Alternatively, one can create a directory named + <filename><replaceable>unit</replaceable>.d/</filename> within + <filename>/etc/systemd/system</filename> and place a drop-in + file <filename><replaceable>name</replaceable>.conf</filename> + there that only changes the specific settings one is interested + in. Note that multiple such drop-in files are read if + present, processed in lexicographic order of their filename.</para> + + <para>The advantage of the first method is that one easily + overrides the complete unit, the vendor unit is not parsed at + all anymore. It has the disadvantage that improvements to the + unit file by the vendor are not automatically incorporated on + updates.</para> + + <para>The advantage of the second method is that one only + overrides the settings one specifically wants, where updates to + the unit by the vendor automatically apply. This has the + disadvantage that some future updates by the vendor might be + incompatible with the local changes.</para> + + <para>This also applies for user instances of systemd, but with + different locations for the unit files. See the section on unit + load paths for further details.</para> + + <para>Suppose there is a vendor-supplied unit + <filename>/usr/lib/systemd/system/httpd.service</filename> with + the following contents:</para> + + <programlisting>[Unit] +Description=Some HTTP server +After=remote-fs.target sqldb.service +Requires=sqldb.service +AssertPathExists=/srv/webserver + +[Service] +Type=notify +ExecStart=/usr/sbin/some-fancy-httpd-server +Nice=5 + +[Install] +WantedBy=multi-user.target</programlisting> + + <para>Now one wants to change some settings as an administrator: + firstly, in the local setup, <filename>/srv/webserver</filename> + might not exist, because the HTTP server is configured to use + <filename>/srv/www</filename> instead. Secondly, the local + configuration makes the HTTP server also depend on a memory + cache service, <filename>memcached.service</filename>, that + should be pulled in (<varname>Requires=</varname>) and also be + ordered appropriately (<varname>After=</varname>). Thirdly, in + order to harden the service a bit more, the administrator would + like to set the <varname>PrivateTmp=</varname> setting (see + <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details). And lastly, the administrator would like to reset + the niceness of the service to its default value of 0.</para> + + <para>The first possibility is to copy the unit file to + <filename>/etc/systemd/system/httpd.service</filename> and + change the chosen settings:</para> + + <programlisting>[Unit] +Description=Some HTTP server +After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis> +Requires=sqldb.service <emphasis>memcached.service</emphasis> +AssertPathExists=<emphasis>/srv/www</emphasis> + +[Service] +Type=notify +ExecStart=/usr/sbin/some-fancy-httpd-server +<emphasis>Nice=0</emphasis> +<emphasis>PrivateTmp=yes</emphasis> + +[Install] +WantedBy=multi-user.target</programlisting> + + <para>Alternatively, the administrator could create a drop-in + file + <filename>/etc/systemd/system/httpd.service.d/local.conf</filename> + with the following contents:</para> + + <programlisting>[Unit] +After=memcached.service +Requires=memcached.service +# Reset all assertions and then re-add the condition we want +AssertPathExists= +AssertPathExists=/srv/www + +[Service] +Nice=0 +PrivateTmp=yes</programlisting> + + <para>Note that for drop-in files, if one wants to remove + entries from a setting that is parsed as a list (and is not a + dependency), such as <varname>AssertPathExists=</varname> (or + e.g. <varname>ExecStart=</varname> in service units), one needs + to first clear the list before re-adding all entries except the + one that is to be removed. Dependencies (<varname>After=</varname>, etc.) + cannot be reset to an empty list, so dependencies can only be + added in drop-ins. If you want to remove dependencies, you have + to override the entire unit.</para> + + </example> + </refsect1> + + <refsect1> + <title>See Also</title> + <para> + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry> + </para> + </refsect1> + +</refentry> |