1SYSTEMD.EXEC(5) systemd.exec SYSTEMD.EXEC(5)
2
3
4
6 systemd.exec - systemd execution environment configuration
7
9 systemd.service, systemd.socket, systemd.mount
10
12 Unit configuration files for services, sockets and mount points share a
13 subset of configuration options which define the execution environment
14 of spawned processes.
15
16 This man page lists the configuration options shared by these three
17 unit types. See systemd.unit(5) for the common options of all unit
18 configuration files, and systemd.service(5), systemd.socket(5) and
19 systemd.mount(5) for more information on the specific unit
20 configuration files. The execution specific configuration options are
21 configured in the [Service], [Socket] resp. [Mount] section, depending
22 on the unit type.
23
25 WorkingDirectory=
26 Takes an absolute directory path. Sets the working directory for
27 executed processes.
28
29 RootDirectory=
30 Takes an absolute directory path. Sets the root directory for
31 executed processes, with the chroot(2) system call. If this is used
32 it must be ensured that the process and all its auxiliary files are
33 available in the chroot() jail.
34
35 User=, Group=
36 Sets the Unix user resp. group the processes are executed as. Takes
37 a single user resp. group name or ID as argument. If no group is
38 set the default group of the user is chosen.
39
40 SupplementaryGroups=
41 Sets the supplementary Unix groups the processes are executed as.
42 This takes a space separated list of group names or IDs. This
43 option may be specified more than once in which case all listed
44 groups are set as supplementary groups. This option does not
45 override but extend the list of supplementary groups configured in
46 the system group database for the user.
47
48 Nice=
49 Sets the default nice level (scheduling priority) for executed
50 processes. Takes an integer between -20 (highest priority) and 19
51 (lowest priority). See setpriority(2) for details.
52
53 OOMScoreAdjust=
54 Sets the adjustment level for the Out-Of-Memory killer for executed
55 processes. Takes an integer between -1000 (to disable OOM killing
56 for this process) and 1000 (to make killing of this process under
57 memory pressure very likely). See proc.txt[1] for details.
58
59 IOSchedulingClass=
60 Sets the IO scheduling class for executed processes. Takes an
61 integer between 0 and 3 or one of the strings none, realtime,
62 best-effort or idle. See ioprio_set(2) for details.
63
64 IOSchedulingPriority=
65 Sets the IO scheduling priority for executed processes. Takes an
66 integer between 0 (highest priority) and 7 (lowest priority). The
67 available priorities depend on the selected IO scheduling class
68 (see above). See ioprio_set(2) for details.
69
70 CPUSchedulingPolicy=
71 Sets the CPU scheduling policy for executed processes. Takes one of
72 other, batch, idle, fifo or rr. See sched_setscheduler(2) for
73 details.
74
75 CPUSchedulingPriority=
76 Sets the CPU scheduling priority for executed processes. Takes an
77 integer between 1 (lowest priority) and 99 (highest priority). The
78 available priority range depends on the selected CPU scheduling
79 policy (see above). See sched_setscheduler(2) for details.
80
81 CPUSchedulingResetOnFork=
82 Takes a boolean argument. If true elevated CPU scheduling
83 priorities and policies will be reset when the executed processes
84 fork, and can hence not leak into child processes. See
85 sched_setscheduler(2) for details. Defaults to false.
86
87 CPUAffinity=
88 Controls the CPU affinity of the executed processes. Takes a
89 space-separated list of CPU indexes. See sched_setaffinity(2) for
90 details.
91
92 UMask=
93 Controls the file mode creation mask. Takes an access mode in octal
94 notation. See umask(2) for details. Defaults to 0002.
95
96 Environment=
97 Sets environment variables for executed processes. Takes a
98 space-separated list of variable assignments. This option may be
99 specified more than once in which case all listed variables will be
100 set. If the same variable is set twice the later setting will
101 override the earlier setting. See environ(7) for details.
102
103 EnvironmentFile=
104 Similar to Environment= but reads the environment variables from a
105 text file. The text file should contain new-line separated variable
106 assignments. Empty lines and lines starting with ; or # will be
107 ignored, which may be used for commenting.
108
109 StandardInput=
110 Controls where file descriptor 0 (STDIN) of the executed processes
111 is connected to. Takes one of null, tty, tty-force, tty-fail or
112 socket. If null is selected standard input will be connected to
113 /dev/null, i.e. all read attempts by the process will result in
114 immediate EOF. If tty is selected standard input is connected to a
115 TTY (as configured by TTYPath=, see below) and the executed process
116 becomes the controlling process of the terminal. If the terminal is
117 already being controlled by another process it is waited until that
118 process releases the terminal. tty-force is similar to tty, but
119 the executed process is forcefully and immediately made the
120 controlling process of the terminal, potentially removing previous
121 controlling processes from the terminal. tty-fail is similar to
122 tty but if the terminal already has a controlling process start-up
123 of the executed process fails. The socket option is only valid in
124 socket-activated services, and only when the socket configuration
125 file (see systemd.socket(5) for details) specifies a single socket
126 only. If this option is set standard input will be connected to the
127 socket the service was activated from, which is primarily useful
128 for compatibility with daemons designed for use with the
129 traditional inetd(8) daemon. This setting defaults to null.
130
131 StandardOutput=
132 Controls where file descriptor 1 (STDOUT) of the executed processes
133 is connected to. Takes one of inherit, null, tty, syslog, kmsg or
134 socket. If set to inherit the file descriptor of standard input is
135 duplicated for standard output. If set to null standard output will
136 be connected to /dev/null, i.e. everything written to it will be
137 lost. If set to tty standard output will be connected to a tty (as
138 configured via TTYPath=, see below). If the TTY is used for output
139 only the executed process will not become the controlling process
140 of the terminal, and will not fail or wait for other processes to
141 release the terminal. syslog connects standard output to the
142 syslog(3) system logger. kmsg connects it with the kernel log
143 buffer which is accessible via dmesg(1). socket connects standard
144 output to a socket from socket activation, semantics are similar to
145 the respective option of StandardInput=. This setting defaults to
146 inherit.
147
148 StandardError=
149 Controls where file descriptor 2 (STDERR) of the executed processes
150 is connected to. The available options are identical to those of
151 StandardOutput=, whith one exception: if set to inherit the file
152 descriptor used for standard output is duplicated for standard
153 error. This setting defaults to inherit.
154
155 TTYPath=
156 Sets the terminal device node to use if standard input, output or
157 stderr are connected to a TTY (see above). Defaults to
158 /dev/console.
159
160 SyslogIdentifer=
161 Sets the process name to prefix log lines sent to syslog or the
162 kernel log buffer with. If not set defaults to the process name of
163 the executed process. This option is only useful when
164 StandardOutput= or StandardError= are set to syslog or kmsg.
165
166 SyslogFacility=
167 Sets the syslog facility to use when logging to syslog. One of
168 kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron,
169 authpriv, ftp, local0, local1, local2, local3, local4, local5,
170 local6 or local7. See syslog(3) for details. This option is only
171 useful when StandardOutput= or StandardError= are set to syslog.
172 Defaults to daemon.
173
174 SyslogLevel=
175 Default syslog level to use when logging to syslog or the kernel
176 log buffer. One of emerg, alert, crit, err, warning, notice, info,
177 debug. See syslog(3) for details. This option is only useful when
178 StandardOutput= or StandardError= are set to syslog or kmsg. Note
179 that individual lines output by the daemon might be prefixed with a
180 different log level which can be used to override the default log
181 level specified here. The interpretation of these prefixes may be
182 disabled with SyslogLevelPrefix=, see below. For details see sd-
183 daemon(7). Defaults to info.
184
185 SyslogLevelPrefix=
186 Takes a boolean argument. If true and StandardOutput= or
187 StandardError= are set to syslog or kmsg log lines written by the
188 executed process that are prefixed with a log level will be passed
189 on to syslog with this log level set but the prefix removed. If set
190 to false, the interpretation of these prefixes is disabled and the
191 logged lines are passed on as-is. For details about this prefixing
192 see sd-daemon(7). Defaults to true.
193
194 TimerSlackNSec=
195 Sets the timer slack in nanoseconds for the executed processes The
196 timer slack controls the accuracy of wake-ups triggered by timers.
197 See prctl(2) for more information. Note that in contrast to most
198 other time span definitions this value is takes a nano-seconds
199 integer and does not understand any other units.
200
201 LimitCPU=, LimitFSIZE=, LimitDATA=, LimitSTACK=, LimitCORE=, LimitRSS=,
202 LimitNOFILE=, LimitAS=, LimitNPROC=, LimitMEMLOCK=, LimitLOCKS=,
203 LimitSIGPENDING=, LimitMSGQUEUE=, LimitNICE=, LimitRTPRIO=,
204 LimitRTTIME=
205 These settings control various resource limits for executed
206 processes. See setrlimit(2) for details.
207
208 PAMName=
209 Sets the PAM service name to set up a session as. If set the
210 executed process will be registered as a PAM session under the
211 specified service name. This is only useful in conjunction with the
212 User= setting. If not set no PAM session will be opened for the
213 executed processes. See pam(8) for details.
214
215 TCPWrapName=
216 If this is a socket-activated service this sets the tcpwrap service
217 name to check the permission for the current connection with. This
218 is only useful in conjunction with socket-activated services, and
219 stream sockets (TCP) in particular. It has no effect on other
220 socket types (e.g. datagram/UDP) and on processes unrelated to
221 socket-based activation. If the tcpwrap verification fails daemon
222 start-up will fail and the connection is terminated. See tcpd(8)
223 for details.
224
225 Capabilities=
226 Controls the capabilities(7) set for the executed process. Take a
227 capability string as described in cap_from_text(3). Note that this
228 capability set is usually influenced by the capabilities attached
229 to the executed file.
230
231 SecureBits=
232 Controls the secure bits set for the executed process. See
233 capabilities(7) for details. Takes a list of strings: keep-caps,
234 keep-caps-locked, no-setuid-fixup, no-setuid-fixup-locked,
235 no-setuid-noroot and/or no-setuid-noroot-locked.
236
237 CapabilityBoundingSetDrop=
238 Controls the capability bounding set drop set for the executed
239 process. See capabilities(7) for details. Takes a list of
240 capability names as read by cap_from_name(3).
241
242 ControlGroup=
243 Controls the control groups the executed processes shall be made
244 members of. Takes a space-separated list of cgroup identifiers. A
245 cgroup identifier has a format like cpu:/foo/bar, where "cpu"
246 identifies the kernel control group controller used, and /foo/bar
247 is the control group path. The controller name and ":" may be
248 omitted in which case the named systemd control group hierarchy is
249 implied. Alternatively, the path and ":" may be omitted, in which
250 case the default control group path for this unit is implied. This
251 option may be used to place executed processes in arbitrary groups
252 in arbitrary hierachies -- which can be configured externally with
253 additional execution limits. By default systemd will place all
254 executed processes in separate per-unit control groups (named after
255 the unit) in the systemd named hierarchy. Since every process can
256 be in one group per hierarchy only overriding the control group
257 path in the named systemd hierarchy will disable automatic
258 placement in the default group. For details about control groups
259 see cgroups.txt[2].
260
261 ReadWriteDirectories=, ReadOnlyDirectories=, InaccessibleDirectories=
262 Sets up a new file-system name space for executed processes. These
263 options may be used to limit access a process might have to the
264 main file-system hierarchy. Each setting takes a space-separated
265 list of absolute directory paths. Directories listed in
266 ReadWriteDirectories= are accessible from within the namespace with
267 the same access rights as from outside. Directories listed in
268 ReadOnlyDirectories= are accessible for reading only, writing will
269 be refused even if the usual file access controls would permit
270 this. Directories listed in InaccessibleDirectories= will be made
271 inaccesible for processes inside the namespace. Note that
272 restricting access with these options does not extend to submounts
273 of a directory. You must list submounts separately in these
274 setttings to ensure the same limited access. These options may be
275 specified more than once in which case all directories listed will
276 have limited access from within the namespace.
277
278 PrivateTmp=
279 Takes a boolean argument. If true sets up a new namespace for the
280 executed processes and mounts a private /tmp directory inside it,
281 that is not shared by processes outside of the namespace. This is
282 useful to secure access to temporary files of the process, but
283 makes sharing between processes via /tmp impossible. Defaults to
284 false.
285
286 MountFlags=
287 Takes a mount propagation flag: shared, slave or private, which
288 control whether namespaces set up with ReadWriteDirectories=,
289 ReadOnlyDirectories= and InaccessibleDirectories= receive or
290 propagate new mounts from/to the main namespace. See mount(1) for
291 details. Defaults to shared, i.e. the new namespace will both
292 receive new mount points from the main namespace as well as
293 propagate new mounts to it.
294
296 systemd(1), systemctl(8), systemd.unit(5), systemd.service(5),
297 systemd.socket(5), systemd.mount(5)
298
300 Lennart Poettering <lennart@poettering.net>
301 Developer
302
304 1. proc.txt
305 http://www.kernel.org/doc/Documentation/filesystems/proc.txt
306
307 2. cgroups.txt
308 http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
309
310
311
312systemd 09/14/2010 SYSTEMD.EXEC(5)