1SYSTEMD.SERVICE(5) systemd.service SYSTEMD.SERVICE(5)
2
6 systemd.service - Service unit configuration
7
9 service.service
10
12 A unit configuration file whose name ends in ".service" encodes
13 information about a process controlled and supervised by systemd.
14 This man page lists the configuration options specific to this unit
16 type. See systemd.unit(5) for the common options of all unit
17 configuration files. The common configuration items are configured in
18 the generic "[Unit]" and "[Install]" sections. The service specific
19 configuration options are configured in the "[Service]" section.
20 Additional options are listed in systemd.exec(5), which define the
22 execution environment the commands are executed in, and in
23 systemd.kill(5), which define the way the processes of the service are
24 terminated, and in systemd.resource-control(5), which configure
25 resource control settings for the processes of the service.
26 If a service is requested under a certain name but no unit
28 configuration file is found, systemd looks for a SysV init script by
29 the same name (with the .service suffix removed) and dynamically
30 creates a service unit from that script. This is useful for
31 compatibility with SysV. Note that this compatibility is quite
32 comprehensive but not 100%. For details about the incompatibilities,
33 see the Incompatibilities with SysV[1] document.
34
36 It is possible for systemd services to take a single argument via the
37 "service@argument.service" syntax. Such services are called
38 "instantiated" services, while the unit definition without the argument
39 parameter is called a "template". An example could be a dhcpcd@.service
40 service template which takes a network interface as a parameter to form
41 an instantiated service. Within the service file, this parameter or
42 "instance name" can be accessed with %-specifiers. See systemd.unit(5)
43 for details.
44
46 Implicit Dependencies
47 The following dependencies are implicitly added:
48 · Services with Type=dbus set automatically acquire dependencies of
50 type Requires= and After= on dbus.socket.
51 · Socket activated services are automatically ordered after their
53 activating .socket units via an automatic After= dependency.
54 Services also pull in all .socket units listed in Sockets= via
55 automatic Wants= and After= dependencies.
56 Additional implicit dependencies may be added as result of execution
58 and resource control parameters as documented in systemd.exec(5) and
59 systemd.resource-control(5).
60 Default Dependencies
62 The following dependencies are added unless DefaultDependencies=no is
63 set:
64 · Service units will have dependencies of type Requires= and After=
66 on sysinit.target, a dependency of type After= on basic.target as
67 well as dependencies of type Conflicts= and Before= on
68 shutdown.target. These ensure that normal service units pull in
69 basic system initialization, and are terminated cleanly prior to
70 system shutdown. Only services involved with early boot or late
71 system shutdown should disable this option.
72 · Instanced service units (i.e. service units with an "@" in their
74 name) are assigned by default a per-template slice unit (see
75 systemd.slice(5)), named after the template unit, containing all
76 instances of the specific template. This slice is normally stopped
77 at shutdown, together with all template instances. If that is not
78 desired, set DefaultDependencies=no in the template unit, and
79 either define your own per-template slice unit file that also sets
80 DefaultDependencies=no, or set Slice=system.slice (or another
81 suitable slice) in the template unit. Also see systemd.resource-
82 control(5).
83
85 Service files must include a "[Service]" section, which carries
86 information about the service and the process it supervises. A number
87 of options that may be used in this section are shared with other unit
88 types. These options are documented in systemd.exec(5), systemd.kill(5)
89 and systemd.resource-control(5). The options specific to the
90 "[Service]" section of service units are the following:
91 Type=
93 Configures the process start-up type for this service unit. One of
94 simple, forking, oneshot, dbus, notify or idle.
95 If set to simple (the default if neither Type= nor BusName=, but
97 ExecStart= are specified), it is expected that the process
98 configured with ExecStart= is the main process of the service. In
99 this mode, if the process offers functionality to other processes
100 on the system, its communication channels should be installed
101 before the daemon is started up (e.g. sockets set up by systemd,
102 via socket activation), as systemd will immediately proceed
103 starting follow-up units.
104 If set to forking, it is expected that the process configured with
106 ExecStart= will call fork() as part of its start-up. The parent
107 process is expected to exit when start-up is complete and all
108 communication channels are set up. The child continues to run as
109 the main daemon process. This is the behavior of traditional UNIX
110 daemons. If this setting is used, it is recommended to also use the
111 PIDFile= option, so that systemd can identify the main process of
112 the daemon. systemd will proceed with starting follow-up units as
113 soon as the parent process exits.
114 Behavior of oneshot is similar to simple; however, it is expected
116 that the process has to exit before systemd starts follow-up units.
117 RemainAfterExit= is particularly useful for this type of service.
118 This is the implied default if neither Type= nor ExecStart= are
119 specified.
120 Behavior of dbus is similar to simple; however, it is expected that
122 the daemon acquires a name on the D-Bus bus, as configured by
123 BusName=. systemd will proceed with starting follow-up units after
124 the D-Bus bus name has been acquired. Service units with this
125 option configured implicitly gain dependencies on the dbus.socket
126 unit. This type is the default if BusName= is specified.
127 Behavior of notify is similar to simple; however, it is expected
129 that the daemon sends a notification message via sd_notify(3) or an
130 equivalent call when it has finished starting up. systemd will
131 proceed with starting follow-up units after this notification
132 message has been sent. If this option is used, NotifyAccess= (see
133 below) should be set to open access to the notification socket
134 provided by systemd. If NotifyAccess= is missing or set to none, it
135 will be forcibly set to main. Note that currently Type=notify will
136 not work if used in combination with PrivateNetwork=yes.
137 Behavior of idle is very similar to simple; however, actual
139 execution of the service program is delayed until all active jobs
140 are dispatched. This may be used to avoid interleaving of output of
141 shell services with the status output on the console. Note that
142 this type is useful only to improve console output, it is not
143 useful as a general unit ordering tool, and the effect of this
144 service type is subject to a 5s time-out, after which the service
145 program is invoked anyway.
146 RemainAfterExit=
148 Takes a boolean value that specifies whether the service shall be
149 considered active even when all its processes exited. Defaults to
150 no.
151 GuessMainPID=
153 Takes a boolean value that specifies whether systemd should try to
154 guess the main PID of a service if it cannot be determined
155 reliably. This option is ignored unless Type=forking is set and
156 PIDFile= is unset because for the other types or with an explicitly
157 configured PID file, the main PID is always known. The guessing
158 algorithm might come to incorrect conclusions if a daemon consists
159 of more than one process. If the main PID cannot be determined,
160 failure detection and automatic restarting of a service will not
161 work reliably. Defaults to yes.
162 PIDFile=
164 Takes an absolute path referring to the PID file of the service.
165 Usage of this option is recommended for services where Type= is set
166 to forking. The service manager will read the PID of the main
167 process of the service from this file after start-up of the
168 service. The service manager will not write to the file configured
169 here, although it will remove the file after the service has shut
170 down if it still exists. The PID file does not need to be owned by
171 a privileged user, but if it is owned by an unprivileged user
172 additional safety restrictions are enforced: the file may not be a
173 symlink to a file owned by a different user (neither directly nor
174 indirectly), and the PID file must refer to a process already
175 belonging to the service.
176 BusName=
178 Takes a D-Bus bus name that this service is reachable as. This
179 option is mandatory for services where Type= is set to dbus.
180 ExecStart=
182 Commands with their arguments that are executed when this service
183 is started. The value is split into zero or more command lines
184 according to the rules described below (see section "Command Lines"
185 below).
186 Unless Type= is oneshot, exactly one command must be given. When
188 Type=oneshot is used, zero or more commands may be specified.
189 Commands may be specified by providing multiple command lines in
190 the same directive, or alternatively, this directive may be
191 specified more than once with the same effect. If the empty string
192 is assigned to this option, the list of commands to start is reset,
193 prior assignments of this option will have no effect. If no
194 ExecStart= is specified, then the service must have
195 RemainAfterExit=yes and at least one ExecStop= line set. (Services
196 lacking both ExecStart= and ExecStop= are not valid.)
197 For each of the specified commands, the first argument must be
199 either an absolute path to an executable or a simple file name
200 without any slashes. Optionally, this filename may be prefixed with
201 a number of special characters:
202 Table 1. Special executable prefixes
204 ┌───────┬────────────────────────────┐
205 │Prefix │ Effect │
206 ├───────┼────────────────────────────┤
207 │"@" │ If the executable path is │
208 │ │ prefixed with "@", the │
209 │ │ second specified token │
210 │ │ will be passed as │
211 │ │ "argv[0]" to the executed │
212 │ │ process (instead of the │
213 │ │ actual filename), followed │
214 │ │ by the further arguments │
215 │ │ specified. │
216 ├───────┼────────────────────────────┤
217 │"-" │ If the executable path is │
218 │ │ prefixed with "-", an exit │
219 │ │ code of the command │
220 │ │ normally considered a │
221 │ │ failure (i.e. non-zero │
222 │ │ exit status or abnormal │
223 │ │ exit due to signal) is │
224 │ │ recorded, but has no │
225 │ │ further effect and is │
226 │ │ considered equivalent to │
227 │ │ success. │
228 ├───────┼────────────────────────────┤
229 │"+" │ If the executable path is │
230 │ │ prefixed with "+" then the │
231 │ │ process is executed with │
232 │ │ full privileges. In this │
233 │ │ mode privilege │
234 │ │ restrictions configured │
235 │ │ with User=, Group=, │
236 │ │ CapabilityBoundingSet= or │
237 │ │ the various file system │
238 │ │ namespacing options (such │
239 │ │ as PrivateDevices=, │
240 │ │ PrivateTmp=) are not │
241 │ │ applied to the invoked │
242 │ │ command line (but still │
243 │ │ affect any other │
244 │ │ ExecStart=, ExecStop=, ... │
245 │ │ lines). │
246 ├───────┼────────────────────────────┤
247 │"!" │ Similar to the "+" │
248 │ │ character discussed above │
249 │ │ this permits invoking │
250 │ │ command lines with │
251 │ │ elevated privileges. │
252 │ │ However, unlike "+" the │
253 │ │ "!" character exclusively │
254 │ │ alters the effect of │
255 │ │ User=, Group= and │
256 │ │ SupplementaryGroups=, i.e. │
257 │ │ only the stanzas that │
258 │ │ affect user and group │
259 │ │ credentials. Note that │
260 │ │ this setting may be │
261 │ │ combined with │
262 │ │ DynamicUser=, in which │
263 │ │ case a dynamic user/group │
264 │ │ pair is allocated before │
265 │ │ the command is invoked, │
266 │ │ but credential changing is │
267 │ │ left to the executed │
268 │ │ process itself. │
269 ├───────┼────────────────────────────┤
270 │"!!" │ This prefix is very │
271 │ │ similar to "!", however it │
272 │ │ only has an effect on │
273 │ │ systems lacking support │
274 │ │ for ambient process │
275 │ │ capabilities, i.e. without │
276 │ │ support for │
277 │ │ AmbientCapabilities=. It's │
278 │ │ intended to be used for │
279 │ │ unit files that take │
280 │ │ benefit of ambient │
281 │ │ capabilities to run │
282 │ │ processes with minimal │
283 │ │ privileges wherever │
284 │ │ possible while remaining │
285 │ │ compatible with systems │
286 │ │ that lack ambient │
287 │ │ capabilities support. Note │
288 │ │ that when "!!" is used, │
289 │ │ and a system lacking │
290 │ │ ambient capability support │
291 │ │ is detected any configured │
292 │ │ SystemCallFilter= and │
293 │ │ CapabilityBoundingSet= │
294 │ │ stanzas are implicitly │
295 │ │ modified, in order to │
296 │ │ permit spawned processes │
297 │ │ to drop credentials and │
298 │ │ capabilities themselves, │
299 │ │ even if this is configured │
300 │ │ to not be allowed. │
301 │ │ Moreover, if this prefix │
302 │ │ is used and a system │
303 │ │ lacking ambient capability │
304 │ │ support is detected │
305 │ │ AmbientCapabilities= will │
306 │ │ be skipped and not be │
307 │ │ applied. On systems │
308 │ │ supporting ambient │
309 │ │ capabilities, "!!" has no │
310 │ │ effect and is redundant. │
311 └───────┴────────────────────────────┘
312 "@", "-", and one of "+"/"!"/"!!" may be used together and they
313 can appear in any order. However, only one of "+", "!", "!!" may
314 be used at a time. Note that these prefixes are also supported for
315 the other command line settings, i.e. ExecStartPre=,
316 ExecStartPost=, ExecReload=, ExecStop= and ExecStopPost=.
317 If more than one command is specified, the commands are invoked
319 sequentially in the order they appear in the unit file. If one of
320 the commands fails (and is not prefixed with "-"), other lines are
321 not executed, and the unit is considered failed.
322 Unless Type=forking is set, the process started via this command
324 line will be considered the main process of the daemon.
325 ExecStartPre=, ExecStartPost=
327 Additional commands that are executed before or after the command
328 in ExecStart=, respectively. Syntax is the same as for ExecStart=,
329 except that multiple command lines are allowed and the commands are
330 executed one after the other, serially.
331 If any of those commands (not prefixed with "-") fail, the rest are
333 not executed and the unit is considered failed.
334 ExecStart= commands are only run after all ExecStartPre= commands
336 that were not prefixed with a "-" exit successfully.
337 ExecStartPost= commands are only run after the commands specified
339 in ExecStart= have been invoked successfully, as determined by
340 Type= (i.e. the process has been started for Type=simple or
341 Type=idle, the last ExecStart= process exited successfully for
342 Type=oneshot, the initial process exited successfully for
343 Type=forking, "READY=1" is sent for Type=notify, or the BusName=
344 has been taken for Type=dbus).
345 Note that ExecStartPre= may not be used to start long-running
347 processes. All processes forked off by processes invoked via
348 ExecStartPre= will be killed before the next service process is
349 run.
350 Note that if any of the commands specified in ExecStartPre=,
352 ExecStart=, or ExecStartPost= fail (and are not prefixed with "-",
353 see above) or time out before the service is fully up, execution
354 continues with commands specified in ExecStopPost=, the commands in
355 ExecStop= are skipped.
356 ExecReload=
358 Commands to execute to trigger a configuration reload in the
359 service. This argument takes multiple command lines, following the
360 same scheme as described for ExecStart= above. Use of this setting
361 is optional. Specifier and environment variable substitution is
362 supported here following the same scheme as for ExecStart=.
363 One additional, special environment variable is set: if known,
365 $MAINPID is set to the main process of the daemon, and may be used
366 for command lines like the following:
367 /bin/kill -HUP $MAINPID
369 Note however that reloading a daemon by sending a signal (as with
371 the example line above) is usually not a good choice, because this
372 is an asynchronous operation and hence not suitable to order
373 reloads of multiple services against each other. It is strongly
374 recommended to set ExecReload= to a command that not only triggers
375 a configuration reload of the daemon, but also synchronously waits
376 for it to complete.
377 ExecStop=
379 Commands to execute to stop the service started via ExecStart=.
380 This argument takes multiple command lines, following the same
381 scheme as described for ExecStart= above. Use of this setting is
382 optional. After the commands configured in this option are run, it
383 is implied that the service is stopped, and any processes remaining
384 for it are terminated according to the KillMode= setting (see
385 systemd.kill(5)). If this option is not specified, the process is
386 terminated by sending the signal specified in KillSignal= when
387 service stop is requested. Specifier and environment variable
388 substitution is supported (including $MAINPID, see above).
389 Note that it is usually not sufficient to specify a command for
391 this setting that only asks the service to terminate (for example,
392 by queuing some form of termination signal for it), but does not
393 wait for it to do so. Since the remaining processes of the services
394 are killed according to KillMode= and KillSignal= as described
395 above immediately after the command exited, this may not result in
396 a clean stop. The specified command should hence be a synchronous
397 operation, not an asynchronous one.
398 Note that the commands specified in ExecStop= are only executed
400 when the service started successfully first. They are not invoked
401 if the service was never started at all, or in case its start-up
402 failed, for example because any of the commands specified in
403 ExecStart=, ExecStartPre= or ExecStartPost= failed (and weren't
404 prefixed with "-", see above) or timed out. Use ExecStopPost= to
405 invoke commands when a service failed to start up correctly and is
406 shut down again. Also note that, service restart requests are
407 implemented as stop operations followed by start operations. This
408 means that ExecStop= and ExecStopPost= are executed during a
409 service restart operation.
410 It is recommended to use this setting for commands that communicate
412 with the service requesting clean termination. When the commands
413 specified with this option are executed it should be assumed that
414 the service is still fully up and is able to react correctly to all
415 commands. For post-mortem clean-up steps use ExecStopPost= instead.
416 ExecStopPost=
418 Additional commands that are executed after the service is stopped.
419 This includes cases where the commands configured in ExecStop= were
420 used, where the service does not have any ExecStop= defined, or
421 where the service exited unexpectedly. This argument takes multiple
422 command lines, following the same scheme as described for
423 ExecStart=. Use of these settings is optional. Specifier and
424 environment variable substitution is supported. Note that – unlike
425 ExecStop= – commands specified with this setting are invoked when a
426 service failed to start up correctly and is shut down again.
427 It is recommended to use this setting for clean-up operations that
429 shall be executed even when the service failed to start up
430 correctly. Commands configured with this setting need to be able to
431 operate even if the service failed starting up half-way and left
432 incompletely initialized data around. As the service's processes
433 have been terminated already when the commands specified with this
434 setting are executed they should not attempt to communicate with
435 them.
436 Note that all commands that are configured with this setting are
438 invoked with the result code of the service, as well as the main
439 process' exit code and status, set in the $SERVICE_RESULT,
440 $EXIT_CODE and $EXIT_STATUS environment variables, see
441 systemd.exec(5) for details.
442 RestartSec=
444 Configures the time to sleep before restarting a service (as
445 configured with Restart=). Takes a unit-less value in seconds, or a
446 time span value such as "5min 20s". Defaults to 100ms.
447 TimeoutStartSec=
449 Configures the time to wait for start-up. If a daemon service does
450 not signal start-up completion within the configured time, the
451 service will be considered failed and will be shut down again.
452 Takes a unit-less value in seconds, or a time span value such as
453 "5min 20s". Pass "infinity" to disable the timeout logic. Defaults
454 to DefaultTimeoutStartSec= from the manager configuration file,
455 except when Type=oneshot is used, in which case the timeout is
456 disabled by default (see systemd-system.conf(5)).
457 If a service of Type=notify sends "EXTEND_TIMEOUT_USEC=...", this
459 may cause the start time to be extended beyond TimeoutStartSec=.
460 The first receipt of this message must occur before
461 TimeoutStartSec= is exceeded, and once the start time has exended
462 beyond TimeoutStartSec=, the service manager will allow the service
463 to continue to start, provided the service repeats
464 "EXTEND_TIMEOUT_USEC=..." within the interval specified until the
465 service startup status is finished by "READY=1". (see
466 sd_notify(3)).
467 TimeoutStopSec=
469 This option serves two purposes. First, it configures the time to
470 wait for each ExecStop= command. If any of them times out,
471 subsequent ExecStop= commands are skipped and the service will be
472 terminated by SIGTERM. If no ExecStop= commands are specified, the
473 service gets the SIGTERM immediately. Second, it configures the
474 time to wait for the service itself to stop. If it doesn't
475 terminate in the specified time, it will be forcibly terminated by
476 SIGKILL (see KillMode= in systemd.kill(5)). Takes a unit-less value
477 in seconds, or a time span value such as "5min 20s". Pass
478 "infinity" to disable the timeout logic. Defaults to
479 DefaultTimeoutStopSec= from the manager configuration file (see
480 systemd-system.conf(5)).
481 If a service of Type=notify sends "EXTEND_TIMEOUT_USEC=...", this
483 may cause the stop time to be extended beyond TimeoutStopSec=. The
484 first receipt of this message must occur before TimeoutStopSec= is
485 exceeded, and once the stop time has exended beyond
486 TimeoutStopSec=, the service manager will allow the service to
487 continue to stop, provided the service repeats
488 "EXTEND_TIMEOUT_USEC=..." within the interval specified, or
489 terminates itself (see sd_notify(3)).
490 TimeoutSec=
492 A shorthand for configuring both TimeoutStartSec= and
493 TimeoutStopSec= to the specified value.
494 RuntimeMaxSec=
496 Configures a maximum time for the service to run. If this is used
497 and the service has been active for longer than the specified time
498 it is terminated and put into a failure state. Note that this
499 setting does not have any effect on Type=oneshot services, as they
500 terminate immediately after activation completed. Pass "infinity"
501 (the default) to configure no runtime limit.
502 If a service of Type=notify sends "EXTEND_TIMEOUT_USEC=...", this
504 may cause the runtime to be extended beyond RuntimeMaxSec=. The
505 first receipt of this message must occur before RuntimeMaxSec= is
506 exceeded, and once the runtime has exended beyond RuntimeMaxSec=,
507 the service manager will allow the service to continue to run,
508 provided the service repeats "EXTEND_TIMEOUT_USEC=..." within the
509 interval specified until the service shutdown is achieved by
510 "STOPPING=1" (or termination). (see sd_notify(3)).
511 WatchdogSec=
513 Configures the watchdog timeout for a service. The watchdog is
514 activated when the start-up is completed. The service must call
515 sd_notify(3) regularly with "WATCHDOG=1" (i.e. the "keep-alive
516 ping"). If the time between two such calls is larger than the
517 configured time, then the service is placed in a failed state and
518 it will be terminated with SIGABRT. By setting Restart= to
519 on-failure, on-watchdog, on-abnormal or always, the service will be
520 automatically restarted. The time configured here will be passed to
521 the executed service process in the WATCHDOG_USEC= environment
522 variable. This allows daemons to automatically enable the
523 keep-alive pinging logic if watchdog support is enabled for the
524 service. If this option is used, NotifyAccess= (see below) should
525 be set to open access to the notification socket provided by
526 systemd. If NotifyAccess= is not set, it will be implicitly set to
527 main. Defaults to 0, which disables this feature. The service can
528 check whether the service manager expects watchdog keep-alive
529 notifications. See sd_watchdog_enabled(3) for details.
530 sd_event_set_watchdog(3) may be used to enable automatic watchdog
531 notification support.
532 Restart=
534 Configures whether the service shall be restarted when the service
535 process exits, is killed, or a timeout is reached. The service
536 process may be the main service process, but it may also be one of
537 the processes specified with ExecStartPre=, ExecStartPost=,
538 ExecStop=, ExecStopPost=, or ExecReload=. When the death of the
539 process is a result of systemd operation (e.g. service stop or
540 restart), the service will not be restarted. Timeouts include
541 missing the watchdog "keep-alive ping" deadline and a service
542 start, reload, and stop operation timeouts.
543 Takes one of no, on-success, on-failure, on-abnormal, on-watchdog,
545 on-abort, or always. If set to no (the default), the service will
546 not be restarted. If set to on-success, it will be restarted only
547 when the service process exits cleanly. In this context, a clean
548 exit means an exit code of 0, or one of the signals SIGHUP, SIGINT,
549 SIGTERM or SIGPIPE, and additionally, exit statuses and signals
550 specified in SuccessExitStatus=. If set to on-failure, the service
551 will be restarted when the process exits with a non-zero exit code,
552 is terminated by a signal (including on core dump, but excluding
553 the aforementioned four signals), when an operation (such as
554 service reload) times out, and when the configured watchdog timeout
555 is triggered. If set to on-abnormal, the service will be restarted
556 when the process is terminated by a signal (including on core dump,
557 excluding the aforementioned four signals), when an operation times
558 out, or when the watchdog timeout is triggered. If set to on-abort,
559 the service will be restarted only if the service process exits due
560 to an uncaught signal not specified as a clean exit status. If set
561 to on-watchdog, the service will be restarted only if the watchdog
562 timeout for the service expires. If set to always, the service will
563 be restarted regardless of whether it exited cleanly or not, got
564 terminated abnormally by a signal, or hit a timeout.
565 Table 2. Exit causes and the effect of the Restart= settings on
567 them
568 ┌──────────────┬────┬────────┬────────────┬────────────┬─────────────┬──────────┬─────────────┐
569 │Restart │ no │ always │ on-success │ on-failure │ on-abnormal │ on-abort │ on-watchdog │
570 │settings/Exit │ │ │ │ │ │ │ │
571 │causes │ │ │ │ │ │ │ │
572 ├──────────────┼────┼────────┼────────────┼────────────┼─────────────┼──────────┼─────────────┤
573 │Clean exit │ │ X │ X │ │ │ │ │
574 │code or │ │ │ │ │ │ │ │
575 │signal │ │ │ │ │ │ │ │
576 ├──────────────┼────┼────────┼────────────┼────────────┼─────────────┼──────────┼─────────────┤
577 │Unclean exit │ │ X │ │ X │ │ │ │
578 │code │ │ │ │ │ │ │ │
579 ├──────────────┼────┼────────┼────────────┼────────────┼─────────────┼──────────┼─────────────┤
580 │Unclean │ │ X │ │ X │ X │ X │ │
581 │signal │ │ │ │ │ │ │ │
582 ├──────────────┼────┼────────┼────────────┼────────────┼─────────────┼──────────┼─────────────┤
583 │Timeout │ │ X │ │ X │ X │ │ │
584 ├──────────────┼────┼────────┼────────────┼────────────┼─────────────┼──────────┼─────────────┤
585 │Watchdog │ │ X │ │ X │ X │ │ X │
586 └──────────────┴────┴────────┴────────────┴────────────┴─────────────┴──────────┴─────────────┘
587 As exceptions to the setting above, the service will not be
588 restarted if the exit code or signal is specified in
589 RestartPreventExitStatus= (see below) or the service is stopped
590 with systemctl stop or an equivalent operation. Also, the services
591 will always be restarted if the exit code or signal is specified in
592 RestartForceExitStatus= (see below).
593 Note that service restart is subject to unit start rate limiting
595 configured with StartLimitIntervalSec= and StartLimitBurst=, see
596 systemd.unit(5) for details. A restarted service enters the failed
597 state only after the start limits are reached.
598 Setting this to on-failure is the recommended choice for
600 long-running services, in order to increase reliability by
601 attempting automatic recovery from errors. For services that shall
602 be able to terminate on their own choice (and avoid immediate
603 restarting), on-abnormal is an alternative choice.
604 SuccessExitStatus=
606 Takes a list of exit status definitions that, when returned by the
607 main service process, will be considered successful termination, in
608 addition to the normal successful exit code 0 and the signals
609 SIGHUP, SIGINT, SIGTERM, and SIGPIPE. Exit status definitions can
610 either be numeric exit codes or termination signal names, separated
611 by spaces. For example:
612 SuccessExitStatus=1 2 8 SIGKILL
614 ensures that exit codes 1, 2, 8 and the termination signal SIGKILL
616 are considered clean service terminations.
617 This option may appear more than once, in which case the list of
619 successful exit statuses is merged. If the empty string is assigned
620 to this option, the list is reset, all prior assignments of this
621 option will have no effect.
622 RestartPreventExitStatus=
624 Takes a list of exit status definitions that, when returned by the
625 main service process, will prevent automatic service restarts,
626 regardless of the restart setting configured with Restart=. Exit
627 status definitions can either be numeric exit codes or termination
628 signal names, and are separated by spaces. Defaults to the empty
629 list, so that, by default, no exit status is excluded from the
630 configured restart logic. For example:
631 RestartPreventExitStatus=1 6 SIGABRT
633 ensures that exit codes 1 and 6 and the termination signal SIGABRT
635 will not result in automatic service restarting. This option may
636 appear more than once, in which case the list of restart-preventing
637 statuses is merged. If the empty string is assigned to this option,
638 the list is reset and all prior assignments of this option will
639 have no effect.
640 RestartForceExitStatus=
642 Takes a list of exit status definitions that, when returned by the
643 main service process, will force automatic service restarts,
644 regardless of the restart setting configured with Restart=. The
645 argument format is similar to RestartPreventExitStatus=.
646 PermissionsStartOnly=
648 Takes a boolean argument. If true, the permission-related execution
649 options, as configured with User= and similar options (see
650 systemd.exec(5) for more information), are only applied to the
651 process started with ExecStart=, and not to the various other
652 ExecStartPre=, ExecStartPost=, ExecReload=, ExecStop=, and
653 ExecStopPost= commands. If false, the setting is applied to all
654 configured commands the same way. Defaults to false.
655 RootDirectoryStartOnly=
657 Takes a boolean argument. If true, the root directory, as
658 configured with the RootDirectory= option (see systemd.exec(5) for
659 more information), is only applied to the process started with
660 ExecStart=, and not to the various other ExecStartPre=,
661 ExecStartPost=, ExecReload=, ExecStop=, and ExecStopPost= commands.
662 If false, the setting is applied to all configured commands the
663 same way. Defaults to false.
664 NonBlocking=
666 Set the O_NONBLOCK flag for all file descriptors passed via
667 socket-based activation. If true, all file descriptors >= 3 (i.e.
668 all except stdin, stdout, stderr), excluding those passed in via
669 the file descriptor storage logic (see FileDescriptorStoreMax= for
670 details), will have the O_NONBLOCK flag set and hence are in
671 non-blocking mode. This option is only useful in conjunction with a
672 socket unit, as described in systemd.socket(5) and has no effect on
673 file descriptors which were previously saved in the file-descriptor
674 store for example. Defaults to false.
675 NotifyAccess=
677 Controls access to the service status notification socket, as
678 accessible via the sd_notify(3) call. Takes one of none (the
679 default), main, exec or all. If none, no daemon status updates are
680 accepted from the service processes, all status update messages are
681 ignored. If main, only service updates sent from the main process
682 of the service are accepted. If exec, only service updates sent
683 from any of the main or control processes originating from one of
684 the Exec*= commands are accepted. If all, all services updates from
685 all members of the service's control group are accepted. This
686 option should be set to open access to the notification socket when
687 using Type=notify or WatchdogSec= (see above). If those options are
688 used but NotifyAccess= is not configured, it will be implicitly set
689 to main.
690 Note that sd_notify() notifications may be attributed to units
692 correctly only if either the sending process is still around at the
693 time PID 1 processes the message, or if the sending process is
694 explicitly runtime-tracked by the service manager. The latter is
695 the case if the service manager originally forked off the process,
696 i.e. on all processes that match main or exec. Conversely, if an
697 auxiliary process of the unit sends an sd_notify() message and
698 immediately exits, the service manager might not be able to
699 properly attribute the message to the unit, and thus will ignore
700 it, even if NotifyAccess=all is set for it.
701 Sockets=
703 Specifies the name of the socket units this service shall inherit
704 socket file descriptors from when the service is started. Normally,
705 it should not be necessary to use this setting, as all socket file
706 descriptors whose unit shares the same name as the service (subject
707 to the different unit name suffix of course) are passed to the
708 spawned process.
709 Note that the same socket file descriptors may be passed to
711 multiple processes simultaneously. Also note that a different
712 service may be activated on incoming socket traffic than the one
713 which is ultimately configured to inherit the socket file
714 descriptors. Or, in other words: the Service= setting of .socket
715 units does not have to match the inverse of the Sockets= setting of
716 the .service it refers to.
717 This option may appear more than once, in which case the list of
719 socket units is merged. If the empty string is assigned to this
720 option, the list of sockets is reset, and all prior uses of this
721 setting will have no effect.
722 FileDescriptorStoreMax=
724 Configure how many file descriptors may be stored in the service
725 manager for the service using sd_pid_notify_with_fds(3)'s
726 "FDSTORE=1" messages. This is useful for implementing services that
727 can restart after an explicit request or a crash without losing
728 state. Any open sockets and other file descriptors which should not
729 be closed during the restart may be stored this way. Application
730 state can either be serialized to a file in /run, or better, stored
731 in a memfd_create(2) memory file descriptor. Defaults to 0, i.e. no
732 file descriptors may be stored in the service manager. All file
733 descriptors passed to the service manager from a specific service
734 are passed back to the service's main process on the next service
735 restart. Any file descriptors passed to the service manager are
736 automatically closed when POLLHUP or POLLERR is seen on them, or
737 when the service is fully stopped and no job is queued or being
738 executed for it. If this option is used, NotifyAccess= (see above)
739 should be set to open access to the notification socket provided by
740 systemd. If NotifyAccess= is not set, it will be implicitly set to
741 main.
742 USBFunctionDescriptors=
744 Configure the location of a file containing USB FunctionFS[2]
745 descriptors, for implementation of USB gadget functions. This is
746 used only in conjunction with a socket unit with ListenUSBFunction=
747 configured. The contents of this file are written to the ep0 file
748 after it is opened.
749 USBFunctionStrings=
751 Configure the location of a file containing USB FunctionFS strings.
752 Behavior is similar to USBFunctionDescriptors= above.
753 Check systemd.exec(5) and systemd.kill(5) for more settings.
755
757 This section describes command line parsing and variable and specifier
758 substitutions for ExecStart=, ExecStartPre=, ExecStartPost=,
759 ExecReload=, ExecStop=, and ExecStopPost= options.
760 Multiple command lines may be concatenated in a single directive by
762 separating them with semicolons (these semicolons must be passed as
763 separate words). Lone semicolons may be escaped as "\;".
764 Each command line is split on whitespace, with the first item being the
766 command to execute, and the subsequent items being the arguments.
767 Double quotes ("...") and single quotes ('...') may be used to wrap a
768 whole item (the opening quote may appear only at the beginning or after
769 whitespace that is not quoted, and the closing quote must be followed
770 by whitespace or the end of line), in which case everything until the
771 next matching quote becomes part of the same argument. Quotes
772 themselves are removed. C-style escapes are also supported. The table
773 below contains the list of known escape patterns. Only escape patterns
774 which match the syntax in the table are allowed; other patterns may be
775 added in the future and unknown patterns will result in a warning. In
776 particular, any backslashes should be doubled. Finally, a trailing
777 backslash ("\") may be used to merge lines.
778 This syntax is inspired by shell syntax, but only the meta-characters
780 and expansions described in the following paragraphs are understood,
781 and the expansion of variables is different. Specifically, redirection
782 using "<", "<<", ">", and ">>", pipes using "|", running programs in
783 the background using "&", and other elements of shell syntax are not
784 supported.
785 The command to execute may contain spaces, but control characters are
787 not allowed.
788 The command line accepts "%" specifiers as described in
790 systemd.unit(5).
791 Basic environment variable substitution is supported. Use "${FOO}" as
793 part of a word, or as a word of its own, on the command line, in which
794 case it will be replaced by the value of the environment variable
795 including all whitespace it contains, resulting in a single argument.
796 Use "$FOO" as a separate word on the command line, in which case it
797 will be replaced by the value of the environment variable split at
798 whitespace, resulting in zero or more arguments. For this type of
799 expansion, quotes are respected when splitting into words, and
800 afterwards removed.
801 If the command is not a full (absolute) path, it will be resolved to a
803 full path using a fixed search path determinted at compilation time.
804 Searched directories include /usr/local/bin/, /usr/bin/, /bin/ on
805 systems using split /usr/bin/ and /bin/ directories, and their sbin/
806 counterparts on systems using split bin/ and sbin/. It is thus safe to
807 use just the executable name in case of executables located in any of
808 the "standard" directories, and an absolute path must be used in other
809 cases. Using an absolute path is recommended to avoid ambiguity. Hint:
810 this search path may be queried using systemd-path
811 search-binaries-default.
812 Example:
814 Environment="ONE=one" 'TWO=two two'
816 ExecStart=echo $ONE $TWO ${TWO}
817 This will execute /bin/echo with four arguments: "one", "two", "two",
819 and "two two".
820 Example:
822 Environment=ONE='one' "TWO='two two' too" THREE=
824 ExecStart=/bin/echo ${ONE} ${TWO} ${THREE}
825 ExecStart=/bin/echo $ONE $TWO $THREE
826 This results in /bin/echo being called twice, the first time with
828 arguments "'one'", "'two two' too", "", and the second time with
829 arguments "one", "two two", "too".
830 To pass a literal dollar sign, use "$$". Variables whose value is not
832 known at expansion time are treated as empty strings. Note that the
833 first argument (i.e. the program to execute) may not be a variable.
834 Variables to be used in this fashion may be defined through
836 Environment= and EnvironmentFile=. In addition, variables listed in the
837 section "Environment variables in spawned processes" in
838 systemd.exec(5), which are considered "static configuration", may be
839 used (this includes e.g. $USER, but not $TERM).
840 Note that shell command lines are not directly supported. If shell
842 command lines are to be used, they need to be passed explicitly to a
843 shell implementation of some kind. Example:
844 ExecStart=sh -c 'dmesg | tac'
846 Example:
848 ExecStart=echo one ; echo "two two"
850 This will execute echo two times, each time with one argument: "one"
852 and "two two", respectively. Because two commands are specified,
853 Type=oneshot must be used.
854 Example:
856 ExecStart=echo / >/dev/null & \; \
858 ls
859 This will execute echo with five arguments: "/", ">/dev/null", "&",
861 ";", and "ls".
862 Table 3. C escapes supported in command lines and environment variables
864 ┌────────┬─────────────────────────┐
865 │Literal │ Actual value │
866 ├────────┼─────────────────────────┤
867 │"\a" │ bell │
868 ├────────┼─────────────────────────┤
869 │"\b" │ backspace │
870 ├────────┼─────────────────────────┤
871 │"\f" │ form feed │
872 ├────────┼─────────────────────────┤
873 │"\n" │ newline │
874 ├────────┼─────────────────────────┤
875 │"\r" │ carriage return │
876 ├────────┼─────────────────────────┤
877 │"\t" │ tab │
878 ├────────┼─────────────────────────┤
879 │"\v" │ vertical tab │
880 ├────────┼─────────────────────────┤
881 │"\\" │ backslash │
882 ├────────┼─────────────────────────┤
883 │"\"" │ double quotation mark │
884 ├────────┼─────────────────────────┤
885 │"\'" │ single quotation mark │
886 ├────────┼─────────────────────────┤
887 │"\s" │ space │
888 ├────────┼─────────────────────────┤
889 │"\xxx" │ character number xx in │
890 │ │ hexadecimal encoding │
891 ├────────┼─────────────────────────┤
892 │"\nnn" │ character number nnn in │
893 │ │ octal encoding │
894 └────────┴─────────────────────────┘
895
897 Example 1. Simple service
898 The following unit file creates a service that will execute
900 /usr/sbin/foo-daemon. Since no Type= is specified, the default
901 Type=simple will be assumed. systemd will assume the unit to be started
902 immediately after the program has begun executing.
903 [Unit]
905 Description=Foo
906 [Service]
908 ExecStart=/usr/sbin/foo-daemon
909 [Install]
911 WantedBy=multi-user.target
912 Note that systemd assumes here that the process started by systemd will
914 continue running until the service terminates. If the program
915 daemonizes itself (i.e. forks), please use Type=forking instead.
916 Since no ExecStop= was specified, systemd will send SIGTERM to all
918 processes started from this service, and after a timeout also SIGKILL.
919 This behavior can be modified, see systemd.kill(5) for details.
920 Note that this unit type does not include any type of notification when
922 a service has completed initialization. For this, you should use other
923 unit types, such as Type=notify if the service understands systemd's
924 notification protocol, Type=forking if the service can background
925 itself or Type=dbus if the unit acquires a DBus name once
926 initialization is complete. See below.
927 Example 2. Oneshot service
929 Sometimes, units should just execute an action without keeping active
931 processes, such as a filesystem check or a cleanup action on boot. For
932 this, Type=oneshot exists. Units of this type will wait until the
933 process specified terminates and then fall back to being inactive. The
934 following unit will perform a cleanup action:
935 [Unit]
937 Description=Cleanup old Foo data
938 [Service]
940 Type=oneshot
941 ExecStart=/usr/sbin/foo-cleanup
942 [Install]
944 WantedBy=multi-user.target
945 Note that systemd will consider the unit to be in the state "starting"
947 until the program has terminated, so ordered dependencies will wait for
948 the program to finish before starting themselves. The unit will revert
949 to the "inactive" state after the execution is done, never reaching the
950 "active" state. That means another request to start the unit will
951 perform the action again.
952 Type=oneshot are the only service units that may have more than one
954 ExecStart= specified. They will be executed in order until either they
955 are all successful or one of them fails.
956 Example 3. Stoppable oneshot service
958 Similarly to the oneshot services, there are sometimes units that need
960 to execute a program to set up something and then execute another to
961 shut it down, but no process remains active while they are considered
962 "started". Network configuration can sometimes fall into this category.
963 Another use case is if a oneshot service shall not be executed each
964 time when they are pulled in as a dependency, but only the first time.
965 For this, systemd knows the setting RemainAfterExit=yes, which causes
967 systemd to consider the unit to be active if the start action exited
968 successfully. This directive can be used with all types, but is most
969 useful with Type=oneshot and Type=simple. With Type=oneshot, systemd
970 waits until the start action has completed before it considers the unit
971 to be active, so dependencies start only after the start action has
972 succeeded. With Type=simple, dependencies will start immediately after
973 the start action has been dispatched. The following unit provides an
974 example for a simple static firewall.
975 [Unit]
977 Description=Simple firewall
978 [Service]
980 Type=oneshot
981 RemainAfterExit=yes
982 ExecStart=/usr/local/sbin/simple-firewall-start
983 ExecStop=/usr/local/sbin/simple-firewall-stop
984 [Install]
986 WantedBy=multi-user.target
987 Since the unit is considered to be running after the start action has
989 exited, invoking systemctl start on that unit again will cause no
990 action to be taken.
991 Example 4. Traditional forking services
993 Many traditional daemons/services background (i.e. fork, daemonize)
995 themselves when starting. Set Type=forking in the service's unit file
996 to support this mode of operation. systemd will consider the service to
997 be in the process of initialization while the original program is still
998 running. Once it exits successfully and at least a process remains (and
999 RemainAfterExit=no), the service is considered started.
1000 Often, a traditional daemon only consists of one process. Therefore, if
1002 only one process is left after the original process terminates, systemd
1003 will consider that process the main process of the service. In that
1004 case, the $MAINPID variable will be available in ExecReload=,
1005 ExecStop=, etc.
1006 In case more than one process remains, systemd will be unable to
1008 determine the main process, so it will not assume there is one. In that
1009 case, $MAINPID will not expand to anything. However, if the process
1010 decides to write a traditional PID file, systemd will be able to read
1011 the main PID from there. Please set PIDFile= accordingly. Note that the
1012 daemon should write that file before finishing with its initialization.
1013 Otherwise, systemd might try to read the file before it exists.
1014 The following example shows a simple daemon that forks and just starts
1016 one process in the background:
1017 [Unit]
1019 Description=Some simple daemon
1020 [Service]
1022 Type=forking
1023 ExecStart=/usr/sbin/my-simple-daemon -d
1024 [Install]
1026 WantedBy=multi-user.target
1027 Please see systemd.kill(5) for details on how you can influence the way
1029 systemd terminates the service.
1030 Example 5. DBus services
1032 For services that acquire a name on the DBus system bus, use Type=dbus
1034 and set BusName= accordingly. The service should not fork (daemonize).
1035 systemd will consider the service to be initialized once the name has
1036 been acquired on the system bus. The following example shows a typical
1037 DBus service:
1038 [Unit]
1040 Description=Simple DBus service
1041 [Service]
1043 Type=dbus
1044 BusName=org.example.simple-dbus-service
1045 ExecStart=/usr/sbin/simple-dbus-service
1046 [Install]
1048 WantedBy=multi-user.target
1049 For bus-activatable services, do not include a "[Install]" section in
1051 the systemd service file, but use the SystemdService= option in the
1052 corresponding DBus service file, for example
1053 (/usr/share/dbus-1/system-services/org.example.simple-dbus-service.service):
1054 [D-BUS Service]
1056 Name=org.example.simple-dbus-service
1057 Exec=/usr/sbin/simple-dbus-service
1058 User=root
1059 SystemdService=simple-dbus-service.service
1060 Please see systemd.kill(5) for details on how you can influence the way
1062 systemd terminates the service.
1063 Example 6. Services that notify systemd about their initialization
1065 Type=simple services are really easy to write, but have the major
1067 disadvantage of systemd not being able to tell when initialization of
1068 the given service is complete. For this reason, systemd supports a
1069 simple notification protocol that allows daemons to make systemd aware
1070 that they are done initializing. Use Type=notify for this. A typical
1071 service file for such a daemon would look like this:
1072 [Unit]
1074 Description=Simple notifying service
1075 [Service]
1077 Type=notify
1078 ExecStart=/usr/sbin/simple-notifying-service
1079 [Install]
1081 WantedBy=multi-user.target
1082 Note that the daemon has to support systemd's notification protocol,
1084 else systemd will think the service has not started yet and kill it
1085 after a timeout. For an example of how to update daemons to support
1086 this protocol transparently, take a look at sd_notify(3). systemd will
1087 consider the unit to be in the 'starting' state until a readiness
1088 notification has arrived.
1089 Please see systemd.kill(5) for details on how you can influence the way
1091 systemd terminates the service.
1092
1094 systemd(1), systemctl(1), systemd.unit(5), systemd.exec(5),
1095 systemd.resource-control(5), systemd.kill(5), systemd.directives(7)
1096
1098 1. Incompatibilities with SysV
1099 https://www.freedesktop.org/wiki/Software/systemd/Incompatibilities
1100 2. USB FunctionFS
1102 https://www.kernel.org/doc/Documentation/usb/functionfs.txt
1103systemd 239 SYSTEMD.SERVICE(5)