1SYSTEMD-RUN(1) systemd-run SYSTEMD-RUN(1)
2
3
4
6 systemd-run - Run programs in transient scope units, service units, or
7 path-, socket-, or timer-triggered service units
8
10 systemd-run [OPTIONS...] COMMAND [ARGS...]
11
12 systemd-run [OPTIONS...] [PATH OPTIONS...] {COMMAND} [ARGS...]
13
14 systemd-run [OPTIONS...] [SOCKET OPTIONS...] {COMMAND} [ARGS...]
15
16 systemd-run [OPTIONS...] [TIMER OPTIONS...] {COMMAND} [ARGS...]
17
19 systemd-run may be used to create and start a transient .service or
20 .scope unit and run the specified COMMAND in it. It may also be used to
21 create and start a transient .path, .socket, or .timer unit, that
22 activates a .service unit when elapsing.
23
24 If a command is run as transient service unit, it will be started and
25 managed by the service manager like any other service, and thus shows
26 up in the output of systemctl list-units like any other unit. It will
27 run in a clean and detached execution environment, with the service
28 manager as its parent process. In this mode, systemd-run will start the
29 service asynchronously in the background and return after the command
30 has begun execution (unless --no-block or --wait are specified, see
31 below).
32
33 If a command is run as transient scope unit, it will be executed by
34 systemd-run itself as parent process and will thus inherit the
35 execution environment of the caller. However, the processes of the
36 command are managed by the service manager similar to normal services,
37 and will show up in the output of systemctl list-units. Execution in
38 this case is synchronous, and will return only when the command
39 finishes. This mode is enabled via the --scope switch (see below).
40
41 If a command is run with path, socket, or timer options such as
42 --on-calendar= (see below), a transient path, socket, or timer unit is
43 created alongside the service unit for the specified command. Only the
44 transient path, socket, or timer unit is started immediately, the
45 transient service unit will be triggered by the path, socket, or timer
46 unit. If the --unit= option is specified, the COMMAND may be omitted.
47 In this case, systemd-run creates only a .path, .socket, or .timer unit
48 that triggers the specified unit.
49
50 By default, services created with systemd-run default to the simple
51 type, see the description of Type= in systemd.service(5) for details.
52 Note that when this type is used the service manager (and thus the
53 systemd-run command) considers service start-up successful as soon as
54 the fork() for the main service process succeeded, i.e. before the
55 execve() is invoked, and thus even if the specified command cannot be
56 started. Consider using the exec service type (i.e.
57 --property=Type=exec) to ensure that systemd-run returns successfully
58 only if the specified command line has been successfully started.
59
61 The following options are understood:
62
63 --no-ask-password
64 Do not query the user for authentication for privileged operations.
65
66 --scope
67 Create a transient .scope unit instead of the default transient
68 .service unit (see above).
69
70 --unit=
71 Use this unit name instead of an automatically generated one.
72
73 --property=, -p
74 Sets a property on the scope or service unit that is created. This
75 option takes an assignment in the same format as systemctl(1)'s
76 set-property command.
77
78 --description=
79 Provide a description for the service, scope, path, socket, or
80 timer unit. If not specified, the command itself will be used as a
81 description. See Description= in systemd.unit(5).
82
83 --slice=
84 Make the new .service or .scope unit part of the specified slice,
85 instead of system.slice.
86
87 -r, --remain-after-exit
88 After the service process has terminated, keep the service around
89 until it is explicitly stopped. This is useful to collect runtime
90 information about the service after it finished running. Also see
91 RemainAfterExit= in systemd.service(5).
92
93 --send-sighup
94 When terminating the scope or service unit, send a SIGHUP
95 immediately after SIGTERM. This is useful to indicate to shells and
96 shell-like processes that the connection has been severed. Also see
97 SendSIGHUP= in systemd.kill(5).
98
99 --service-type=
100 Sets the service type. Also see Type= in systemd.service(5). This
101 option has no effect in conjunction with --scope. Defaults to
102 simple.
103
104 --uid=, --gid=
105 Runs the service process under the specified UNIX user and group.
106 Also see User= and Group= in systemd.exec(5).
107
108 --nice=
109 Runs the service process with the specified nice level. Also see
110 Nice= in systemd.exec(5).
111
112 --working-directory=
113 Runs the service process with the specified working directory. Also
114 see WorkingDirectory= in systemd.exec(5).
115
116 --same-dir, -d
117 Similar to --working-directory= but uses the current working
118 directory of the caller for the service to execute.
119
120 -E NAME=VALUE, --setenv=NAME=VALUE
121 Runs the service process with the specified environment variable
122 set. Also see Environment= in systemd.exec(5).
123
124 --pty, -t
125 When invoking the command, the transient service connects its
126 standard input, output and error to the terminal systemd-run is
127 invoked on, via a pseudo TTY device. This allows running programs
128 that expect interactive user input/output as services, such as
129 interactive command shells.
130
131 Note that machinectl(1)'s shell command is usually a better
132 alternative for requesting a new, interactive login session on the
133 local host or a local container.
134
135 See below for details on how this switch combines with --pipe.
136
137 --pipe, -P
138 If specified, standard input, output, and error of the transient
139 service are inherited from the systemd-run command itself. This
140 allows systemd-run to be used within shell pipelines. Note that
141 this mode is not suitable for interactive command shells and
142 similar, as the service process will not become a TTY controller
143 when invoked on a terminal. Use --pty instead in that case.
144
145 When both --pipe and --pty are used in combination the more
146 appropriate option is automatically determined and used.
147 Specifically, when invoked with standard input, output and error
148 connected to a TTY --pty is used, and otherwise --pipe.
149
150 When this option is used the original file descriptors systemd-run
151 receives are passed to the service processes as-is. If the service
152 runs with different privileges than systemd-run, this means the
153 service might not be able to re-open the passed file descriptors,
154 due to normal file descriptor access restrictions. If the invoked
155 process is a shell script that uses the echo "hello" > /dev/stderr
156 construct for writing messages to stderr, this might cause
157 problems, as this only works if stderr can be re-opened. To
158 mitigate this use the construct echo "hello" >&2 instead, which is
159 mostly equivalent and avoids this pitfall.
160
161 --shell, -S
162 A shortcut for "--pty --same-dir --wait --collect
163 --service-type=exec $SHELL", i.e. requests an interactive shell in
164 the current working directory, running in service context,
165 accessible with a single switch.
166
167 --quiet, -q
168 Suppresses additional informational output while running. This is
169 particularly useful in combination with --pty when it will suppress
170 the initial message explaining how to terminate the TTY connection.
171
172 --on-active=, --on-boot=, --on-startup=, --on-unit-active=,
173 --on-unit-inactive=
174 Defines a monotonic timer relative to different starting points for
175 starting the specified command. See OnActiveSec=, OnBootSec=,
176 OnStartupSec=, OnUnitActiveSec= and OnUnitInactiveSec= in
177 systemd.timer(5) for details. These options are shortcuts for
178 --timer-property= with the relevant properties. These options may
179 not be combined with --scope or --pty.
180
181 --on-calendar=
182 Defines a calendar timer for starting the specified command. See
183 OnCalendar= in systemd.timer(5). This option is a shortcut for
184 --timer-property=OnCalendar=. This option may not be combined with
185 --scope or --pty.
186
187 --path-property=, --socket-property=, --timer-property=
188 Sets a property on the path, socket, or timer unit that is created.
189 This option is similar to --property= but applies to the transient
190 path, socket, or timer unit rather than the transient service unit
191 created. This option takes an assignment in the same format as
192 systemctl(1)'s set-property command. These options may not be
193 combined with --scope or --pty.
194
195 --no-block
196 Do not synchronously wait for the unit start operation to finish.
197 If this option is not specified, the start request for the
198 transient unit will be verified, enqueued and systemd-run will wait
199 until the unit's start-up is completed. By passing this argument,
200 it is only verified and enqueued. This option may not be combined
201 with --wait.
202
203 --wait
204 Synchronously wait for the transient service to terminate. If this
205 option is specified, the start request for the transient unit is
206 verified, enqueued, and waited for. Subsequently the invoked unit
207 is monitored, and it is waited until it is deactivated again (most
208 likely because the specified command completed). On exit, terse
209 information about the unit's runtime is shown, including total
210 runtime (as well as CPU usage, if --property=CPUAccounting=1 was
211 set) and the exit code and status of the main process. This output
212 may be suppressed with --quiet. This option may not be combined
213 with --no-block, --scope or the various path, socket, or timer
214 options.
215
216 -G, --collect
217 Unload the transient unit after it completed, even if it failed.
218 Normally, without this option, all units that ran and failed are
219 kept in memory until the user explicitly resets their failure state
220 with systemctl reset-failed or an equivalent command. On the other
221 hand, units that ran successfully are unloaded immediately. If this
222 option is turned on the "garbage collection" of units is more
223 aggressive, and unloads units regardless if they exited
224 successfully or failed. This option is a shortcut for
225 --property=CollectMode=inactive-or-failed, see the explanation for
226 CollectMode= in systemd.unit(5) for further information.
227
228 --user
229 Talk to the service manager of the calling user, rather than the
230 service manager of the system.
231
232 --system
233 Talk to the service manager of the system. This is the implied
234 default.
235
236 -H, --host=
237 Execute the operation remotely. Specify a hostname, or a username
238 and hostname separated by "@", to connect to. The hostname may
239 optionally be suffixed by a port ssh is listening on, seperated by
240 ":", and then a container name, separated by "/", which connects
241 directly to a specific container on the specified host. This will
242 use SSH to talk to the remote machine manager instance. Container
243 names may be enumerated with machinectl -H HOST. Put IPv6 addresses
244 in brackets.
245
246 -M, --machine=
247 Execute operation on a local container. Specify a container name to
248 connect to.
249
250 -h, --help
251 Print a short help text and exit.
252
253 --version
254 Print a short version string and exit.
255
256 All command line arguments after the first non-option argument become
257 part of the command line of the launched process. If a command is run
258 as service unit, the first argument needs to be an absolute program
259 path.
260
262 On success, 0 is returned, a non-zero failure code otherwise.
263
265 Example 1. Logging environment variables provided by systemd to
266 services
267
268 # systemd-run env
269 Running as unit: run-19945.service
270 # journalctl -u run-19945.service
271 Sep 08 07:37:21 bupkis systemd[1]: Starting /usr/bin/env...
272 Sep 08 07:37:21 bupkis systemd[1]: Started /usr/bin/env.
273 Sep 08 07:37:21 bupkis env[19948]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
274 Sep 08 07:37:21 bupkis env[19948]: LANG=en_US.UTF-8
275 Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.x86_64
276
277 Example 2. Limiting resources available to a command
278
279 # systemd-run -p BlockIOWeight=10 updatedb
280
281 This command invokes the updatedb(8) tool, but lowers the block I/O
282 weight for it to 10. See systemd.resource-control(5) for more
283 information on the BlockIOWeight= property.
284
285 Example 3. Running commands at a specified time
286
287 The following command will touch a file after 30 seconds.
288
289 # date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo
290 Mon Dec 8 20:44:24 KST 2014
291 Running as unit: run-71.timer
292 Will run service as unit: run-71.service
293 # journalctl -b -u run-71.timer
294 -- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
295 Dec 08 20:44:38 container systemd[1]: Starting /bin/touch /tmp/foo.
296 Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo.
297 # journalctl -b -u run-71.service
298 -- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. --
299 Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo...
300 Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.
301
302 Example 4. Allowing access to the tty
303
304 The following command invokes /bin/bash as a service passing its
305 standard input, output and error to the calling TTY.
306
307 # systemd-run -t --send-sighup /bin/bash
308
309 Example 5. Start screen as a user service
310
311 $ systemd-run --scope --user screen
312 Running scope as unit run-r14b0047ab6df45bfb45e7786cc839e76.scope.
313
314 $ screen -ls
315 There is a screen on:
316 492..laptop (Detached)
317 1 Socket in /var/run/screen/S-fatima.
318
319 This starts the screen process as a child of the systemd --user process
320 that was started by user@.service, in a scope unit. A systemd.scope(5)
321 unit is used instead of a systemd.service(5) unit, because screen will
322 exit when detaching from the terminal, and a service unit would be
323 terminated. Running screen as a user unit has the advantage that it is
324 not part of the session scope. If KillUserProcesses=yes is configured
325 in logind.conf(5), the default, the session scope will be terminated
326 when the user logs out of that session.
327
328 The user@.service is started automatically when the user first logs in,
329 and stays around as long as at least one login session is open. After
330 the user logs out of the last session, user@.service and all services
331 underneath it are terminated. This behavior is the default, when
332 "lingering" is not enabled for that user. Enabling lingering means that
333 user@.service is started automatically during boot, even if the user is
334 not logged in, and that the service is not terminated when the user
335 logs out.
336
337 Enabling lingering allows the user to run processes without being
338 logged in, for example to allow screen to persist after the user logs
339 out, even if the session scope is terminated. In the default
340 configuration, users can enable lingering for themselves:
341
342 $ loginctl enable-linger
343
345 systemd(1), systemctl(1), systemd.unit(5), systemd.service(5),
346 systemd.scope(5), systemd.slice(5), systemd.exec(5), systemd.resource-
347 control(5), systemd.timer(5), systemd-mount(1), machinectl(1)
348
349
350
351systemd 241 SYSTEMD-RUN(1)