1SYSTEMD-ANALYZE(1)              systemd-analyze             SYSTEMD-ANALYZE(1)
2
3
4

NAME

6       systemd-analyze - Analyze and debug system manager
7

SYNOPSIS

9       systemd-analyze [OPTIONS...] [time]
10
11       systemd-analyze [OPTIONS...] blame
12
13       systemd-analyze [OPTIONS...] critical-chain [UNIT...]
14
15       systemd-analyze [OPTIONS...] dump
16
17       systemd-analyze [OPTIONS...] plot [>file.svg]
18
19       systemd-analyze [OPTIONS...] dot [PATTERN...] [>file.dot]
20
21       systemd-analyze [OPTIONS...] unit-paths
22
23       systemd-analyze [OPTIONS...] exit-status [STATUS...]
24
25       systemd-analyze [OPTIONS...] capability [CAPABILITY...]
26
27       systemd-analyze [OPTIONS...] condition CONDITION...
28
29       systemd-analyze [OPTIONS...] syscall-filter [SET...]
30
31       systemd-analyze [OPTIONS...] calendar SPEC...
32
33       systemd-analyze [OPTIONS...] timestamp TIMESTAMP...
34
35       systemd-analyze [OPTIONS...] timespan SPAN...
36
37       systemd-analyze [OPTIONS...] cat-config NAME|PATH...
38
39       systemd-analyze [OPTIONS...] verify [FILE...]
40
41       systemd-analyze [OPTIONS...] security UNIT...
42

DESCRIPTION

44       systemd-analyze may be used to determine system boot-up performance
45       statistics and retrieve other state and tracing information from the
46       system and service manager, and to verify the correctness of unit
47       files. It is also used to access special functions useful for advanced
48       system manager debugging.
49
50       If no command is passed, systemd-analyze time is implied.
51
52   systemd-analyze time
53       This command prints the time spent in the kernel before userspace has
54       been reached, the time spent in the initial RAM disk (initrd) before
55       normal system userspace has been reached, and the time normal system
56       userspace took to initialize. Note that these measurements simply
57       measure the time passed up to the point where all system services have
58       been spawned, but not necessarily until they fully finished
59       initialization or the disk is idle.
60
61       Example 1. Show how long the boot took
62
63           # in a container
64           $ systemd-analyze time
65           Startup finished in 296ms (userspace)
66           multi-user.target reached after 275ms in userspace
67
68           # on a real machine
69           $ systemd-analyze time
70           Startup finished in 2.584s (kernel) + 19.176s (initrd) + 47.847s (userspace) = 1min 9.608s
71           multi-user.target reached after 47.820s in userspace
72
73   systemd-analyze blame
74       This command prints a list of all running units, ordered by the time
75       they took to initialize. This information may be used to optimize
76       boot-up times. Note that the output might be misleading as the
77       initialization of one service might be slow simply because it waits for
78       the initialization of another service to complete. Also note:
79       systemd-analyze blame doesn't display results for services with
80       Type=simple, because systemd considers such services to be started
81       immediately, hence no measurement of the initialization delays can be
82       done. Also note that this command only shows the time units took for
83       starting up, it does not show how long unit jobs spent in the execution
84       queue. In particular it shows the time units spent in "activating"
85       state, which is not defined for units such as device units that
86       transition directly from "inactive" to "active". This command hence
87       gives an impression of the performance of program code, but cannot
88       accurately reflect latency introduced by waiting for hardware and
89       similar events.
90
91       Example 2. Show which units took the most time during boot
92
93           $ systemd-analyze blame
94                    32.875s pmlogger.service
95                    20.905s systemd-networkd-wait-online.service
96                    13.299s dev-vda1.device
97                    ...
98                       23ms sysroot.mount
99                       11ms initrd-udevadm-cleanup-db.service
100                        3ms sys-kernel-config.mount
101
102
103   systemd-analyze critical-chain [UNIT...]
104       This command prints a tree of the time-critical chain of units (for
105       each of the specified UNITs or for the default target otherwise). The
106       time after the unit is active or started is printed after the "@"
107       character. The time the unit takes to start is printed after the "+"
108       character. Note that the output might be misleading as the
109       initialization of services might depend on socket activation and
110       because of the parallel execution of units. Also, similar to the blame
111       command, this only takes into account the time units spent in
112       "activating" state, and hence does not cover units that never went
113       through an "activating" state (such as device units that transition
114       directly from "inactive" to "active"). Moreover it does not show
115       information on jobs (and in particular not jobs that timed out).
116
117       Example 3. systemd-analyze critical-chain
118
119           $ systemd-analyze critical-chain
120           multi-user.target @47.820s
121           └─pmie.service @35.968s +548ms
122             └─pmcd.service @33.715s +2.247s
123               └─network-online.target @33.712s
124                 └─systemd-networkd-wait-online.service @12.804s +20.905s
125                   └─systemd-networkd.service @11.109s +1.690s
126                     └─systemd-udevd.service @9.201s +1.904s
127                       └─systemd-tmpfiles-setup-dev.service @7.306s +1.776s
128                         └─kmod-static-nodes.service @6.976s +177ms
129                           └─systemd-journald.socket
130                             └─system.slice
131                               └─-.slice
132
133   systemd-analyze dump
134       This command outputs a (usually very long) human-readable serialization
135       of the complete server state. Its format is subject to change without
136       notice and should not be parsed by applications.
137
138       Example 4. Show the internal state of user manager
139
140           $ systemd-analyze --user dump
141           Timestamp userspace: Thu 2019-03-14 23:28:07 CET
142           Timestamp finish: Thu 2019-03-14 23:28:07 CET
143           Timestamp generators-start: Thu 2019-03-14 23:28:07 CET
144           Timestamp generators-finish: Thu 2019-03-14 23:28:07 CET
145           Timestamp units-load-start: Thu 2019-03-14 23:28:07 CET
146           Timestamp units-load-finish: Thu 2019-03-14 23:28:07 CET
147           -> Unit proc-timer_list.mount:
148                   Description: /proc/timer_list
149                   ...
150           -> Unit default.target:
151                   Description: Main user target
152           ...
153
154   systemd-analyze plot
155       This command prints an SVG graphic detailing which system services have
156       been started at what time, highlighting the time they spent on
157       initialization.
158
159       Example 5. Plot a bootchart
160
161           $ systemd-analyze plot >bootup.svg
162           $ eog bootup.svg&
163
164   systemd-analyze dot [pattern...]
165       This command generates textual dependency graph description in dot
166       format for further processing with the GraphViz dot(1) tool. Use a
167       command line like systemd-analyze dot | dot -Tsvg >systemd.svg to
168       generate a graphical dependency tree. Unless --order or --require is
169       passed, the generated graph will show both ordering and requirement
170       dependencies. Optional pattern globbing style specifications (e.g.
171       *.target) may be given at the end. A unit dependency is included in the
172       graph if any of these patterns match either the origin or destination
173       node.
174
175       Example 6. Plot all dependencies of any unit whose name starts with
176       "avahi-daemon"
177
178           $ systemd-analyze dot 'avahi-daemon.*' | dot -Tsvg >avahi.svg
179           $ eog avahi.svg
180
181       Example 7. Plot the dependencies between all known target units
182
183           $ systemd-analyze dot --to-pattern='*.target' --from-pattern='*.target' \
184                 | dot -Tsvg >targets.svg
185           $ eog targets.svg
186
187   systemd-analyze unit-paths
188       This command outputs a list of all directories from which unit files,
189       .d overrides, and .wants, .requires symlinks may be loaded. Combine
190       with --user to retrieve the list for the user manager instance, and
191       --global for the global configuration of user manager instances.
192
193       Example 8. Show all paths for generated units
194
195           $ systemd-analyze unit-paths | grep '^/run'
196           /run/systemd/system.control
197           /run/systemd/transient
198           /run/systemd/generator.early
199           /run/systemd/system
200           /run/systemd/system.attached
201           /run/systemd/generator
202           /run/systemd/generator.late
203
204       Note that this verb prints the list that is compiled into
205       systemd-analyze itself, and does not communicate with the running
206       manager. Use
207
208           systemctl [--user] [--global] show -p UnitPath --value
209
210       to retrieve the actual list that the manager uses, with any empty
211       directories omitted.
212
213   systemd-analyze exit-status [STATUS...]
214       This command prints a list of exit statuses along with their "class",
215       i.e. the source of the definition (one of "glibc", "systemd", "LSB", or
216       "BSD"), see the Process Exit Codes section in systemd.exec(5). If no
217       additional arguments are specified, all known statuses are shown.
218       Otherwise, only the definitions for the specified codes are shown.
219
220       Example 9. Show some example exit status names
221
222           $ systemd-analyze exit-status 0 1 {63..65}
223           NAME    STATUS CLASS
224           SUCCESS 0      glibc
225           FAILURE 1      glibc
226           -       63     -
227           USAGE   64     BSD
228           DATAERR 65     BSD
229
230   systemd-analyze capability [CAPABILITY...]
231       This command prints a list of Linux capabilities along with their
232       numeric IDs. See capabilities(7) for details. If no argument is
233       specified the full list of capabilities known to the service manager
234       and the kernel is shown. Capabilities defined by the kernel but not
235       known to the service manager are shown as "cap_???". Optionally, if
236       arguments are specified they may refer to specific cabilities by name
237       or numeric ID, in which case only the indicated capabilities are shown
238       in the table.
239
240       Example 10. Show some example capability names
241
242           $ systemd-analyze capability 0 1 {30..32}
243           NAME              NUMBER
244           cap_chown              0
245           cap_dac_override       1
246           cap_audit_control     30
247           cap_setfcap           31
248           cap_mac_override      32
249
250   systemd-analyze condition CONDITION...
251       This command will evaluate Condition*=...  and Assert*=...
252       assignments, and print their values, and the resulting value of the
253       combined condition set. See systemd.unit(5) for a list of available
254       conditions and asserts.
255
256       Example 11. Evaluate conditions that check kernel versions
257
258           $ systemd-analyze condition 'ConditionKernelVersion = ! <4.0' \
259                   'ConditionKernelVersion = >=5.1' \
260                   'ConditionACPower=|false' \
261                   'ConditionArchitecture=|!arm' \
262                   'AssertPathExists=/etc/os-release'
263           test.service: AssertPathExists=/etc/os-release succeeded.
264           Asserts succeeded.
265           test.service: ConditionArchitecture=|!arm succeeded.
266           test.service: ConditionACPower=|false failed.
267           test.service: ConditionKernelVersion=>=5.1 succeeded.
268           test.service: ConditionKernelVersion=!<4.0 succeeded.
269           Conditions succeeded.
270
271   systemd-analyze syscall-filter [SET...]
272       This command will list system calls contained in the specified system
273       call set SET, or all known sets if no sets are specified. Argument SET
274       must include the "@" prefix.
275
276   systemd-analyze calendar EXPRESSION...
277       This command will parse and normalize repetitive calendar time events,
278       and will calculate when they elapse next. This takes the same input as
279       the OnCalendar= setting in systemd.timer(5), following the syntax
280       described in systemd.time(7). By default, only the next time the
281       calendar expression will elapse is shown; use --iterations= to show the
282       specified number of next times the expression elapses. Each time the
283       expression elapses forms a timestamp, see the timestamp verb below.
284
285       Example 12. Show leap days in the near future
286
287           $ systemd-analyze calendar --iterations=5 '*-2-29 0:0:0'
288             Original form: *-2-29 0:0:0
289           Normalized form: *-02-29 00:00:00
290               Next elapse: Sat 2020-02-29 00:00:00 UTC
291                  From now: 11 months 15 days left
292                  Iter. #2: Thu 2024-02-29 00:00:00 UTC
293                  From now: 4 years 11 months left
294                  Iter. #3: Tue 2028-02-29 00:00:00 UTC
295                  From now: 8 years 11 months left
296                  Iter. #4: Sun 2032-02-29 00:00:00 UTC
297                  From now: 12 years 11 months left
298                  Iter. #5: Fri 2036-02-29 00:00:00 UTC
299                  From now: 16 years 11 months left
300
301   systemd-analyze timestamp TIMESTAMP...
302       This command parses a timestamp (i.e. a single point in time) and
303       outputs the normalized form and the difference between this timestamp
304       and now. The timestamp should adhere to the syntax documented in
305       systemd.time(7), section "PARSING TIMESTAMPS".
306
307       Example 13. Show parsing of timestamps
308
309           $ systemd-analyze timestamp yesterday now tomorrow
310             Original form: yesterday
311           Normalized form: Mon 2019-05-20 00:00:00 CEST
312                  (in UTC): Sun 2019-05-19 22:00:00 UTC
313              UNIX seconds: @15583032000
314                  From now: 1 day 9h ago
315
316             Original form: now
317           Normalized form: Tue 2019-05-21 09:48:39 CEST
318                  (in UTC): Tue 2019-05-21 07:48:39 UTC
319              UNIX seconds: @1558424919.659757
320                  From now: 43us ago
321
322             Original form: tomorrow
323           Normalized form: Wed 2019-05-22 00:00:00 CEST
324                  (in UTC): Tue 2019-05-21 22:00:00 UTC
325              UNIX seconds: @15584760000
326                  From now: 14h left
327
328   systemd-analyze timespan EXPRESSION...
329       This command parses a time span (i.e. a difference between two
330       timestamps) and outputs the normalized form and the equivalent value in
331       microseconds. The time span should adhere to the syntax documented in
332       systemd.time(7), section "PARSING TIME SPANS". Values without units are
333       parsed as seconds.
334
335       Example 14. Show parsing of timespans
336
337           $ systemd-analyze timespan 1s 300s '1year 0.000001s'
338           Original: 1s
339                 μs: 1000000
340              Human: 1s
341
342           Original: 300s
343                 μs: 300000000
344              Human: 5min
345
346           Original: 1year 0.000001s
347                 μs: 31557600000001
348              Human: 1y 1us
349
350   systemd-analyze cat-config NAME|PATH...
351       This command is similar to systemctl cat, but operates on config files.
352       It will copy the contents of a config file and any drop-ins to standard
353       output, using the usual systemd set of directories and rules for
354       precedence. Each argument must be either an absolute path including the
355       prefix (such as /etc/systemd/logind.conf or
356       /usr/lib/systemd/logind.conf), or a name relative to the prefix (such
357       as systemd/logind.conf).
358
359       Example 15. Showing logind configuration
360
361           $ systemd-analyze cat-config systemd/logind.conf
362           # /etc/systemd/logind.conf
363           ...
364           [Login]
365           NAutoVTs=8
366           ...
367
368           # /usr/lib/systemd/logind.conf.d/20-test.conf
369           ... some override from another package
370
371           # /etc/systemd/logind.conf.d/50-override.conf
372           ... some administrator override
373
374
375   systemd-analyze verify FILE...
376       This command will load unit files and print warnings if any errors are
377       detected. Files specified on the command line will be loaded, but also
378       any other units referenced by them. The full unit search path is formed
379       by combining the directories for all command line arguments, and the
380       usual unit load paths. The variable $SYSTEMD_UNIT_PATH is supported,
381       and may be used to replace or augment the compiled in set of unit load
382       paths; see systemd.unit(5). All units files present in the directories
383       containing the command line arguments will be used in preference to the
384       other paths.
385
386       The following errors are currently detected:
387
388       •   unknown sections and directives,
389
390       •   missing dependencies which are required to start the given unit,
391
392       •   man pages listed in Documentation= which are not found in the
393           system,
394
395       •   commands listed in ExecStart= and similar which are not found in
396           the system or not executable.
397
398       Example 16. Misspelt directives
399
400           $ cat ./user.slice
401           [Unit]
402           WhatIsThis=11
403           Documentation=man:nosuchfile(1)
404           Requires=different.service
405
406           [Service]
407           Description=x
408
409           $ systemd-analyze verify ./user.slice
410           [./user.slice:9] Unknown lvalue 'WhatIsThis' in section 'Unit'
411           [./user.slice:13] Unknown section 'Service'. Ignoring.
412           Error: org.freedesktop.systemd1.LoadFailed:
413              Unit different.service failed to load:
414              No such file or directory.
415           Failed to create user.slice/start: Invalid argument
416           user.slice: man nosuchfile(1) command failed with code 16
417
418
419       Example 17. Missing service units
420
421           $ tail ./a.socket ./b.socket
422           ==> ./a.socket <==
423           [Socket]
424           ListenStream=100
425
426           ==> ./b.socket <==
427           [Socket]
428           ListenStream=100
429           Accept=yes
430
431           $ systemd-analyze verify ./a.socket ./b.socket
432           Service a.service not loaded, a.socket cannot be started.
433           Service b@0.service not loaded, b.socket cannot be started.
434
435
436   systemd-analyze security [UNIT...]
437       This command analyzes the security and sandboxing settings of one or
438       more specified service units. If at least one unit name is specified
439       the security settings of the specified service units are inspected and
440       a detailed analysis is shown. If no unit name is specified, all
441       currently loaded, long-running service units are inspected and a terse
442       table with results shown. The command checks for various
443       security-related service settings, assigning each a numeric "exposure
444       level" value, depending on how important a setting is. It then
445       calculates an overall exposure level for the whole unit, which is an
446       estimation in the range 0.0...10.0 indicating how exposed a service is
447       security-wise. High exposure levels indicate very little applied
448       sandboxing. Low exposure levels indicate tight sandboxing and strongest
449       security restrictions. Note that this only analyzes the per-service
450       security features systemd itself implements. This means that any
451       additional security mechanisms applied by the service code itself are
452       not accounted for. The exposure level determined this way should not be
453       misunderstood: a high exposure level neither means that there is no
454       effective sandboxing applied by the service code itself, nor that the
455       service is actually vulnerable to remote or local attacks. High
456       exposure levels do indicate however that most likely the service might
457       benefit from additional settings applied to them.
458
459       Please note that many of the security and sandboxing settings
460       individually can be circumvented — unless combined with others. For
461       example, if a service retains the privilege to establish or undo mount
462       points many of the sandboxing options can be undone by the service code
463       itself. Due to that is essential that each service uses the most
464       comprehensive and strict sandboxing and security settings possible. The
465       tool will take into account some of these combinations and
466       relationships between the settings, but not all. Also note that the
467       security and sandboxing settings analyzed here only apply to the
468       operations executed by the service code itself. If a service has access
469       to an IPC system (such as D-Bus) it might request operations from other
470       services that are not subject to the same restrictions. Any
471       comprehensive security and sandboxing analysis is hence incomplete if
472       the IPC access policy is not validated too.
473
474       Example 18. Analyze systemd-logind.service
475
476           $ systemd-analyze security --no-pager systemd-logind.service
477             NAME                DESCRIPTION                              EXPOSURE
478           ✗ PrivateNetwork=     Service has access to the host's network      0.5
479           ✗ User=/DynamicUser=  Service runs as root user                     0.4
480           ✗ DeviceAllow=        Service has no device ACL                     0.2
481           ✓ IPAddressDeny=      Service blocks all IP address ranges
482           ...
483           → Overall exposure level for systemd-logind.service: 4.1 OK 🙂
484

OPTIONS

486       The following options are understood:
487
488       --system
489           Operates on the system systemd instance. This is the implied
490           default.
491
492       --user
493           Operates on the user systemd instance.
494
495       --global
496           Operates on the system-wide configuration for user systemd
497           instance.
498
499       --order, --require
500           When used in conjunction with the dot command (see above), selects
501           which dependencies are shown in the dependency graph. If --order is
502           passed, only dependencies of type After= or Before= are shown. If
503           --require is passed, only dependencies of type Requires=,
504           Requisite=, Wants= and Conflicts= are shown. If neither is passed,
505           this shows dependencies of all these types.
506
507       --from-pattern=, --to-pattern=
508           When used in conjunction with the dot command (see above), this
509           selects which relationships are shown in the dependency graph. Both
510           options require a glob(7) pattern as an argument, which will be
511           matched against the left-hand and the right-hand, respectively,
512           nodes of a relationship.
513
514           Each of these can be used more than once, in which case the unit
515           name must match one of the values. When tests for both sides of the
516           relation are present, a relation must pass both tests to be shown.
517           When patterns are also specified as positional arguments, they must
518           match at least one side of the relation. In other words, patterns
519           specified with those two options will trim the list of edges
520           matched by the positional arguments, if any are given, and fully
521           determine the list of edges shown otherwise.
522
523       --fuzz=timespan
524           When used in conjunction with the critical-chain command (see
525           above), also show units, which finished timespan earlier, than the
526           latest unit in the same level. The unit of timespan is seconds
527           unless specified with a different unit, e.g. "50ms".
528
529       --man=no
530           Do not invoke man(1) to verify the existence of man pages listed in
531           Documentation=.
532
533       --generators
534           Invoke unit generators, see systemd.generator(7). Some generators
535           require root privileges. Under a normal user, running with
536           generators enabled will generally result in some warnings.
537
538       --root=PATH
539           With cat-files, show config files underneath the specified root
540           path PATH.
541
542       --iterations=NUMBER
543           When used with the calendar command, show the specified number of
544           iterations the specified calendar expression will elapse next.
545           Defaults to 1.
546
547       --base-time=TIMESTAMP
548           When used with the calendar command, show next iterations relative
549           to the specified point in time. If not specified defaults to the
550           current time.
551
552       -H, --host=
553           Execute the operation remotely. Specify a hostname, or a username
554           and hostname separated by "@", to connect to. The hostname may
555           optionally be suffixed by a port ssh is listening on, separated by
556           ":", and then a container name, separated by "/", which connects
557           directly to a specific container on the specified host. This will
558           use SSH to talk to the remote machine manager instance. Container
559           names may be enumerated with machinectl -H HOST. Put IPv6 addresses
560           in brackets.
561
562       -M, --machine=
563           Execute operation on a local container. Specify a container name to
564           connect to, optionally prefixed by a user name to connect as and a
565           separating "@" character. If the special string ".host" is used in
566           place of the container name, a connection to the local system is
567           made (which is useful to connect to a specific user's user bus:
568           "--user --machine=lennart@.host"). If the "@" syntax is not used,
569           the connection is made as root user. If the "@" syntax is used
570           either the left hand side or the right hand side may be omitted
571           (but not both) in which case the local user name and ".host" are
572           implied.
573
574       -h, --help
575           Print a short help text and exit.
576
577       --version
578           Print a short version string and exit.
579
580       --no-pager
581           Do not pipe output into a pager.
582

EXIT STATUS

584       On success, 0 is returned, a non-zero failure code otherwise.
585

ENVIRONMENT

587       $SYSTEMD_LOG_LEVEL
588           The maximum log level of emitted messages (messages with a higher
589           log level, i.e. less important ones, will be suppressed). Either
590           one of (in order of decreasing importance) emerg, alert, crit, err,
591           warning, notice, info, debug, or an integer in the range 0...7. See
592           syslog(3) for more information.
593
594       $SYSTEMD_LOG_COLOR
595           A boolean. If true, messages written to the tty will be colored
596           according to priority.
597
598           This setting is only useful when messages are written directly to
599           the terminal, because journalctl(1) and other tools that display
600           logs will color messages based on the log level on their own.
601
602       $SYSTEMD_LOG_TIME
603           A boolean. If true, log messages will be prefixed with a timestamp.
604
605           This setting is only useful when messages are written directly to
606           the terminal or a file, because journalctl(1) and other tools that
607           display logs will attach timestamps based on the entry metadata on
608           their own.
609
610       $SYSTEMD_LOG_LOCATION
611           A boolean. If true, messages will be prefixed with a filename and
612           line number in the source code where the message originates.
613
614           Note that the log location is often attached as metadata to journal
615           entries anyway. Including it directly in the message text can
616           nevertheless be convenient when debugging programs.
617
618       $SYSTEMD_LOG_TID
619           A boolean. If true, messages will be prefixed with the current
620           numerical thread ID (TID).
621
622           Note that the this information is attached as metadata to journal
623           entries anyway. Including it directly in the message text can
624           nevertheless be convenient when debugging programs.
625
626       $SYSTEMD_LOG_TARGET
627           The destination for log messages. One of console (log to the
628           attached tty), console-prefixed (log to the attached tty but with
629           prefixes encoding the log level and "facility", see syslog(3), kmsg
630           (log to the kernel circular log buffer), journal (log to the
631           journal), journal-or-kmsg (log to the journal if available, and to
632           kmsg otherwise), auto (determine the appropriate log target
633           automatically, the default), null (disable log output).
634
635       $SYSTEMD_PAGER
636           Pager to use when --no-pager is not given; overrides $PAGER. If
637           neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known
638           pager implementations are tried in turn, including less(1) and
639           more(1), until one is found. If no pager implementation is
640           discovered no pager is invoked. Setting this environment variable
641           to an empty string or the value "cat" is equivalent to passing
642           --no-pager.
643
644       $SYSTEMD_LESS
645           Override the options passed to less (by default "FRSXMK").
646
647           Users might want to change two options in particular:
648
649           K
650               This option instructs the pager to exit immediately when Ctrl+C
651               is pressed. To allow less to handle Ctrl+C itself to switch
652               back to the pager command prompt, unset this option.
653
654               If the value of $SYSTEMD_LESS does not include "K", and the
655               pager that is invoked is less, Ctrl+C will be ignored by the
656               executable, and needs to be handled by the pager.
657
658           X
659               This option instructs the pager to not send termcap
660               initialization and deinitialization strings to the terminal. It
661               is set by default to allow command output to remain visible in
662               the terminal even after the pager exits. Nevertheless, this
663               prevents some pager functionality from working, in particular
664               paged output cannot be scrolled with the mouse.
665
666           See less(1) for more discussion.
667
668       $SYSTEMD_LESSCHARSET
669           Override the charset passed to less (by default "utf-8", if the
670           invoking terminal is determined to be UTF-8 compatible).
671
672       $SYSTEMD_PAGERSECURE
673           Takes a boolean argument. When true, the "secure" mode of the pager
674           is enabled; if false, disabled. If $SYSTEMD_PAGERSECURE is not set
675           at all, secure mode is enabled if the effective UID is not the same
676           as the owner of the login session, see geteuid(2) and
677           sd_pid_get_owner_uid(3). In secure mode, LESSSECURE=1 will be set
678           when invoking the pager, and the pager shall disable commands that
679           open or create new files or start new subprocesses. When
680           $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known
681           to implement secure mode will not be used. (Currently only less(1)
682           implements secure mode.)
683
684           Note: when commands are invoked with elevated privileges, for
685           example under sudo(8) or pkexec(1), care must be taken to ensure
686           that unintended interactive features are not enabled. "Secure" mode
687           for the pager may be enabled automatically as describe above.
688           Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited
689           environment allows the user to invoke arbitrary commands. Note that
690           if the $SYSTEMD_PAGER or $PAGER variables are to be honoured,
691           $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to
692           completely disable the pager using --no-pager instead.
693
694       $SYSTEMD_COLORS
695           Takes a boolean argument. When true, systemd and related utilities
696           will use colors in their output, otherwise the output will be
697           monochrome. Additionally, the variable can take one of the
698           following special values: "16", "256" to restrict the use of colors
699           to the base 16 or 256 ANSI colors, respectively. This can be
700           specified to override the automatic decision based on $TERM and
701           what the console is connected to.
702
703       $SYSTEMD_URLIFY
704           The value must be a boolean. Controls whether clickable links
705           should be generated in the output for terminal emulators supporting
706           this. This can be specified to override the decision that systemd
707           makes based on $TERM and other conditions.
708

SEE ALSO

710       systemd(1), systemctl(1)
711
712
713
714systemd 248                                                 SYSTEMD-ANALYZE(1)
Impressum