1SYSTEMD-RUN(1) systemd-run SYSTEMD-RUN(1)
2
6 systemd-run - Run programs in transient scope units, service units, or
7 path-, socket-, or timer-triggered service units
8
10 systemd-run [OPTIONS...] COMMAND [ARGS...]
11 systemd-run [OPTIONS...] [PATH OPTIONS...] {COMMAND} [ARGS...]
13 systemd-run [OPTIONS...] [SOCKET OPTIONS...] {COMMAND} [ARGS...]
15 systemd-run [OPTIONS...] [TIMER OPTIONS...] {COMMAND} [ARGS...]
17
19 systemd-run may be used to create and start a transient .service or
20 .scope unit and run the specified COMMAND in it. It may also be used to
21 create and start a transient .path, .socket, or .timer unit, that
22 activates a .service unit when elapsing.
23 If a command is run as transient service unit, it will be started and
25 managed by the service manager like any other service, and thus shows
26 up in the output of systemctl list-units like any other unit. It will
27 run in a clean and detached execution environment, with the service
28 manager as its parent process. In this mode, systemd-run will start the
29 service asynchronously in the background and return after the command
30 has begun execution (unless --no-block or --wait are specified, see
31 below).
32 If a command is run as transient scope unit, it will be executed by
34 systemd-run itself as parent process and will thus inherit the
35 execution environment of the caller. However, the processes of the
36 command are managed by the service manager similarly to normal
37 services, and will show up in the output of systemctl list-units.
38 Execution in this case is synchronous, and will return only when the
39 command finishes. This mode is enabled via the --scope switch (see
40 below).
41 If a command is run with path, socket, or timer options such as
43 --on-calendar= (see below), a transient path, socket, or timer unit is
44 created alongside the service unit for the specified command. Only the
45 transient path, socket, or timer unit is started immediately, the
46 transient service unit will be triggered by the path, socket, or timer
47 unit. If the --unit= option is specified, the COMMAND may be omitted.
48 In this case, systemd-run creates only a .path, .socket, or .timer unit
49 that triggers the specified unit.
50 By default, services created with systemd-run default to the simple
52 type, see the description of Type= in systemd.service(5) for details.
53 Note that when this type is used, the service manager (and thus the
54 systemd-run command) considers service start-up successful as soon as
55 the fork() for the main service process succeeded, i.e. before the
56 execve() is invoked, and thus even if the specified command cannot be
57 started. Consider using the exec service type (i.e.
58 --property=Type=exec) to ensure that systemd-run returns successfully
59 only if the specified command line has been successfully started.
60
62 The following options are understood:
63 --no-ask-password
65 Do not query the user for authentication for privileged operations.
66 --scope
68 Create a transient .scope unit instead of the default transient
69 .service unit (see above).
70 --unit=, -u
72 Use this unit name instead of an automatically generated one.
73 --property=, -p
75 Sets a property on the scope or service unit that is created. This
76 option takes an assignment in the same format as systemctl(1)'s
77 set-property command.
78 --description=
80 Provide a description for the service, scope, path, socket, or
81 timer unit. If not specified, the command itself will be used as a
82 description. See Description= in systemd.unit(5).
83 --slice=
85 Make the new .service or .scope unit part of the specified slice,
86 instead of system.slice (when running in --system mode) or the root
87 slice (when running in --user mode).
88 --slice-inherit
90 Make the new .service or .scope unit part of the inherited slice.
91 This option can be combined with --slice=.
92 An inherited slice is located within systemd-run slice. Example: if
94 systemd-run slice is foo.slice, and the --slice= argument is bar,
95 the unit will be placed under the foo-bar.slice.
96 -r, --remain-after-exit
98 After the service process has terminated, keep the service around
99 until it is explicitly stopped. This is useful to collect runtime
100 information about the service after it finished running. Also see
101 RemainAfterExit= in systemd.service(5).
102 --send-sighup
104 When terminating the scope or service unit, send a SIGHUP
105 immediately after SIGTERM. This is useful to indicate to shells and
106 shell-like processes that the connection has been severed. Also see
107 SendSIGHUP= in systemd.kill(5).
108 --service-type=
110 Sets the service type. Also see Type= in systemd.service(5). This
111 option has no effect in conjunction with --scope. Defaults to
112 simple.
113 --uid=, --gid=
115 Runs the service process under the specified UNIX user and group.
116 Also see User= and Group= in systemd.exec(5).
117 --nice=
119 Runs the service process with the specified nice level. Also see
120 Nice= in systemd.exec(5).
121 --working-directory=
123 Runs the service process with the specified working directory. Also
124 see WorkingDirectory= in systemd.exec(5).
125 --same-dir, -d
127 Similar to --working-directory=, but uses the current working
128 directory of the caller for the service to execute.
129 -E NAME[=VALUE], --setenv=NAME[=VALUE]
131 Runs the service process with the specified environment variable
132 set. This parameter may be used more than once to set multiple
133 variables. When "=" and VALUE are omitted, the value of the
134 variable with the same name in the program environment will be
135 used.
136 Also see Environment= in systemd.exec(5).
138 --pty, -t
140 When invoking the command, the transient service connects its
141 standard input, output and error to the terminal systemd-run is
142 invoked on, via a pseudo TTY device. This allows running programs
143 that expect interactive user input/output as services, such as
144 interactive command shells.
145 Note that machinectl(1)'s shell command is usually a better
147 alternative for requesting a new, interactive login session on the
148 local host or a local container.
149 See below for details on how this switch combines with --pipe.
151 --pipe, -P
153 If specified, standard input, output, and error of the transient
154 service are inherited from the systemd-run command itself. This
155 allows systemd-run to be used within shell pipelines. Note that
156 this mode is not suitable for interactive command shells and
157 similar, as the service process will not become a TTY controller
158 when invoked on a terminal. Use --pty instead in that case.
159 When both --pipe and --pty are used in combination the more
161 appropriate option is automatically determined and used.
162 Specifically, when invoked with standard input, output and error
163 connected to a TTY --pty is used, and otherwise --pipe.
164 When this option is used the original file descriptors systemd-run
166 receives are passed to the service processes as-is. If the service
167 runs with different privileges than systemd-run, this means the
168 service might not be able to re-open the passed file descriptors,
169 due to normal file descriptor access restrictions. If the invoked
170 process is a shell script that uses the echo "hello" >/dev/stderr
171 construct for writing messages to stderr, this might cause
172 problems, as this only works if stderr can be re-opened. To
173 mitigate this use the construct echo "hello" >&2 instead, which is
174 mostly equivalent and avoids this pitfall.
175 --shell, -S
177 A shortcut for "--pty --same-dir --wait --collect
178 --service-type=exec $SHELL", i.e. requests an interactive shell in
179 the current working directory, running in service context,
180 accessible with a single switch.
181 --quiet, -q
183 Suppresses additional informational output while running. This is
184 particularly useful in combination with --pty when it will suppress
185 the initial message explaining how to terminate the TTY connection.
186 --on-active=, --on-boot=, --on-startup=, --on-unit-active=,
188 --on-unit-inactive=
189 Defines a monotonic timer relative to different starting points for
190 starting the specified command. See OnActiveSec=, OnBootSec=,
191 OnStartupSec=, OnUnitActiveSec= and OnUnitInactiveSec= in
192 systemd.timer(5) for details. These options are shortcuts for
193 --timer-property= with the relevant properties. These options may
194 not be combined with --scope or --pty.
195 --on-calendar=
197 Defines a calendar timer for starting the specified command. See
198 OnCalendar= in systemd.timer(5). This option is a shortcut for
199 --timer-property=OnCalendar=. This option may not be combined with
200 --scope or --pty.
201 --on-clock-change, --on-timezone-change
203 Defines a trigger based on system clock jumps or timezone changes
204 for starting the specified command. See OnClockChange= and
205 OnTimezoneChange= in systemd.timer(5). These options are shortcuts
206 for --timer-property=OnClockChange=yes and
207 --timer-property=OnTimezoneChange=yes. These options may not be
208 combined with --scope or --pty.
209 --path-property=, --socket-property=, --timer-property=
211 Sets a property on the path, socket, or timer unit that is created.
212 This option is similar to --property=, but applies to the transient
213 path, socket, or timer unit rather than the transient service unit
214 created. This option takes an assignment in the same format as
215 systemctl(1)'s set-property command. These options may not be
216 combined with --scope or --pty.
217 --no-block
219 Do not synchronously wait for the unit start operation to finish.
220 If this option is not specified, the start request for the
221 transient unit will be verified, enqueued and systemd-run will wait
222 until the unit's start-up is completed. By passing this argument,
223 it is only verified and enqueued. This option may not be combined
224 with --wait.
225 --wait
227 Synchronously wait for the transient service to terminate. If this
228 option is specified, the start request for the transient unit is
229 verified, enqueued, and waited for. Subsequently the invoked unit
230 is monitored, and it is waited until it is deactivated again (most
231 likely because the specified command completed). On exit, terse
232 information about the unit's runtime is shown, including total
233 runtime (as well as CPU usage, if --property=CPUAccounting=1 was
234 set) and the exit code and status of the main process. This output
235 may be suppressed with --quiet. This option may not be combined
236 with --no-block, --scope or the various path, socket, or timer
237 options.
238 -G, --collect
240 Unload the transient unit after it completed, even if it failed.
241 Normally, without this option, all units that ran and failed are
242 kept in memory until the user explicitly resets their failure state
243 with systemctl reset-failed or an equivalent command. On the other
244 hand, units that ran successfully are unloaded immediately. If this
245 option is turned on the "garbage collection" of units is more
246 aggressive, and unloads units regardless if they exited
247 successfully or failed. This option is a shortcut for
248 --property=CollectMode=inactive-or-failed, see the explanation for
249 CollectMode= in systemd.unit(5) for further information.
250 --user
252 Talk to the service manager of the calling user, rather than the
253 service manager of the system.
254 --system
256 Talk to the service manager of the system. This is the implied
257 default.
258 -H, --host=
260 Execute the operation remotely. Specify a hostname, or a username
261 and hostname separated by "@", to connect to. The hostname may
262 optionally be suffixed by a port ssh is listening on, separated by
263 ":", and then a container name, separated by "/", which connects
264 directly to a specific container on the specified host. This will
265 use SSH to talk to the remote machine manager instance. Container
266 names may be enumerated with machinectl -H HOST. Put IPv6 addresses
267 in brackets.
268 -M, --machine=
270 Execute operation on a local container. Specify a container name to
271 connect to, optionally prefixed by a user name to connect as and a
272 separating "@" character. If the special string ".host" is used in
273 place of the container name, a connection to the local system is
274 made (which is useful to connect to a specific user's user bus:
275 "--user --machine=lennart@.host"). If the "@" syntax is not used,
276 the connection is made as root user. If the "@" syntax is used
277 either the left hand side or the right hand side may be omitted
278 (but not both) in which case the local user name and ".host" are
279 implied.
280 -h, --help
282 Print a short help text and exit.
283 --version
285 Print a short version string and exit.
286 All command line arguments after the first non-option argument become
288 part of the command line of the launched process.
289
291 On success, 0 is returned. If systemd-run failed to start the service,
292 a non-zero return value will be returned. If systemd-run waits for the
293 service to terminate, the return value will be propagated from the
294 service. 0 will be returned on success, including all the cases where
295 systemd considers a service to have exited cleanly, see the discussion
296 of SuccessExitStatus= in systemd.service(5).
297
299 Example 1. Logging environment variables provided by systemd to
300 services
301 # systemd-run env
303 Running as unit: run-19945.service
304 # journalctl -u run-19945.service
305 Sep 08 07:37:21 bupkis systemd[1]: Starting /usr/bin/env...
306 Sep 08 07:37:21 bupkis systemd[1]: Started /usr/bin/env.
307 Sep 08 07:37:21 bupkis env[19948]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
308 Sep 08 07:37:21 bupkis env[19948]: LANG=en_US.UTF-8
309 Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.x86_64
310 Example 2. Limiting resources available to a command
312 # systemd-run -p IOWeight=10 updatedb
314 This command invokes the updatedb(8) tool, but lowers the block I/O
316 weight for it to 10. See systemd.resource-control(5) for more
317 information on the IOWeight= property.
318 Example 3. Running commands at a specified time
320 The following command will touch a file after 30 seconds.
322 # date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo
324 Mon Dec 8 20:44:24 KST 2014
325 Running as unit: run-71.timer
326 Will run service as unit: run-71.service
327 # journalctl -b -u run-71.timer
328 -- Journal begins at Fri 2014-12-05 19:09:21 KST, ends at Mon 2014-12-08 20:44:54 KST. --
329 Dec 08 20:44:38 container systemd[1]: Starting /bin/touch /tmp/foo.
330 Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo.
331 # journalctl -b -u run-71.service
332 -- Journal begins at Fri 2014-12-05 19:09:21 KST, ends at Mon 2014-12-08 20:44:54 KST. --
333 Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo...
334 Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.
335 Example 4. Allowing access to the tty
337 The following command invokes bash(1) as a service passing its standard
339 input, output and error to the calling TTY.
340 # systemd-run -t --send-sighup bash
342 Example 5. Start screen as a user service
344 $ systemd-run --scope --user screen
346 Running scope as unit run-r14b0047ab6df45bfb45e7786cc839e76.scope.
347 $ screen -ls
349 There is a screen on:
350 492..laptop (Detached)
351 1 Socket in /var/run/screen/S-fatima.
352 This starts the screen process as a child of the systemd --user process
354 that was started by user@.service, in a scope unit. A systemd.scope(5)
355 unit is used instead of a systemd.service(5) unit, because screen will
356 exit when detaching from the terminal, and a service unit would be
357 terminated. Running screen as a user unit has the advantage that it is
358 not part of the session scope. If KillUserProcesses=yes is configured
359 in logind.conf(5), the default, the session scope will be terminated
360 when the user logs out of that session.
361 The user@.service is started automatically when the user first logs in,
363 and stays around as long as at least one login session is open. After
364 the user logs out of the last session, user@.service and all services
365 underneath it are terminated. This behavior is the default, when
366 "lingering" is not enabled for that user. Enabling lingering means that
367 user@.service is started automatically during boot, even if the user is
368 not logged in, and that the service is not terminated when the user
369 logs out.
370 Enabling lingering allows the user to run processes without being
372 logged in, for example to allow screen to persist after the user logs
373 out, even if the session scope is terminated. In the default
374 configuration, users can enable lingering for themselves:
375 $ loginctl enable-linger
377 Example 6. Return value
379 $ systemd-run --user --wait true
381 $ systemd-run --user --wait -p SuccessExitStatus=11 bash -c 'exit 11'
382 $ systemd-run --user --wait -p SuccessExitStatus=SIGUSR1 bash -c 'kill -SIGUSR1 $$$$'
383 Those three invocations will succeed, i.e. terminate with an exit code
385 of 0.
386
388 systemd(1), systemctl(1), systemd.unit(5), systemd.service(5),
389 systemd.scope(5), systemd.slice(5), systemd.exec(5), systemd.resource-
390 control(5), systemd.timer(5), systemd-mount(1), machinectl(1)
391systemd 253 SYSTEMD-RUN(1)