1SYSTEMD-RUN(1) systemd-run SYSTEMD-RUN(1)
2
6 systemd-run - Run programs in transient scope units, service units, or
7 path-, socket-, or timer-triggered service units
8
10 systemd-run [OPTIONS...] COMMAND [ARGS...]
11 systemd-run [OPTIONS...] [PATH OPTIONS...] {COMMAND} [ARGS...]
13 systemd-run [OPTIONS...] [SOCKET OPTIONS...] {COMMAND} [ARGS...]
15 systemd-run [OPTIONS...] [TIMER OPTIONS...] {COMMAND} [ARGS...]
17
19 systemd-run may be used to create and start a transient .service or
20 .scope unit and run the specified COMMAND in it. It may also be used to
21 create and start a transient .path, .socket, or .timer unit, that
22 activates a .service unit when elapsing.
23 If a command is run as transient service unit, it will be started and
25 managed by the service manager like any other service, and thus shows
26 up in the output of systemctl list-units like any other unit. It will
27 run in a clean and detached execution environment, with the service
28 manager as its parent process. In this mode, systemd-run will start the
29 service asynchronously in the background and return after the command
30 has begun execution (unless --no-block or --wait are specified, see
31 below).
32 If a command is run as transient scope unit, it will be executed by
34 systemd-run itself as parent process and will thus inherit the
35 execution environment of the caller. However, the processes of the
36 command are managed by the service manager similarly to normal
37 services, and will show up in the output of systemctl list-units.
38 Execution in this case is synchronous, and will return only when the
39 command finishes. This mode is enabled via the --scope switch (see
40 below).
41 If a command is run with path, socket, or timer options such as
43 --on-calendar= (see below), a transient path, socket, or timer unit is
44 created alongside the service unit for the specified command. Only the
45 transient path, socket, or timer unit is started immediately, the
46 transient service unit will be triggered by the path, socket, or timer
47 unit. If the --unit= option is specified, the COMMAND may be omitted.
48 In this case, systemd-run creates only a .path, .socket, or .timer unit
49 that triggers the specified unit.
50 By default, services created with systemd-run default to the simple
52 type, see the description of Type= in systemd.service(5) for details.
53 Note that when this type is used, the service manager (and thus the
54 systemd-run command) considers service start-up successful as soon as
55 the fork() for the main service process succeeded, i.e. before the
56 execve() is invoked, and thus even if the specified command cannot be
57 started. Consider using the exec service type (i.e.
58 --property=Type=exec) to ensure that systemd-run returns successfully
59 only if the specified command line has been successfully started.
60 After systemd-run passes the command to the service manager, the
62 manager performs variable expansion. This means that dollar characters
63 ("$") which should not be expanded need to be escaped as "$$".
64 Expansion can also be disabled using --expand-environment=no.
65
67 The following options are understood:
68 --no-ask-password
70 Do not query the user for authentication for privileged operations.
71 --scope
73 Create a transient .scope unit instead of the default transient
74 .service unit (see above).
75 --unit=, -u
77 Use this unit name instead of an automatically generated one.
78 --property=, -p
80 Sets a property on the scope or service unit that is created. This
81 option takes an assignment in the same format as systemctl(1)'s
82 set-property command.
83 --description=
85 Provide a description for the service, scope, path, socket, or
86 timer unit. If not specified, the command itself will be used as a
87 description. See Description= in systemd.unit(5).
88 --slice=
90 Make the new .service or .scope unit part of the specified slice,
91 instead of system.slice (when running in --system mode) or the root
92 slice (when running in --user mode).
93 --slice-inherit
95 Make the new .service or .scope unit part of the inherited slice.
96 This option can be combined with --slice=.
97 An inherited slice is located within systemd-run slice. Example: if
99 systemd-run slice is foo.slice, and the --slice= argument is bar,
100 the unit will be placed under the foo-bar.slice.
101 --expand-environment=BOOL
103 Expand environment variables in command arguments. If enabled,
104 environment variables specified as "${VARIABLE}" will be expanded
105 in the same way as in commands specified via ExecStart= in units.
106 With --scope, this expansion is performed by systemd-run itself,
107 and in other cases by the service manager that spawns the command.
108 Note that this is similar to, but not the same as variable
109 expansion in bash(1) and other shells.
110 The default is to enable this option in all cases, except for
112 --scope where it is disabled by default, for backward compatibility
113 reasons. Note that this will be changed in a future release, where
114 it will be switched to enabled by default as well.
115 See systemd.service(5) for a description of variable expansion.
117 Disabling variable expansion is useful if the specified command
118 includes or may include a "$" sign.
119 -r, --remain-after-exit
121 After the service process has terminated, keep the service around
122 until it is explicitly stopped. This is useful to collect runtime
123 information about the service after it finished running. Also see
124 RemainAfterExit= in systemd.service(5).
125 --send-sighup
127 When terminating the scope or service unit, send a SIGHUP
128 immediately after SIGTERM. This is useful to indicate to shells and
129 shell-like processes that the connection has been severed. Also see
130 SendSIGHUP= in systemd.kill(5).
131 --service-type=
133 Sets the service type. Also see Type= in systemd.service(5). This
134 option has no effect in conjunction with --scope. Defaults to
135 simple.
136 --uid=, --gid=
138 Runs the service process under the specified UNIX user and group.
139 Also see User= and Group= in systemd.exec(5).
140 --nice=
142 Runs the service process with the specified nice level. Also see
143 Nice= in systemd.exec(5).
144 --working-directory=
146 Runs the service process with the specified working directory. Also
147 see WorkingDirectory= in systemd.exec(5).
148 --same-dir, -d
150 Similar to --working-directory=, but uses the current working
151 directory of the caller for the service to execute.
152 -E NAME[=VALUE], --setenv=NAME[=VALUE]
154 Runs the service process with the specified environment variable
155 set. This parameter may be used more than once to set multiple
156 variables. When "=" and VALUE are omitted, the value of the
157 variable with the same name in the program environment will be
158 used.
159 Also see Environment= in systemd.exec(5).
161 --pty, -t
163 When invoking the command, the transient service connects its
164 standard input, output and error to the terminal systemd-run is
165 invoked on, via a pseudo TTY device. This allows running programs
166 that expect interactive user input/output as services, such as
167 interactive command shells.
168 Note that machinectl(1)'s shell command is usually a better
170 alternative for requesting a new, interactive login session on the
171 local host or a local container.
172 See below for details on how this switch combines with --pipe.
174 --pipe, -P
176 If specified, standard input, output, and error of the transient
177 service are inherited from the systemd-run command itself. This
178 allows systemd-run to be used within shell pipelines. Note that
179 this mode is not suitable for interactive command shells and
180 similar, as the service process will not become a TTY controller
181 when invoked on a terminal. Use --pty instead in that case.
182 When both --pipe and --pty are used in combination the more
184 appropriate option is automatically determined and used.
185 Specifically, when invoked with standard input, output and error
186 connected to a TTY --pty is used, and otherwise --pipe.
187 When this option is used the original file descriptors systemd-run
189 receives are passed to the service processes as-is. If the service
190 runs with different privileges than systemd-run, this means the
191 service might not be able to re-open the passed file descriptors,
192 due to normal file descriptor access restrictions. If the invoked
193 process is a shell script that uses the echo "hello" >/dev/stderr
194 construct for writing messages to stderr, this might cause
195 problems, as this only works if stderr can be re-opened. To
196 mitigate this use the construct echo "hello" >&2 instead, which is
197 mostly equivalent and avoids this pitfall.
198 --shell, -S
200 A shortcut for "--pty --same-dir --wait --collect
201 --service-type=exec $SHELL", i.e. requests an interactive shell in
202 the current working directory, running in service context,
203 accessible with a single switch.
204 --quiet, -q
206 Suppresses additional informational output while running. This is
207 particularly useful in combination with --pty when it will suppress
208 the initial message explaining how to terminate the TTY connection.
209 --on-active=, --on-boot=, --on-startup=, --on-unit-active=,
211 --on-unit-inactive=
212 Defines a monotonic timer relative to different starting points for
213 starting the specified command. See OnActiveSec=, OnBootSec=,
214 OnStartupSec=, OnUnitActiveSec= and OnUnitInactiveSec= in
215 systemd.timer(5) for details. These options are shortcuts for
216 --timer-property= with the relevant properties. These options may
217 not be combined with --scope or --pty.
218 --on-calendar=
220 Defines a calendar timer for starting the specified command. See
221 OnCalendar= in systemd.timer(5). This option is a shortcut for
222 --timer-property=OnCalendar=. This option may not be combined with
223 --scope or --pty.
224 --on-clock-change, --on-timezone-change
226 Defines a trigger based on system clock jumps or timezone changes
227 for starting the specified command. See OnClockChange= and
228 OnTimezoneChange= in systemd.timer(5). These options are shortcuts
229 for --timer-property=OnClockChange=yes and
230 --timer-property=OnTimezoneChange=yes. These options may not be
231 combined with --scope or --pty.
232 --path-property=, --socket-property=, --timer-property=
234 Sets a property on the path, socket, or timer unit that is created.
235 This option is similar to --property=, but applies to the transient
236 path, socket, or timer unit rather than the transient service unit
237 created. This option takes an assignment in the same format as
238 systemctl(1)'s set-property command. These options may not be
239 combined with --scope or --pty.
240 --no-block
242 Do not synchronously wait for the unit start operation to finish.
243 If this option is not specified, the start request for the
244 transient unit will be verified, enqueued and systemd-run will wait
245 until the unit's start-up is completed. By passing this argument,
246 it is only verified and enqueued. This option may not be combined
247 with --wait.
248 --wait
250 Synchronously wait for the transient service to terminate. If this
251 option is specified, the start request for the transient unit is
252 verified, enqueued, and waited for. Subsequently the invoked unit
253 is monitored, and it is waited until it is deactivated again (most
254 likely because the specified command completed). On exit, terse
255 information about the unit's runtime is shown, including total
256 runtime (as well as CPU usage, if --property=CPUAccounting=1 was
257 set) and the exit code and status of the main process. This output
258 may be suppressed with --quiet. This option may not be combined
259 with --no-block, --scope or the various path, socket, or timer
260 options.
261 -G, --collect
263 Unload the transient unit after it completed, even if it failed.
264 Normally, without this option, all units that ran and failed are
265 kept in memory until the user explicitly resets their failure state
266 with systemctl reset-failed or an equivalent command. On the other
267 hand, units that ran successfully are unloaded immediately. If this
268 option is turned on the "garbage collection" of units is more
269 aggressive, and unloads units regardless if they exited
270 successfully or failed. This option is a shortcut for
271 --property=CollectMode=inactive-or-failed, see the explanation for
272 CollectMode= in systemd.unit(5) for further information.
273 --user
275 Talk to the service manager of the calling user, rather than the
276 service manager of the system.
277 --system
279 Talk to the service manager of the system. This is the implied
280 default.
281 -H, --host=
283 Execute the operation remotely. Specify a hostname, or a username
284 and hostname separated by "@", to connect to. The hostname may
285 optionally be suffixed by a port ssh is listening on, separated by
286 ":", and then a container name, separated by "/", which connects
287 directly to a specific container on the specified host. This will
288 use SSH to talk to the remote machine manager instance. Container
289 names may be enumerated with machinectl -H HOST. Put IPv6 addresses
290 in brackets.
291 -M, --machine=
293 Execute operation on a local container. Specify a container name to
294 connect to, optionally prefixed by a user name to connect as and a
295 separating "@" character. If the special string ".host" is used in
296 place of the container name, a connection to the local system is
297 made (which is useful to connect to a specific user's user bus:
298 "--user --machine=lennart@.host"). If the "@" syntax is not used,
299 the connection is made as root user. If the "@" syntax is used
300 either the left hand side or the right hand side may be omitted
301 (but not both) in which case the local user name and ".host" are
302 implied.
303 -h, --help
305 Print a short help text and exit.
306 --version
308 Print a short version string and exit.
309 All command line arguments after the first non-option argument become
311 part of the command line of the launched process.
312
314 On success, 0 is returned. If systemd-run failed to start the service,
315 a non-zero return value will be returned. If systemd-run waits for the
316 service to terminate, the return value will be propagated from the
317 service. 0 will be returned on success, including all the cases where
318 systemd considers a service to have exited cleanly, see the discussion
319 of SuccessExitStatus= in systemd.service(5).
320
322 Example 1. Logging environment variables provided by systemd to
323 services
324 # systemd-run env
326 Running as unit: run-19945.service
327 # journalctl -u run-19945.service
328 Sep 08 07:37:21 bupkis systemd[1]: Starting /usr/bin/env...
329 Sep 08 07:37:21 bupkis systemd[1]: Started /usr/bin/env.
330 Sep 08 07:37:21 bupkis env[19948]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
331 Sep 08 07:37:21 bupkis env[19948]: LANG=en_US.UTF-8
332 Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.x86_64
333 Example 2. Limiting resources available to a command
335 # systemd-run -p IOWeight=10 updatedb
337 This command invokes the updatedb(8) tool, but lowers the block I/O
339 weight for it to 10. See systemd.resource-control(5) for more
340 information on the IOWeight= property.
341 Example 3. Running commands at a specified time
343 The following command will touch a file after 30 seconds.
345 # date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo
347 Mon Dec 8 20:44:24 KST 2014
348 Running as unit: run-71.timer
349 Will run service as unit: run-71.service
350 # journalctl -b -u run-71.timer
351 -- Journal begins at Fri 2014-12-05 19:09:21 KST, ends at Mon 2014-12-08 20:44:54 KST. --
352 Dec 08 20:44:38 container systemd[1]: Starting /bin/touch /tmp/foo.
353 Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo.
354 # journalctl -b -u run-71.service
355 -- Journal begins at Fri 2014-12-05 19:09:21 KST, ends at Mon 2014-12-08 20:44:54 KST. --
356 Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo...
357 Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.
358 Example 4. Allowing access to the tty
360 The following command invokes bash(1) as a service passing its standard
362 input, output and error to the calling TTY.
363 # systemd-run -t --send-sighup bash
365 Example 5. Start screen as a user service
367 $ systemd-run --scope --user screen
369 Running scope as unit run-r14b0047ab6df45bfb45e7786cc839e76.scope.
370 $ screen -ls
372 There is a screen on:
373 492..laptop (Detached)
374 1 Socket in /var/run/screen/S-fatima.
375 This starts the screen process as a child of the systemd --user process
377 that was started by user@.service, in a scope unit. A systemd.scope(5)
378 unit is used instead of a systemd.service(5) unit, because screen will
379 exit when detaching from the terminal, and a service unit would be
380 terminated. Running screen as a user unit has the advantage that it is
381 not part of the session scope. If KillUserProcesses=yes is configured
382 in logind.conf(5), the default, the session scope will be terminated
383 when the user logs out of that session.
384 The user@.service is started automatically when the user first logs in,
386 and stays around as long as at least one login session is open. After
387 the user logs out of the last session, user@.service and all services
388 underneath it are terminated. This behavior is the default, when
389 "lingering" is not enabled for that user. Enabling lingering means that
390 user@.service is started automatically during boot, even if the user is
391 not logged in, and that the service is not terminated when the user
392 logs out.
393 Enabling lingering allows the user to run processes without being
395 logged in, for example to allow screen to persist after the user logs
396 out, even if the session scope is terminated. In the default
397 configuration, users can enable lingering for themselves:
398 $ loginctl enable-linger
400 Example 6. Variable expansion by the manager
402 $ systemd-run -t echo "<${INVOCATION_ID}>" '<${INVOCATION_ID}>'
404 <> <5d0149bfa2c34b79bccb13074001eb20>
405 The first argument is expanded by the shell (double quotes), but the
408 second one is not expanded by the shell (single quotes). echo is
409 called with ["/usr/bin/echo", "[]", "[${INVOCATION_ID}]"] as the
410 argument array, and then systemd generates ${INVOCATION_ID} and
411 substitutes it in the command-line. This substitution could not be done
412 on the client side, because the target ID that will be set for the
413 service isn't known before the call is made.
414 Example 7. Variable expansion and output redirection using a shell
416 Variable expansion by systemd can be disabled with
418 --expand-environment=no.
419 Disabling variable expansion can be useful if the command to execute
421 contains dollar characters and escaping them would be inconvenient. For
422 example, when a shell is used:
423 $ systemd-run --expand-environment=no -t bash \
425 -c 'echo $SHELL $$ >/dev/stdout'
426 /bin/bash 12345
427 The last argument is passed verbatim to the bash shell which is started
430 by the service unit. The shell expands "$SHELL" to the path of the
431 shell, and "$$" to its process number, and then those strings are
432 passed to the echo built-in and printed to standard output (which in
433 this case is connected to the calling terminal).
434 Example 8. Return value
436 $ systemd-run --user --wait true
438 $ systemd-run --user --wait -p SuccessExitStatus=11 bash -c 'exit 11'
439 $ systemd-run --user --wait -p SuccessExitStatus=SIGUSR1 --expand-environment=no \
440 bash -c 'kill -SIGUSR1 $$'
441 Those three invocations will succeed, i.e. terminate with an exit code
443 of 0.
444
446 systemd(1), systemctl(1), systemd.unit(5), systemd.service(5),
447 systemd.scope(5), systemd.slice(5), systemd.exec(5), systemd.resource-
448 control(5), systemd.timer(5), systemd-mount(1), machinectl(1)
449systemd 254 SYSTEMD-RUN(1)