systemd

Units commonly include, but are not limited to, services (.service), mount points (.mount), devices (.device) and sockets (.socket).

When using systemctl, you generally have to specify the complete name of the unit file, including its suffix, for example sshd.socket. There are however a few short forms when specifying the unit in the following systemctl commands:

• If you do not specify the suffix, systemctl will assume .service. For example, and netctl.service are equivalent.
• Mount points will automatically be translated into the appropriate .mount unit. For example, specifying is equivalent to .
• Similar to mount points, devices are automatically translated into the appropriate .device unit, therefore specifying is equivalent to .

See for details.

The commands in the below table operate on system units since is the implied default for systemctl. To instead operate on user units (for the calling user), use systemctl --user without root privileges. See also systemd/User#Basic setup to enable/disable user units for all users.

1. See for the directories where available unit files can be found.
2. This does not ask the changed units to reload their own configurations (see the Reload action).
3. For example, in case its section has changed since last enabling it.
4. Both manually and as a dependency, which makes masking dangerous. Check for existing masked units with:

   # systemctl list-unit-files --state=masked

polkit is necessary for power management as an unprivileged user. If you are in a local systemd-logind user session and no other session is active, the following commands will work without root privileges. If not (for example, because another user is logged into a tty), systemd will automatically ask you for the root password.

With systemd, dependencies can be resolved by designing the unit files correctly. The most typical case is that the unit A requires the unit B to be running before A is started. In that case add and After=B to the section of A. If the dependency is optional, add and After=B instead. Note that and do not imply After=, meaning that if After= is not specified, the two units will be started in parallel.

Dependencies are typically placed on services and not on #Targets. For example, is pulled in by whatever service configures your network interfaces, therefore ordering your custom unit after it is sufficient since is started anyway.

There are several different start-up types to consider when writing a custom service file. This is set with the parameter in the section:

• (default): systemd considers the service to be started up immediately. The process must not fork. Do not use this type if other services need to be ordered on this service, unless it is socket activated.
• : systemd considers the service started up once the process forks and the parent has exited. For classic daemons use this type unless you know that it is not necessary. You should specify as well so systemd can keep track of the main process.
• Type=oneshot: this is useful for scripts that do a single job and then exit. You may want to set as well so that systemd still considers the service as active after the process has exited.
• : identical to , but with the stipulation that the daemon will send a signal to systemd when it is ready. The reference implementation for this notification is provided by libsystemd-daemon.so.
• : the service is considered ready when the specified appears on DBus's system bus.
• : systemd will delay execution of the service binary until all jobs are dispatched. Other than that behavior is very similar to .

See the systemd.service(5) § OPTIONS man page for a more detailed explanation of the values.

To avoid conflicts with pacman, unit files provided by packages should not be directly edited. There are two safe ways to modify a unit without touching the original file: create a new unit file which overrides the original unit or create drop-in snippets which are applied on top of the original unit. For both methods, you must reload the unit afterwards to apply your changes. This can be done either by editing the unit with (which reloads the unit automatically) or by reloading all units with:

# systemctl daemon-reload

To replace the unit file /usr/lib/systemd/system/unit, create the file and reenable the unit to update the symlinks.

Alternatively, run:

# systemctl edit --full unit

This opens in your editor (copying the installed version if it does not exist yet) and automatically reloads it when you finish editing.

To create drop-in files for the unit file /usr/lib/systemd/system/unit, create the directory and place .conf files there to override or add new options. systemd will parse and apply these files on top of the original unit.

The easiest way to do this is to run:

# systemctl edit unit

This opens the file in your text editor (creating it if necessary) and automatically reloads the unit when you are done editing.

To revert any changes to a unit made using do:

# systemctl revert unit

For example, if you simply want to add an additional dependency to a unit, you may create the following file:

As another example, in order to replace the directive for a unit that is not of type oneshot, create the following file:

Note how must be cleared before being re-assigned . The same holds for every item that can be specified multiple times, e.g. for timers.

One more example to automatically restart a service:

The following should be used under systemd instead of running :

$ systemctl list-units --type=target

The runlevels that held a defined meaning under sysvinit (i.e., 0, 1, 3, 5, and 6); have a 1:1 mapping with a specific systemd target. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named systemd target as that takes one of the existing runlevels as a base (you can look at as an example), make a directory , and then symlink the additional services from /usr/lib/systemd/system/ that you wish to enable.

In systemd, targets are exposed via target units. You can change them like this:

# systemctl isolate graphical.target

This will only change the current target, and has no effect on the next boot. This is equivalent to commands such as or in Sysvinit.

The standard target is default.target, which is a symlink to . This roughly corresponds to the old runlevel 5.

To verify the current target with systemctl:

$ systemctl get-default

To change the default target to boot into, change the default.target symlink. With systemctl:

Alternatively, append one of the following kernel parameters to your bootloader:

• (which roughly corresponds to the old runlevel 3),
• (which roughly corresponds to the old runlevel 1).

systemd chooses the default.target according to the following order:

1. Kernel parameter shown above
2. Symlink of /etc/systemd/system/default.target
3. Symlink of

systemd is in charge of mounting the partitions and filesystems specified in /etc/fstab. The translates all the entries in /etc/fstab into systemd units; this is performed at boot time and whenever the configuration of the system manager is reloaded.

systemd extends the usual fstab capabilities and offers additional mount options. These affect the dependencies of the mount unit. They can, for example, ensure that a mount is performed only once the network is up or only once another partition is mounted. The full list of specific systemd mount options, typically prefixed with , is detailed in .

An example of these mount options is automounting, which means mounting only when the resource is required rather than automatically at boot time. This is provided in fstab#Automount with systemd.

On UEFI-booted systems, if specific conditions are met, will automount GPT partitions following the Discoverable Partitions Specification and they can thus be omitted from fstab.

The prerequisites are:

• The boot loader must set the LoaderDevicePartUUID EFI variable, so that the used EFI system partition can be identified. This is supported by systemd-boot, and rEFInd (not enabled by default). This can be verified by running and checking the status of .
• The root partition must be on the same physical disk as the used EFI system partition. Other partitions that will be automounted must be on the same physical disk as the root partition. This basically means that all automounted partitions must share the same physical disk with the ESP.

For automounting to work, the PARTUUID must match the SHA256 HMAC hash of the partition type UUID () keyed by the machine ID. The required PARTUUID can be obtained using:

$ systemd-id128 -u --app-specific=4d21b016-b534-45c2-a9fb-5c16e091fd2d machine-id

The primary role of (required by ) is to provide the traditional linux init binary. For systemd-controlled systems, is just a symbolic link to its systemd executable.

In addition, it provides four convenience shortcuts that SysVinit users might be used to. The convenience shortcuts are , , and . Each one of those four commands is a symbolic link to , and is governed by systemd behavior. Therefore, the discussion at #Power management applies.

systemd-based systems can give up those System V compatibility methods by using the boot parameter (see, for example, /bin/init is in systemd-sysvcompat ?) and systemd native command arguments.

systemd-tmpfiles creates, deletes and cleans up volatile and temporary files and directories. It reads configuration files in /etc/tmpfiles.d/ and to discover which actions to perform. Configuration files in the former directory take precedence over those in the latter directory.

Configuration files are usually provided together with service files, and they are named in the style of . For example, the Samba daemon expects the directory to exist and to have the correct permissions. Therefore, the package ships with this configuration:

Configuration files may also be used to write values into certain files on boot. For example, if you used /etc/rc.local to disable wakeup from USB devices with , you may use the following tmpfile instead:

See the and man pages for details.

• systemadm — Graphical browser for systemd units. It can show the list of units, possibly filtered by type.

https://cgit.freedesktop.org/systemd/systemd-ui/ || systemd-ui

To delay a service until after the network is up, include the following dependencies in the .service file:

The network wait service of the particular application that manages the network, must also be enabled so that properly reflects the network status.

• If using NetworkManager, is enabled together with . Check if this is the case with systemctl is-enabled NetworkManager-wait-online.service. If it is not enabled, then reenable .
• In the case of netctl, enable the .
• If using systemd-networkd, is enabled together with . Check if this is the case with . If it is not enabled, then reenable .

For more detailed explanations see Running services after the network is up in freedesktop.org's systemd wiki.

If a service needs to perform DNS queries, it should additionally be ordered after :

See systemd.special(7) § Special Passive System Units.

For to have any effect it needs a service that pulls it in via and orders itself before it with . Typically this is done by local DNS resolvers.

Check which active service, if any, is pulling in with:

$ systemctl list-dependencies --reverse nss-lookup.target

Arch Linux ships with containing disable *. This causes systemctl preset to disable all units by default, such that when a new package is installed, the user must manually enable the unit.

If this behavior is not desired, simply create a symlink from to in order to override the configuration file. This will cause systemctl preset to enable all units that get installed—regardless of unit type—unless specified in another file in one systemctl preset's configuration directories. User units are not affected. See for more information.

A unit file can be created as a sandbox to isolate applications and their processes within a hardened virtual environment. systemd leverages namespaces, a list of allowed/denied capabilities, and control groups to container processes through an extensive execution environment configuration—systemd.exec(5).

The enhancement of an existing systemd unit file with application sandboxing typically requires trial-and-error tests accompanied by the generous use of , stderr and error logging and output facilities. You may want to first search upstream documentation for already done tests to base trials on. To get a starting point for possible hardening options, run

$ systemd-analyze security unit

Some examples of how sandboxing with systemd can be deployed:

• defines a list of that are allowed or denied for a unit. See .
  • The capability, for example, which should be one of the goals of a secure sandbox: CapabilityBoundingSet=~ CAP_SYS_ADM

In order to notify about service failures, a directive needs to be added to the according service file, for example by using a drop-in configuration file. Adding this directive to every service unit can be achieved with a top-level drop-in configuration file. For details about top-level drop-ins, see .

Create a top-level drop-in for services:

This adds to every service file. If some_service_unit fails, will be started to handle the notification delivery (or whatever task it is configured to perform).

Create the failure-notification@ template unit:

You can create the script and define what to do or how to notify (mail, gotify, xmpp, etc.). The will be the name of the failed service unit and will be passed as argument to the script.

In order to prevent a recursion for starting instances of again and again if the start fails, create an empty drop-in configuration file with the same name as the top-level drop-in (the empty service-level drop-in configuration file takes precedence over the top-level drop-in and overrides the latter one):

# mkdir -p /etc/systemd/system/failure-notification@.service.d
# touch /etc/systemd/system/failure-notification@.service.d/toplevel-override.conf

To find the systemd services which failed to start:

$ systemctl --state=failed

To find out why they failed, examine their log output. See systemd/Journal#Filtering output for details.

systemd has several options for diagnosing problems with the boot process. See boot debugging for more general instructions and options to capture boot messages before systemd takes over the boot process. Also see freedesktop.org's systemd debugging documentation.

If some systemd service misbehaves or you want to get more information about what is happening, set the environment variable to debug. For example, to run the systemd-networkd daemon in debug mode:

Add a drop-in file for the service adding the two lines:

[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

Or equivalently, set the environment variable manually:

# SYSTEMD_LOG_LEVEL=debug /lib/systemd/systemd-networkd

then restart systemd-networkd and watch the journal for the service with the / option.

If the shutdown process takes a very long time (or seems to freeze) most likely a service not exiting is to blame. systemd waits some time for each service to exit before trying to kill it. To find out if you are affected, see Shutdown completes eventually in the systemd wiki.

A common problem is a stalled shutdown or suspend process. To verify if it is the case you could run either of these commands and check the outputs

The solution to this would be to cancel these jobs by running

# systemctl cancel
# systemctl stop systemd-suspend.service

and then trying shutdown or reboot again.

If running as root does not show any output for a short lived service, look at the PID instead. For example, if fails, and systemctl status systemd-modules-load shows that it ran as PID 123, then you might be able to see output in the journal for that PID, i.e. by running as root. Metadata fields for the journal such as and are collected asynchronously and rely on the /proc directory for the process existing. Fixing this requires fixing the kernel to provide this data via a socket connection, similar to . In short, it is a bug. Keep in mind that immediately failed services might not print anything to the journal as per design of systemd.

After using a number of users have noticed that their boot time has increased significantly in comparison with what it used to be. After using NetworkManager is being reported as taking an unusually large amount of time to start.

The problem for some users has been due to becoming too large. This may have other impacts on performance, such as for or . As such the solution is to remove every file within the folder (ideally making a backup of it somewhere, at least temporarily) and then setting a journal file size limit as described in Systemd/Journal#Journal size limit.

Starting with systemd 219, /usr/lib/tmpfiles.d/systemd.conf specifies ACL attributes for directories under and, therefore, requires ACL support to be enabled for the filesystem the journal resides on.

See Access Control Lists#Enable ACL for instructions on how to enable ACL on the filesystem that houses .

You may want to disable emergency mode on a remote machine, for example, a virtual machine hosted at Azure or Google Cloud. It is because if emergency mode is triggered, the machine will be blocked from connecting to network.

To disable it, mask and .