Systemd useful commands and configurations

 

This page is a cheatsheet for systemd commands and configurations.

First of all, systemd man pages are very usefull:

### Systemd concepts and description ###
$ man systemd

### Systemd service file description ###
# Description of a unit configuration file (general):
$ man systemd.unit

# Description of the service specific configurations:
$ man systemd.service

### Systemctl command that controls systemd
$ man systemctl

systemd.unit describes the common configurations of a unit file. In systemd, a unit can be a service, a socket, a device, a mount point, etc… In addition to this man page, there is a unit specific man page, for instance systemd.service, systemd.socket, systemd.device, etc…

Commands

  • Starting/Stopping and getting the status of a service:

      $ systemctl start|restart|stop|status ServiceName
    
  • Enable/Disable a service to start on boot:

      $ systemctl enable|disable ServiceName
    
  • Show all properties of a service:

      $ systemctl show ServiceName
    
  • Show a service’s config file and its path

      $ systemctl cat ServiceName
    
  • List all systemd units and their state:

      $ systemctl list-units
    
  • Show services logs:

      # all services logs
      $ journalctl
    
      # a specific service 
      $ journalctl -u ServiceName 
    
      # follow a service logs 
      $ journalctl -u ServiceName -f
        
      # see the logs with the specified identifier
      $ journalctl -t flatpak
        
      # see the logs since a certain time
      $ journalctl --since 12:30
      $ journalctl --since today
      $ journalctl --since yesterday
      $ journalctl --since 2022-11-01
    
  • Reload systemd services (needed when a modification is done on a service file):

      $ systemctl daemon-reload
    
  • See how long every services take a boot time:

      $ systemd-analyze blame
    

Services configurations

In order to create a new systemd service, create a file in /etc/systemd/system/. For instance, servicename.service:

[Unit]
Description=My demo service
After=network.target
Requires=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=always
RestartSec=1
User=MyUser
Group=MyGroup
ExecStart=/usr/bin/myservice.sh

[Install]
WantedBy=multi-user.target

The service file configuration file is separated into three sections:

  1. [Unit]: This section describes common unit configurations, some useful are:
    • Before=/After= : Services before/after which our service is started
    • Requires= : Services without whom our service won’t start
    • PartOf= : If the services listed here are stopped or restarted, the action is propagated to our service
    • StartLimitIntervalSec=, StartLimitBurst= : If the service is restarted more than Burst time within an Interval, systemd will stop trying to restart it. If we want to restart for ever, set the StartLimitIntervalSec=0.
  2. [Service]: Configuration options specific to a service. Some useful are:
    • Restart=always : Service always restart on failure
    • RestartSec= : Number of seconds systemd waits before restarting our service
    • ExecStart=, ExecReload=, ExecStop= : Executable to start|restart|stop our service
    • ExecStartPre=, ExecStartPost=, ExecStopPost= : Action to do before/after start and after stop
    • User=, Group= : User/Group with which the service is started
    • Type=: simple|forking|oneshot|notify|idle
    • RuntimeDirectory=, StateDirectory=, CacheDirectory=, LogsDirectory=, ConfigurationDirectory=: If specified, creates a directory when the service starts.
      • For Example: RuntimeDirectory=myservice will create the directory /run/myservice. The RuntimeDirectoryMode= allows to specify the directory Mode (default is 0755).
    • PrivateTmp=: If True, isolates the process’ /tmp and /var/tmp directories in namespaces to secure access to temporary files of the process. Temporary files created by the process are removed after the service has stopped. See this page for additionnal infos.
      • For Example, when set to true, the httpd service will have its tmp/ folder in /tmp/systemd-private-<BIG-ID>-httpd.service-<SMALL_ID>/tmp/
    • CapabilityBoundingSet=: Limits capabilities the process is allowed to obtain. It doesn’t grant any.
      • For Example: CapabilityBoundingSet=CAP_SYS_PTRACE, CAP_NET_BIND_SERVICE will limit the set of capabilities the process could have to these two.
    • AmbientCapabilities=: Grants capabilities to the process. Capabilities the process normally wouldn’t have started with.
      • For Example: AmbientCapabilities=CAP_NET_BIND_SERVICE grants the process this capability. The CAP_NET_BIND_SERVICE is very useful for services running a non-root user and needing to bind a socket on privileged port (< 1024).
  3. [Install]: Contains installation information for the unit. These information are used by enable and disable commands. For example:
    • WantedBy=, RequiredBy=: Dependency of type Wants= or Requires= added to the services listed.

To install and start the service we created, type those commands:

# reload service configuration file
$ systemctl daemon-reload

# if must start at boot
$ systemctl enable myservice 

# start the service
$ systemctl start myservice

# get service status 
$ systemctl status myservice