table of contents
- bookworm 252.33-1~deb12u1
- bookworm-backports 254.22-1~bpo12+1
- testing 257.2-1
- unstable 257.2-2
SYSTEMCTL(1) | systemctl | SYSTEMCTL(1) |
NAME¶
systemctl - Control the systemd system and service manager
SYNOPSIS¶
systemctl [OPTIONS...] COMMAND [UNIT...]
DESCRIPTION¶
systemctl may be used to introspect and control the state of the "systemd" system and service manager. Please refer to systemd(1) for an introduction into the basic concepts and functionality this tool manages.
COMMANDS¶
The following commands are understood:
Unit Commands (Introspection and Modification)¶
list-units [PATTERN...]
Note that this command does not show unit templates, but only instances of unit templates. Units templates that aren't instantiated are not runnable, and will thus never show up in the output of this command. Specifically this means that foo@.service will never be shown in this list — unless instantiated, e.g. as foo@bar.service. Use list-unit-files (see below) for listing installed unit template files.
Produces output similar to
UNIT LOAD ACTIVE SUB DESCRIPTION
sys-module-fuse.device loaded active plugged /sys/module/fuse
-.mount loaded active mounted Root Mount
boot-efi.mount loaded active mounted /boot/efi
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service ● user@1000.service loaded failed failed User Manager for UID 1000
...
systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 123 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.
The header and the last unit of a given type are underlined if the terminal supports that. A colored dot is shown next to services which were masked, not found, or otherwise failed.
The LOAD column shows the load state, one of loaded, not-found, bad-setting, error, masked. The ACTIVE columns shows the general unit state, one of the following:
Table 1. Unit ACTIVE states
State | Description |
active | Started, bound, plugged in, ..., depending on the unit type. |
inactive | Stopped, unbound, unplugged, ..., depending on the unit type. |
failed | Similar to inactive, but the unit failed in some way (process returned error code on exit, crashed, an operation timed out, or after too many restarts). |
activating | Changing from inactive to active. |
deactivating | Changing from active to inactive. |
maintenance | Unit is inactive and a maintenance operation is in progress. |
reloading | Unit is active and it is reloading its configuration. |
The SUB column shows the unit-type-specific detailed state of the unit, possible values vary by unit type. The list of possible LOAD, ACTIVE, and SUB states is not constant and new systemd releases may both add and remove values.
systemctl --state=help
command may be used to display the current set of possible values.
This is the default command.
list-automounts [PATTERN...]
WHAT WHERE MOUNTED IDLE TIMEOUT UNIT /dev/sdb1 /mnt/test no 120s mnt-test.automount binfmt_misc /proc/sys/fs/binfmt_misc yes 0 proc-sys-fs-binfmt_misc.automount 2 automounts listed.
Also see --show-types, --all, and --state=.
Added in version 252.
list-paths [PATTERN...]
PATH CONDITION UNIT ACTIVATES /run/systemd/ask-password DirectoryNotEmpty systemd-ask-password-plymouth.path systemd-ask-password-plymouth.service /run/systemd/ask-password DirectoryNotEmpty systemd-ask-password-wall.path systemd-ask-password-wall.service /var/cache/cups/org.cups.cupsd PathExists cups.path cups.service 3 paths listed.
Also see --show-types, --all, and --state=.
Added in version 254.
list-sockets [PATTERN...]
LISTEN UNIT ACTIVATES /dev/initctl systemd-initctl.socket systemd-initctl.service ... [::]:22 sshd.socket sshd.service kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service 5 sockets listed.
Note: because the addresses might contains spaces, this output is not suitable for programmatic consumption.
Also see --show-types, --all, and --state=.
Added in version 202.
list-timers [PATTERN...]
NEXT LEFT LAST PASSED UNIT ACTIVATES - - Thu 2017-02-23 13:40:29 EST 3 days ago ureadahead-stop.timer ureadahead-stop.service Sun 2017-02-26 18:55:42 EST 1min 14s left Thu 2017-02-23 13:54:44 EST 3 days ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service Sun 2017-02-26 20:37:16 EST 1h 42min left Sun 2017-02-26 11:56:36 EST 6h ago apt-daily.timer apt-daily.service Sun 2017-02-26 20:57:49 EST 2h 3min left Sun 2017-02-26 11:56:36 EST 6h ago snapd.refresh.timer snapd.refresh.service
NEXT shows the next time the timer will run.
LEFT shows how long till the next time the timer runs.
LAST shows the last time the timer ran.
PASSED shows how long has passed since the timer last ran.
UNIT shows the name of the timer
ACTIVATES shows the name the service the timer activates when it runs.
Also see --all and --state=.
Added in version 209.
is-active PATTERN...
is-failed [PATTERN...]
Added in version 197.
status [PATTERN...|PID...]]
This function is intended to generate human-readable output. If you are looking for computer-parsable output, use show instead. By default, this function only shows 10 lines of output and ellipsizes lines to fit in the terminal window. This can be changed with --lines and --full, see above. In addition, journalctl --unit=NAME or journalctl --user-unit=NAME use a similar filter for messages and might be more convenient.
Note that this operation only displays runtime status, i.e. information about the current invocation of the unit (if it is running) or the most recent invocation (if it is not running anymore, and has not been released from memory). Information about earlier invocations, invocations from previous system boots, or prior invocations that have already been released from memory may be retrieved via journalctl --unit=.
systemd implicitly loads units as necessary, so just running the status will attempt to load a file. The command is thus not useful for determining if something was already loaded or not. The units may possibly also be quickly unloaded after the operation is completed if there's no reason to keep it in memory thereafter.
Example 1. Example output from systemctl status
$ systemctl status bluetooth ● bluetooth.service - Bluetooth service
Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; preset: enabled)
Active: active (running) since Wed 2017-01-04 13:54:04 EST; 1 weeks 0 days ago
Docs: man:bluetoothd(8)
Main PID: 930 (bluetoothd)
Status: "Running"
Tasks: 1
Memory: 648.0K
CPU: 435ms
CGroup: /system.slice/bluetooth.service
└─930 /usr/lib/bluetooth/bluetoothd Jan 12 10:46:45 example.com bluetoothd[8900]: Not enough free handles to register service Jan 12 10:46:45 example.com bluetoothd[8900]: Current Time Service could not be registered Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output error (5)
The dot ("●") uses color on supported terminals to summarize the unit state at a glance. Along with its color, its shape varies according to its state: "inactive" or "maintenance" is a white circle ("○"), "active" is a green dot ("●"), "deactivating" is a white dot, "failed" or "error" is a red cross ("×"), and "reloading" is a green clockwise circle arrow ("↻").
The "Loaded:" line in the output will show "loaded" if the unit has been loaded into memory. Other possible values for "Loaded:" include: "error" if there was a problem loading it, "not-found" if no unit file was found for this unit, "bad-setting" if an essential unit file setting could not be parsed and "masked" if the unit file has been masked. Along with showing the path to the unit file, this line will also show the enablement state. Enabled units are included in the dependency network between units, and thus are started at boot or via some other form of activation. See the full table of possible enablement states — including the definition of "masked" — in the documentation for the is-enabled command.
The "Active:" line shows active state. The value is usually "active" or "inactive". Active could mean started, bound, plugged in, etc depending on the unit type. The unit could also be in process of changing states, reporting a state of "activating" or "deactivating". A special "failed" state is entered when the service failed in some way, such as a crash, exiting with an error code or timing out. If the failed state is entered the cause will be logged for later reference.
show [PATTERN...|JOB...]
Many properties shown by systemctl show map directly to configuration settings of the system and service manager and its unit files. Note that the properties shown by the command are generally more low-level, normalized versions of the original configuration settings and expose runtime state in addition to configuration. For example, properties shown for service units include the service's current main process identifier as "MainPID" (which is runtime state), and time settings are always exposed as properties ending in the "...USec" suffix even if a matching configuration options end in "...Sec", because microseconds is the normalized time unit used internally by the system and service manager.
For details about many of these properties, see the documentation of the D-Bus interface backing these properties, see org.freedesktop.systemd1(5).
cat PATTERN...
Added in version 209.
help PATTERN...|PID...
Added in version 185.
list-dependencies [UNIT...]
The units that are shown are additionally filtered by --type= and --state= if those options are specified. Note that we won't be able to use a tree structure in this case, so --plain is implied.
By default, only target units are recursively expanded. When --all is passed, all other units are recursively expanded as well.
Options --reverse, --after, --before may be used to change what types of dependencies are shown.
Note that this command only lists units currently loaded into memory by the service manager. In particular, this command is not suitable to get a comprehensive list at all reverse dependencies on a specific unit, as it won't list the dependencies declared by units currently not loaded.
Added in version 198.
start PATTERN...
Note that unit glob patterns expand to names of units currently in memory. Units which are not active and are not in a failed state usually are not in memory, and will not be matched by any pattern. In addition, in case of instantiated units, systemd is often unaware of the instance name until the instance has been started. Therefore, using glob patterns with start has limited usefulness. Also, secondary alias names of units are not considered.
Option --all may be used to also operate on inactive units which are referenced by other loaded units. Note that this is not the same as operating on "all" possible units, because as the previous paragraph describes, such a list is ill-defined. Nevertheless, systemctl start --all GLOB may be useful if all the units that should match the pattern are pulled in by some target which is known to be loaded.
stop PATTERN...
This command will fail if the unit does not exist or if stopping of the unit is prohibited (see RefuseManualStop= in systemd.unit(5)). It will not fail if any of the commands configured to stop the unit (ExecStop=, etc.) fail, because the manager will still forcibly terminate the unit.
If a unit that gets stopped can still be triggered by other units, a warning containing the names of the triggering units is shown. --no-warn can be used to suppress the warning.
reload PATTERN...
This command should not be confused with the daemon-reload command.
restart PATTERN...
Note that restarting a unit with this command does not necessarily flush out all of the unit's resources before it is started again. For example, the per-service file descriptor storage facility (see FileDescriptorStoreMax= in systemd.service(5)) will remain intact as long as the unit has a job pending, and is only cleared when the unit is fully stopped and no jobs are pending anymore. If it is intended that the file descriptor store is flushed out, too, during a restart operation an explicit systemctl stop command followed by systemctl start should be issued.
try-restart PATTERN...
reload-or-restart PATTERN...
try-reload-or-restart PATTERN...
Added in version 229.
isolate UNIT
This command is dangerous, since it will immediately stop processes that are not enabled in the new target, possibly including the graphical environment or terminal you are currently using.
Note that this operation is allowed only on units where AllowIsolate= is enabled. See systemd.unit(5) for details.
kill PATTERN...
clean PATTERN...
Table 2. Possible values for --what=
Value | Unit Setting |
"runtime" | RuntimeDirectory= |
"state" | StateDirectory= |
"cache" | CacheDirectory= |
"logs" | LogsDirectory= |
"configuration" | ConfigurationDirectory= |
"fdstore" | FileDescriptorStorePreserve= |
"all" | All of the above |
Added in version 243.
freeze PATTERN...
Freezing the unit will cause all processes contained within the cgroup corresponding to the unit to be suspended. Being suspended means that unit's processes won't be scheduled to run on CPU until thawed. Note that this command is supported only on systems that use unified cgroup hierarchy. Unit is automatically thawed just before we execute a job against the unit, e.g. before the unit is stopped.
Added in version 246.
thaw PATTERN...
This is the inverse operation to the freeze command and resumes the execution of processes in the unit's cgroup.
Added in version 246.
set-property UNIT PROPERTY=VALUE...
Example: systemctl set-property foobar.service CPUWeight=200
If the specified unit appears to be inactive, the changes will be only stored on disk as described previously hence they will be effective when the unit will be started.
Note that this command allows changing multiple properties at the same time, which is preferable over setting them individually.
Example: systemctl set-property foobar.service CPUWeight=200 MemoryMax=2G IPAccounting=yes
Like with unit file configuration settings, assigning an empty setting usually resets a property to its defaults.
Example: systemctl set-property avahi-daemon.service IPAddressDeny=
Added in version 206.
bind UNIT PATH [PATH]
Note that this option is currently only supported for units that run within a mount namespace (e.g.: with RootImage=, PrivateMounts=, etc.). This command supports bind-mounting directories, regular files, device nodes, AF_UNIX socket nodes, as well as FIFOs. The bind mount is ephemeral, and it is undone as soon as the current unit process exists. Note that the namespace mentioned here, where the bind mount will be added to, is the one where the main service process runs. Other processes (those exececuted by ExecReload=, ExecStartPre=, etc.) run in distinct namespaces.
If supported by the kernel, any prior mount on the selected target will be replaced by the new mount. If not supported, any prior mount will be over-mounted, but remain pinned and inaccessible.
Added in version 248.
mount-image UNIT IMAGE [PATH [PARTITION_NAME:MOUNT_OPTIONS]]
Note that this option is currently only supported for units that run within a mount namespace (i.e. with RootImage=, PrivateMounts=, etc.). Note that the namespace mentioned here where the image mount will be added to, is the one where the main service process runs. Note that the namespace mentioned here, where the bind mount will be added to, is the one where the main service process runs. Other processes (those exececuted by ExecReload=, ExecStartPre=, etc.) run in distinct namespaces.
If supported by the kernel, any prior mount on the selected target will be replaced by the new mount. If not supported, any prior mount will be over-mounted, but remain pinned and inaccessible.
Example:
systemctl mount-image foo.service /tmp/img.raw /var/lib/image root:ro,nosuid
systemctl mount-image --mkdir bar.service /tmp/img.raw /var/lib/baz/img
Added in version 248.
service-log-level SERVICE [LEVEL]
If the optional argument LEVEL is provided, then change the current log level of the service to LEVEL. The log level should be a typical syslog log level, i.e. a value in the range 0...7 or one of the strings emerg, alert, crit, err, warning, notice, info, debug; see syslog(3) for details.
The service must have the appropriate BusName=destination property and also implement the generic org.freedesktop.LogControl1(5) interface. (systemctl will use the generic D-Bus protocol to access the org.freedesktop.LogControl1.LogLevel interface for the D-Bus name destination.)
Added in version 247.
service-log-target SERVICE [TARGET]
If the optional argument TARGET is provided, then change the current log target of the service to TARGET. The log target should be one of the strings console (for log output to the service's standard error stream), kmsg (for log output to the kernel log buffer), journal (for log output to systemd-journald.service(8) using the native journal protocol), syslog (for log output to the classic syslog socket /dev/log), null (for no log output whatsoever) or auto (for an automatically determined choice, typically equivalent to console if the service is invoked interactively, and journal or syslog otherwise).
For most services, only a small subset of log targets make sense. In particular, most "normal" services should only implement console, journal, and null. Anything else is only appropriate for low-level services that are active in very early boot before proper logging is established.
The service must have the appropriate BusName=destination property and also implement the generic org.freedesktop.LogControl1(5) interface. (systemctl will use the generic D-Bus protocol to access the org.freedesktop.LogControl1.LogLevel interface for the D-Bus name destination.)
Added in version 247.
reset-failed [PATTERN...]
In addition to resetting the "failed" state of a unit it also resets various other per-unit properties: the start rate limit counter of all unit types is reset to zero, as is the restart counter of service units. Thus, if a unit's start limit (as configured with StartLimitIntervalSec=/StartLimitBurst=) is hit and the unit refuses to be started again, use this command to make it startable again.
whoami [PID...]
Added in version 254.
Unit File Commands¶
list-unit-files [PATTERN...]
Unlike list-units this command will list template units in addition to explicitly instantiated units.
Added in version 233.
enable UNIT..., enable PATH...
This command expects either valid unit names (in which case various unit file directories are automatically searched for unit files with appropriate names), or absolute paths to unit files (in which case these files are read directly). If a specified unit file is located outside of the usual unit file directories, an additional symlink is created, linking it into the unit configuration path, thus ensuring it is found when requested by commands such as start. The file system where the linked unit files are located must be accessible when systemd is started (e.g. anything underneath /home/ or /var/ is not allowed, unless those directories are located on the root file system).
This command will print the file system operations executed. This output may be suppressed by passing --quiet.
Note that this operation creates only the symlinks suggested in the [Install] section of the unit files. While this command is the recommended way to manipulate the unit configuration directory, the administrator is free to make additional changes manually by placing or removing symlinks below this directory. This is particularly useful to create configurations that deviate from the suggested default installation. In this case, the administrator must make sure to invoke daemon-reload manually as necessary, in order to ensure the changes are taken into account.
When using this operation on units without install information, a warning about it is shown. --no-warn can be used to suppress the warning.
Enabling units should not be confused with starting (activating) units, as done by the start command. Enabling and starting units is orthogonal: units may be enabled without being started and started without being enabled. Enabling simply hooks the unit into various suggested places (for example, so that the unit is automatically started on boot or when a particular kind of hardware is plugged in). Starting actually spawns the daemon process (in case of service units), or binds the socket (in case of socket units), and so on.
Depending on whether --system, --user, --runtime, or --global is specified, this enables the unit for the system, for the calling user only, for only this boot of the system, or for all future logins of all users. Note that in the last case, no systemd daemon configuration is reloaded.
Using enable on masked units is not supported and results in an error.
disable UNIT...
This command expects valid unit names only, it does not accept paths to unit files.
In addition to the units specified as arguments, all units are disabled that are listed in the Also= setting contained in the [Install] section of any of the unit files being operated on.
This command implicitly reloads the system manager configuration after completing the operation. Note that this command does not implicitly stop the units that are being disabled. If this is desired, either combine this command with the --now switch, or invoke the stop command with appropriate arguments later.
This command will print information about the file system operations (symlink removals) executed. This output may be suppressed by passing --quiet.
If a unit gets disabled but its triggering units are still active, a warning containing the names of the triggering units is shown. --no-warn can be used to suppress the warning.
When this command is used with --user, the units being operated on might still be enabled in global scope, and thus get started automatically even after a successful disablement in user scope. In this case, a warning about it is shown, which can be suppressed using --no-warn.
This command honors --system, --user, --runtime, --global and --no-warn in a similar way as enable.
Added in version 238.
reenable UNIT...
Added in version 238.
preset UNIT...
Use --preset-mode= to control whether units shall be enabled and disabled, or only enabled, or only disabled.
If the unit carries no install information, it will be silently ignored by this command. UNIT must be the real unit name, any alias names are ignored silently.
For more information on the preset policy format, see systemd.preset(5).
Added in version 238.
preset-all
Use --preset-mode= to control whether units shall be enabled and disabled, or only enabled, or only disabled.
Added in version 215.
is-enabled UNIT...
Table 3. is-enabled output
Name | Description | Exit Code |
"enabled" | Enabled via .wants/, .requires/ or Alias= symlinks (permanently in /etc/systemd/system/, or transiently in /run/systemd/system/). | 0 |
"enabled-runtime" | ||
"linked" | Made available through one or more symlinks to the unit file (permanently in /etc/systemd/system/ or transiently in /run/systemd/system/), even though the unit file might reside outside of the unit file search path. | > 0 |
"linked-runtime" | ||
"alias" | The name is an alias (symlink to another unit file). | 0 |
"masked" | Completely disabled, so that any start operation on it fails (permanently in /etc/systemd/system/ or transiently in /run/systemd/systemd/). | > 0 |
"masked-runtime" | ||
"static" | The unit file is not enabled, and has no provisions for enabling in the [Install] unit file section. | 0 |
"indirect" | The unit file itself is not enabled, but it has a non-empty Also= setting in the [Install] unit file section, listing other unit files that might be enabled, or it has an alias under a different name through a symlink that is not specified in Also=. For template unit files, an instance different than the one specified in DefaultInstance= is enabled. | 0 |
"disabled" | The unit file is not enabled, but contains an [Install] section with installation instructions. | > 0 |
"generated" | The unit file was generated dynamically via a generator tool. See systemd.generator(7). Generated unit files may not be enabled, they are enabled implicitly by their generator. | 0 |
"transient" | The unit file has been created dynamically with the runtime API. Transient units may not be enabled. | 0 |
"bad" | The unit file is invalid or another error occurred. Note that is-enabled will not actually return this state, but print an error message instead. However the unit file listing printed by list-unit-files might show it. | > 0 |
"not-found" | The unit file doesn't exist. | 4 |
Added in version 238.
mask UNIT...
Note that this will create a symlink under the unit's name in /etc/systemd/system/ (in case --runtime is not specified) or /run/systemd/system/ (in case --runtime is specified). If a matching unit file already exists under these directories this operation will hence fail. This means that the operation is primarily useful to mask units shipped by the vendor (as those are shipped in /usr/lib/systemd/system/ and not the aforementioned two directories), but typically doesn't work for units created locally (as those are typically placed precisely in the two aforementioned directories). Similar restrictions apply for --user mode, in which case the directories are below the user's home directory however.
If a unit gets masked but its triggering units are still active, a warning containing the names of the triggering units is shown. --no-warn can be used to suppress the warning.
Added in version 238.
unmask UNIT...
Added in version 238.
link PATH...
Added in version 233.
revert UNIT...
Effectively, this command may be used to undo all changes made with systemctl edit, systemctl set-property and systemctl mask and puts the original unit file with its settings back in effect.
Added in version 230.
add-wants TARGET UNIT..., add-requires TARGET UNIT...
This command honors --system, --user, --runtime and --global in a way similar to enable.
Added in version 217.
edit UNIT...
Depending on whether --system (the default), --user, or --global is specified, this command will operate on the system unit files, unit files for the calling user, or the unit files shared between all users.
The editor (see the "Environment" section below) is invoked on temporary files which will be written to the real location if the editor exits successfully. After the editing is finished, configuration is reloaded, equivalent to systemctl daemon-reload --system or systemctl daemon-reload --user. For edit --global, the reload is not performed and the edits will take effect only for subsequent logins (or after a reload is requested in a different way).
If --full is specified, a replacement for the main unit file will be created or edited. Otherwise, a drop-in file will be created or edited.
If --drop-in= is specified, the given drop-in file name will be used instead of the default override.conf.
The unit must exist, i.e. its main unit file must be present. If --force is specified, this requirement is ignored and a new unit may be created (with --full), or a drop-in for a nonexistent unit may be created.
If --runtime is specified, the changes will be made temporarily in /run/ and they will be lost on the next reboot.
If --stdin is specified, the new contents will be read from standard input. In this mode, the old contents of the file are discarded.
If the temporary file is empty upon exit, the modification of the related unit is canceled.
Note that this command cannot be used to remotely edit units and that you cannot temporarily edit units which are in /etc/, since they take precedence over /run/.
Added in version 218.
get-default
Added in version 205.
set-default TARGET
Added in version 205.
Machine Commands¶
list-machines [PATTERN...]
Added in version 212.
Job Commands¶
list-jobs [PATTERN...]
When combined with --after or --before the list is augmented with information on which other job each job is waiting for, and which other jobs are waiting for it, see above.
Added in version 233.
cancel [JOB...]
Added in version 233.
Environment Commands¶
systemd supports an environment block that is passed to processes the manager spawns. The names of the variables can contain ASCII letters, digits, and the underscore character. Variable names cannot be empty or start with a digit. In variable values, most characters are allowed, but the whole sequence must be valid UTF-8. (Note that control characters like newline (NL), tab (TAB), or the escape character (ESC), are valid ASCII and thus valid UTF-8). The total length of the environment block is limited to _SC_ARG_MAX value defined by sysconf(3).
show-environment
Note that this shows the effective block, i.e. the combination of environment variables configured via configuration files, environment generators and via IPC (i.e. via the set-environment described below). At the moment a unit process is forked off this combined environment block will be further combined with per-unit environment variables, which are not visible in this command.
set-environment VARIABLE=VALUE...
Note that this operates on an environment block separate from the environment block configured from service manager configuration and environment generators. Whenever a process is invoked the two blocks are combined (also incorporating any per-service environment variables), and passed to it. The show-environment verb will show the combination of the blocks, see above.
Added in version 233.
unset-environment VARIABLE...
Note that this operates on an environment block separate from the environment block configured from service manager configuration and environment generators. Whenever a process is invoked the two blocks are combined (also incorporating any per-service environment variables), and passed to it. The show-environment verb will show the combination of the blocks, see above. Note that this means this command cannot be used to unset environment variables defined in the service manager configuration files or via generators.
Added in version 233.
import-environment VARIABLE...
Importing of the full inherited environment block (calling this command without any arguments) is deprecated. A shell will set dozens of variables which only make sense locally and are only meant for processes which are descendants of the shell. Such variables in the global environment block are confusing to other processes.
Added in version 209.
Manager State Commands¶
daemon-reload
This command should not be confused with the reload command.
daemon-reexec
log-level [LEVEL]
Added in version 244.
log-target [TARGET]
Added in version 244.
service-watchdogs [yes|no]
Added in version 244.
System Commands¶
is-system-running
Use --wait to wait until the boot process is completed before printing the current state and returning the appropriate error status. If --wait is in use, states initializing or starting will not be reported, instead the command will block until a later state (such as running or degraded) is reached.
Table 4. is-system-running output
Name | Description | Exit Code |
initializing | Early bootup, before basic.target is reached or the maintenance state entered. | > 0 |
starting | Late bootup, before the job queue becomes idle for the first time, or one of the rescue targets are reached. | > 0 |
running | The system is fully operational. | 0 |
degraded | The system is operational but one or more units failed. | > 0 |
maintenance | The rescue or emergency target is active. | > 0 |
stopping | The manager is shutting down. | > 0 |
offline | The manager is not running. Specifically, this is the operational state if an incompatible program is running as system manager (PID 1). | > 0 |
unknown | The operational state could not be determined, due to lack of resources or another error cause. | > 0 |
Added in version 215.
default
rescue
emergency
halt
If combined with --force, shutdown of all running services is skipped, however all processes are killed and all file systems are unmounted or mounted read-only, immediately followed by the system halt. If --force is specified twice, the operation is immediately executed without terminating any processes or unmounting any file systems. This may result in data loss. Note that when --force is specified twice the halt operation is executed by systemctl itself, and the system manager is not contacted. This means the command should succeed even when the system manager has crashed.
If combined with --when=, shutdown will be scheduled after the given timestamp. And --when=cancel will cancel the shutdown.
poweroff
This command honors --force and --when= in a similar way as halt.
reboot
This command mostly equivalent to systemctl start reboot.target --job-mode=replace-irreversibly --no-block, but also prints a wall message to all users. This command is asynchronous; it will return after the reboot operation is enqueued, without waiting for it to complete.
If the switch --reboot-argument= is given, it will be passed as the optional argument to the reboot(2) system call.
Options --boot-loader-entry=, --boot-loader-menu=, and --firmware-setup can be used to select what to do after the reboot. See the descriptions of those options for details.
This command honors --force and --when= in a similar way as halt.
If a new kernel has been loaded via kexec --load, a kexec will be performed instead of a reboot, unless "SYSTEMCTL_SKIP_AUTO_KEXEC=1" has been set. If a new root file system has been set up on "/run/nextroot/", a soft-reboot will be performed instead of a reboot, unless "SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT=1" has been set.
Added in version 246.
kexec
To load a kernel, an enumeration is performed following the Boot Loader Specification[1], and the default boot entry is loaded. For this step to succeed, the system must be using UEFI and the boot loader entries must be configured appropriately. bootctl list may be used to list boot entries, see bootctl(1).
This command is asynchronous; it will return after the reboot operation is enqueued, without waiting for it to complete.
This command honors --force and --when= similarly to halt.
If a new kernel has been loaded via kexec --load, a kexec will be performed when reboot is invoked, unless "SYSTEMCTL_SKIP_AUTO_KEXEC=1" has been set.
soft-reboot
This command honors --force and --when= in a similar way as halt.
This operation only reboots userspace, leaving the kernel running. See systemd-soft-reboot.service(8) for details.
If a new root file system has been set up on "/run/nextroot/", a soft-reboot will be performed when reboot is invoked, unless "SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT=1" has been set.
Added in version 254.
exit [EXIT_CODE]
The service manager will exit with the specified exit code, if EXIT_CODE is passed.
Added in version 227.
switch-root [ROOT [INIT]]
Added in version 209.
sleep
Added in version 256.
suspend
If --force is specified, and systemd-logind returned error for the operation, the error will be ignored and the operation will be tried again directly through starting the target unit.
hibernate
This command honors --force in the same way as suspend.
hybrid-sleep
This command honors --force in the same way as suspend.
Added in version 196.
suspend-then-hibernate
This command honors --force in the same way as suspend.
Added in version 240.
Parameter Syntax¶
Unit commands listed above take either a single unit name (designated as UNIT), or multiple unit specifications (designated as PATTERN...). In the first case, the unit name with or without a suffix must be given. If the suffix is not specified (unit name is "abbreviated"), systemctl will append a suitable suffix, ".service" by default, and a type-specific suffix in case of commands which operate only on specific unit types. For example,
# systemctl start sshd
and
# systemctl start sshd.service
are equivalent, as are
# systemctl isolate default
and
# systemctl isolate default.target
Note that (absolute) paths to device nodes are automatically converted to device unit names, and other (absolute) paths to mount unit names.
# systemctl status /dev/sda # systemctl status /home
are equivalent to:
# systemctl status dev-sda.device # systemctl status home.mount
In the second case, shell-style globs will be matched against the primary names of all units currently in memory; literal unit names, with or without a suffix, will be treated as in the first case. This means that literal unit names always refer to exactly one unit, but globs may match zero units and this is not considered an error.
Glob patterns use fnmatch(3), so normal shell-style globbing rules are used, and "*", "?", "[]" may be used. See glob(7) for more details. The patterns are matched against the primary names of units currently in memory, and patterns which do not match anything are silently skipped. For example:
# systemctl stop "sshd@*.service"
will stop all sshd@.service instances. Note that alias names of units, and units that aren't in memory are not considered for glob expansion.
For unit file commands, the specified UNIT should be the name of the unit file (possibly abbreviated, see above), or the absolute path to the unit file:
# systemctl enable foo.service
or
# systemctl link /path/to/foo.service
OPTIONS¶
The following options are understood:
-t, --type=
As a special case, if one of the arguments is help, a list of allowed values will be printed and the program will exit.
--state=
As a special case, if one of the arguments is help, a list of allowed values will be printed and the program will exit.
Added in version 206.
-p, --property=
For the manager itself, systemctl show will show all available properties, most of which are derived or closely match the options described in systemd-system.conf(5).
Properties for units vary by unit type, so showing any unit (even a non-existent one) is a way to list properties pertaining to this type. Similarly, showing any job will list properties pertaining to all jobs. Properties for units are documented in systemd.unit(5), and the pages for individual unit types systemd.service(5), systemd.socket(5), etc.
-P
Added in version 246.
-a, --all
To list all units installed in the file system, use the list-unit-files command instead.
When listing units with list-dependencies, recursively show dependencies of all dependent units (by default only dependencies of target units are shown).
When used with status, show journal messages in full, even if they include unprintable characters or are very long. By default, fields with unprintable characters are abbreviated as "blob data". (Note that the pager may escape unprintable characters again.)
-r, --recursive
Added in version 212.
--reverse
Added in version 203.
--after
Note that any After= dependency is automatically mirrored to create a Before= dependency. Temporal dependencies may be specified explicitly, but are also created implicitly for units which are WantedBy= targets (see systemd.target(5)), and as a result of other directives (for example RequiresMountsFor=). Both explicitly and implicitly introduced dependencies are shown with list-dependencies.
When passed to the list-jobs command, for each printed job show which other jobs are waiting for it. May be combined with --before to show both the jobs waiting for each job as well as all jobs each job is waiting for.
Added in version 203.
--before
When passed to the list-jobs command, for each printed job show which other jobs it is waiting for. May be combined with --after to show both the jobs waiting for each job as well as all jobs each job is waiting for.
Added in version 212.
--with-dependencies
Options --reverse, --after, --before may be used to change what types of dependencies are shown.
Added in version 245.
-l, --full
Also, show installation targets in the output of is-enabled.
--value
Added in version 230.
--show-types
Added in version 202.
--job-mode=
If "fail" is specified and a requested operation conflicts with a pending job (more specifically: causes an already pending start job to be reversed into a stop job or vice versa), cause the operation to fail.
If "replace" (the default) is specified, any conflicting pending job will be replaced, as necessary.
If "replace-irreversibly" is specified, operate like "replace", but also mark the new jobs as irreversible. This prevents future conflicting transactions from replacing these jobs (or even being enqueued while the irreversible jobs are still pending). Irreversible jobs can still be cancelled using the cancel command. This job mode should be used on any transaction which pulls in shutdown.target.
"isolate" is only valid for start operations and causes all other units to be stopped when the specified unit is started. This mode is always used when the isolate command is used.
"flush" will cause all queued jobs to be canceled when the new job is enqueued.
If "ignore-dependencies" is specified, then all unit dependencies are ignored for this new job and the operation is executed immediately. If passed, no required units of the unit passed will be pulled in, and no ordering dependencies will be honored. This is mostly a debugging and rescue tool for the administrator and should not be used by applications.
"ignore-requirements" is similar to "ignore-dependencies", but only causes the requirement dependencies to be ignored, the ordering dependencies will still be honored.
"triggering" may only be used with systemctl stop. In this mode, the specified unit and any active units that trigger it are stopped. See the discussion of Triggers= in systemd.unit(5) for more information about triggering units.
"restart-dependencies" may only be used with systemctl start. In this mode, dependencies of the specified unit will receive restart propagation, as if a restart job had been enqueued for the unit.
Added in version 209.
-T, --show-transaction
Added in version 242.
--fail
When used with the kill command, if no units were killed, the operation results in an error.
Added in version 227.
--check-inhibitors=
Applications can establish inhibitor locks to prevent certain important operations (such as CD burning) from being interrupted by system shutdown or sleep. Any user may take these locks and privileged users may override these locks. If any locks are taken, shutdown and sleep state requests will normally fail (unless privileged). However, if "no" is specified or "auto" is specified on a non-interactive requests, the operation will be attempted. If locks are present, the operation may require additional privileges.
Option --force provides another way to override inhibitors.
Added in version 248.
-i
Added in version 198.
--dry-run
Added in version 236.
-q, --quiet
--no-warn
Added in version 253.
--no-block
--wait
When used with is-system-running, wait until the boot process is completed before returning.
When used with kill, wait until the signalled units terminate. Note that this will wait forever if any given unit never terminates.
Added in version 232.
--user
--system
--failed
Added in version 233.
--no-wall
--global
--no-reload
--no-ask-password
--kill-whom=
Added in version 252.
--kill-value=INT
If this option is used the signal will only be enqueued on the control or main process of the unit, never on other processes belonging to the unit, i.e. --kill-whom=all will only affect main and control processes but no other processes.
Added in version 254.
-s, --signal=
The special value "help" will list the known values and the program will exit immediately, and the special value "list" will list known values along with the numerical signal numbers and the program will exit immediately.
--what=
Added in version 243.
-f, --force
When used with edit, create all of the specified units which do not already exist.
When used with suspend, hibernate, hybrid-sleep, or suspend-then-hibernate, the error returned by systemd-logind will be ignored, and the operation will be performed directly through starting the corresponding units.
When used with halt, poweroff, reboot, or kexec, execute the selected operation without shutting down all units. However, all processes will be killed forcibly and all file systems are unmounted or remounted read-only. This is hence a drastic but relatively safe option to request an immediate reboot. If --force is specified twice for these operations (with the exception of kexec), they will be executed immediately, without terminating any processes or unmounting any file systems.
Warning
Specifying --force twice with any of these operations might result in data loss. Note that when --force is specified twice the selected operation is executed by systemctl itself, and the system manager is not contacted. This means the command should succeed even when the system manager has crashed.
--message=
Added in version 225.
--now
Added in version 220.
--root=
--image=image
Added in version 252.
--image-policy=policy
--runtime
Similarly, when used with set-property, make changes only temporarily, so that they are lost on the next reboot.
--preset-mode=
Added in version 215.
-n, --lines=
-o, --output=
--firmware-setup
Added in version 220.
--boot-loader-menu=timeout
Added in version 242.
--boot-loader-entry=ID
Added in version 242.
--reboot-argument=
Added in version 246.
--plain
Added in version 203.
--timestamp=
pretty (this is the default)
Added in version 248.
unix
Added in version 251.
us, μs
Added in version 248.
utc
Added in version 248.
us+utc, μs+utc
Added in version 248.
Added in version 247.
--mkdir
Added in version 248.
--marked
Unless --no-block is used, systemctl will wait for the queued jobs to finish.
Added in version 248.
--read-only
Added in version 248.
--drop-in=NAME
Added in version 253.
--when=
Added in version 254.
--stdin
$ systemctl edit --drop-in=limits.conf --stdin some-service.service <<EOF [Unit] AllowedCPUs=7,11 EOF
Multiple drop-ins may be "edited" in this mode; the same contents will be written to all of them.
Added in version 256.
-H, --host=
-M, --machine=
-C, --capsule=
Added in version 256.
--no-pager
--legend=BOOL
-h, --help
--version
EXIT STATUS¶
On success, 0 is returned, a non-zero failure code otherwise.
systemctl uses the return codes defined by LSB, as defined in LSB 3.0.0[3].
Table 5. LSB return codes
Value | Description in LSB | Use in systemd |
0 | "program is running or service is OK" | unit is active |
1 | "program is dead and /var/run pid file exists" | unit not failed (used by is-failed) |
2 | "program is dead and /var/lock lock file exists" | unused |
3 | "program is not running" | unit is not active |
4 | "program or service status is unknown" | no such unit |
The mapping of LSB service states to systemd unit states is
imperfect, so it is better to not rely on those return values but to look
for specific unit states and substates instead.
ENVIRONMENT¶
$SYSTEMD_EDITOR
Added in version 218.
$SYSTEMD_LOG_LEVEL
$SYSTEMD_LOG_COLOR
This setting is only useful when messages are written directly to the terminal, because journalctl(1) and other tools that display logs will color messages based on the log level on their own.
$SYSTEMD_LOG_TIME
This setting is only useful when messages are written directly to the terminal or a file, because journalctl(1) and other tools that display logs will attach timestamps based on the entry metadata on their own.
$SYSTEMD_LOG_LOCATION
Note that the log location is often attached as metadata to journal entries anyway. Including it directly in the message text can nevertheless be convenient when debugging programs.
$SYSTEMD_LOG_TARGET
$SYSTEMD_PAGER
Note: if $SYSTEMD_PAGERSECURE is not set, $SYSTEMD_PAGER (as well as $PAGER) will be silently ignored.
$SYSTEMD_LESS
Users might want to change two options in particular:
K
If the value of $SYSTEMD_LESS does not include "K", and the pager that is invoked is less, Ctrl+C will be ignored by the executable, and needs to be handled by the pager.
X
Note that setting the regular $LESS environment variable has no effect for less invocations by systemd tools.
See less(1) for more discussion.
$SYSTEMD_LESSCHARSET
Note that setting the regular $LESSCHARSET environment variable has no effect for less invocations by systemd tools.
$SYSTEMD_PAGERSECURE
Note: when commands are invoked with elevated privileges, for example under sudo(8) or pkexec(1), care must be taken to ensure that unintended interactive features are not enabled. "Secure" mode for the pager may be enabled automatically as describe above. Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited environment allows the user to invoke arbitrary commands. Note that if the $SYSTEMD_PAGER or $PAGER variables are to be honoured, $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to completely disable the pager using --no-pager instead.
$SYSTEMD_COLORS
$SYSTEMD_URLIFY
SEE ALSO¶
systemd(1), journalctl(1), loginctl(1), machinectl(1), systemd.unit(5), systemd.resource-control(5), systemd.special(7), wall(1), systemd.preset(5), systemd.generator(7), glob(7)
NOTES¶
- 1.
- Boot Loader Specification
- 2.
- Discoverable Partitions Specification
- 3.
- LSB 3.0.0
systemd 256.7 |