Systemd

Systemd

= ("[Website](" + this.website + ")") | = ("[Github](" + this.github + ")") | = ("[Documentation](" + this.docs + ")")

Commands

• List units and unit files

systemctl list-units [--all]
systemctl list-unit-files [--type=service (mount,...)] [--state=enabled]
systemctl status
systemctl is-active

• analyse boot as plot to analyse startup process and to examine dependencies

systemd-analyze plot

[!info]- Example plot

Virtualisation and Containerisation

The package systemd-container includes tools for management of virtual machines and containers.

machinectl may be used to introspect and control the state of the systemd virtual machine and container registration manager systemd-machined.service

This can be used to impersonate user (e.g. Docker process owner) and will properly give access to sockets etc. required to interact with hypervisors.

machinectl shell --uid=<user id>
# or (empty host after @ defaults to localhost)
machienctl shell <user>@

Service Files

See man systemd.directives for available stanzas.

• Condition and Asserts: “Before the unit is started, systemd will verify that the specified conditions and asserts are true”

Documentation

• Unit configuration
• Service unit configuration
• Exection environment configuration

Security

Hardening systemd - Ubuntu version

Containers

The Systemd package systemd-container brings helpful tools to manage containers, i.e. machinectl. Unlike su this ensures that sockets etc., necessary for container management, are properly addresses.

machinectl shell --uid <user>
# or (@<host> defaults to localhost)
machinectl shell <user>@

References

• Create a Systemd service @linuxhandbook.com
• service guidelines (for packaging) @suse.com
• create a service to run at boot @suse.com
• Controversies and alternatives @howtogeek
• homed: home directory management @howtogeek

Run service as user: []

1. ensure resources such as scripts are readable by user
2. add User=... and Group=... to [Service] section