systemd¶
What Is It?¶
systemd is the init system and service manager for modern Linux distributions. It manages the boot process, service lifecycle (start, stop, restart, enable), logging via journald, and system targets.
Installation¶
dnf install systemd (pre-installed)
Key Files and Directories¶
| Path | Purpose |
|---|---|
| /etc/systemd/system/ | Custom unit files |
| /usr/lib/systemd/system/ | Package-provided unit files |
| /var/log/journal/ | Journal logs |
Configuration¶
systemd manages services through unit files. Package-provided units live in /usr/lib/systemd/system/. Custom or override units go in /etc/systemd/system/ (which takes precedence).
Minimal Working Configuration¶
A custom service unit file (e.g. /etc/systemd/system/proxy.service for a Flask app):
[Unit]
Description=Python Proxy Service
[Service]
ExecStart=/usr/bin/python3 /usr/local/lib/server.py
Environment=PYTHONUNBUFFERED=1
Restart=on-failure
Type=simple
User=proxy
[Install]
WantedBy=default.target
After creating or modifying a unit file:
systemctl daemon-reload # Reload unit file definitions
systemctl start proxy # Start the service
systemctl enable proxy # Start automatically on boot
Important Directives¶
[Unit] section:
Description- Human-readable description of the service.
After/Before- Ordering dependencies.
After=network.targetmeans start after networking is up. Requires/Wants- Dependency relationships.
Requiresis hard (failure propagates);Wantsis soft.
[Service] section:
ExecStart- The command to run when the service starts. Must be an absolute path.
Type- How systemd determines the service is ready.
simple(default) — the process itself is the service.forking— the process forks and the parent exits. User/Group- Run the service as a specific user/group instead of root.
Restart- When to restart:
on-failure,always,no.on-failurerestarts only on non-zero exit codes. Environment- Set environment variables for the service process.
WorkingDirectory- Set the working directory before executing the command.
[Install] section:
WantedBy- Which target pulls in this service.
default.targetfor general services,multi-user.targetfor server environments.
Common Commands¶
# Service lifecycle
systemctl start <service>
systemctl stop <service>
systemctl restart <service>
systemctl reload <service> # Reload config without restart (if supported)
# Enable/disable auto-start on boot
systemctl enable <service>
systemctl disable <service>
# Check status
systemctl status <service>
systemctl is-active <service>
systemctl is-enabled <service>
# List all services
systemctl list-units --type=service
systemctl list-units --type=service --state=running
# Reload unit files after changes
systemctl daemon-reload
# View unit file contents
systemctl cat <service>
# Edit a unit file (creates override)
systemctl edit <service>
Logging and Debugging¶
systemd includes journald, a structured logging system that captures stdout/stderr from all services.
# View logs for a specific service
journalctl -u <service>
# Follow logs in real time
journalctl -u <service> -f
# Show recent entries
journalctl -u <service> -n 50
# Show logs since last boot
journalctl -u <service> -b
# Show logs in reverse order (newest first)
journalctl -r -u <service>
# Filter by time
journalctl -u <service> --since "2024-03-01 10:00" --until "2024-03-01 12:00"
Troubleshooting checklist:
systemctl status <service>— shows active state, PID, and recent log linesjournalctl -u <service> -n 30— recent log entriessystemctl cat <service>— verify unit file contentssystemctl daemon-reload— if you edited a unit file- Check
ExecStartpath and permissions — must be absolute, user must have execute permission
Security Considerations¶
- Dedicated service users: Always set
User=to a non-root account for application services. This limits damage if the service is compromised. Restart=on-failure: Ensures crashed services recover automatically, but avoidRestart=alwaysfor services that crash in a loop (useRestartSec=to add delay).ProtectSystem=/ProtectHome=: systemd can restrict filesystem access.ProtectSystem=fullmakes/usrand/etcread-only for the service.- Do not edit files in
/usr/lib/systemd/system/: Package updates will overwrite them. Use/etc/systemd/system/for custom units orsystemctl editfor overrides.
Further Reading¶
- systemd Documentation
- systemd Unit File Reference
- Red Hat — Managing Services with systemd
- journalctl Manual
Related Documentation¶
- Concepts: Configuration Management
- SOPs: Service Management