It has been a while since the last
installment of
my systemd for
Administrators series,
but now with the release of Fedora 15 based on systemd looming, here's
a new episode:
The Three Levels of "Off"
In systemd,
there are three levels of turning off a service (or other unit). Let's
have a look which those are:
-
You can stop a service. That simply terminates the
running instance of the service and does little else. If due to some
form of activation (such as manual activation, socket activation, bus
activation, activation by system boot or activation by hardware plug)
the service is requested again afterwards it will be started. Stopping
a service is hence a very simple, temporary and superficial
operation. Here's an example how to do this for the NTP service:
$ systemctl stop ntpd.service
This is roughly equivalent to the following traditional command which is available on most SysV inspired systems:
$ service ntpd stop
In fact, on Fedora 15, if you execute the latter command it will be transparently converted to the former.
-
You can disable a service. This unhooks a service from
its activation triggers. That means, that depending on your service it
will no longer be activated on boot, by socket or bus activation or by
hardware plug (or any other trigger that applies to it). However, you
can still start it manually if you wish. If there is already a started
instance disabling a service will not have the effect of stopping
it. Here's an example how to disable a service:
$ systemctl disable ntpd.service
On traditional Fedora systems, this is roughly equivalent to the following command:
$ chkconfig ntpd off
And here too, on Fedora 15, the latter command will be
transparently converted to the former, if necessary.
Often you want to combine stopping and disabling a service, to
get rid of the current instance and make sure it is not started again (except when manually triggered):
$ systemctl disable ntpd.service
$ systemctl stop ntpd.service
Commands like this are for example used during package
deinstallation of systemd services on Fedora.
Disabling a service is a permanent change; until you undo it it
will be kept, even across reboots.
-
You can mask a service. This is like disabling a service,
but on steroids. It not only makes sure that service is not started
automatically anymore, but even ensures that a service cannot even be
started manually anymore. This is a bit of a hidden feature in
systemd, since it is not commonly useful and might be confusing the
user. But here's how you do it:
$ ln -s /dev/null /etc/systemd/system/ntpd.service
$ systemctl daemon-reload
By symlinking a service file to /dev/null you tell
systemd to never start the service in question and completely block
its execution. Unit files stored in /etc/systemd/system
override those from /lib/systemd/system that carry the same
name. The former directory is administrator territory, the latter
terroritory of your package manager. By installing your symlink in
/etc/systemd/system/ntpd.service you hence make sure that
systemd will never read the upstream shipped service file
/lib/systemd/system/ntpd.service.
systemd will recognize units symlinked to /dev/null and
show them as masked. If you try to start such a service manually (via
systemctl start for example) this will fail with an
error.
A similar trick on SysV systems does not (officially) exist. However,
there are a few unofficial hacks, such as editing the init script and
placing an exit 0 at the top, or removing its execution
bit. However, these solutions have various drawbacks, for example they
interfere with the package manager.
Masking a service is a permanent change, much like disabling a service.
Now that we learned how to turn off services on three levels,
there's only one question left: how do we turn them on again? Well,
it's quite symmetric. use systemctl start to undo
systemctl stop. Use systemctl enable to undo
systemctl disable and use rm to undo
ln.
And that's all for now. Thank you for your attention!
