Imported Upstream version 219

[systemd.git] / man / system.conf.d.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>systemd-system.conf</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
    a.headerlink {
      color: #c60f0f;
      font-size: 0.8em;
      padding: 0 4px 0 4px;
      text-decoration: none;
      visibility: hidden;
    }

    a.headerlink:hover {
      background-color: #c60f0f;
      color: white;
    }

    h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
      visibility: visible;
    }
  </style><a href="index.html">Index </a>·
  <a href="systemd.directives.html">Directives </a>·
  <a href="../python-systemd/index.html">Python </a>·
  <a href="../libudev/index.html">libudev </a>·
  <a href="../libudev/index.html">gudev </a><span style="float:right">systemd 219</span><hr><div class="refentry"><a name="systemd-system.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>systemd-system.conf, system.conf.d, systemd-user.conf, user.conf.d — System and session service manager configuration files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/systemd/system.conf</code></p><p><code class="filename">/etc/systemd/system.conf.d/*.conf</code></p><p><code class="filename">/run/systemd/system.conf.d/*.conf</code></p><p><code class="filename">/usr/lib/systemd/system.conf.d/*.conf</code></p><p><code class="filename">/etc/systemd/user.conf</code></p><p><code class="filename">/etc/systemd/user.conf.d/*.conf</code></p><p><code class="filename">/run/systemd/user.conf.d/*.conf</code></p><p><code class="filename">/usr/lib/systemd/user.conf.d/*.conf</code></p></div><div class="refsect1"><a name="idm140311371378672"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p>When run as a system instance, systemd interprets the
    configuration file <code class="filename">system.conf</code> and the files
    in <code class="filename">system.conf.d</code> directories; when run as a
    user instance, systemd interprets the configuration file
    <code class="filename">user.conf</code> and the files in
    <code class="filename">user.conf.d</code> directories. These configuration
    files contain a few settings controlling basic manager
    operations.</p></div><div class="refsection"><a name="confd"></a><h2>Configuration Directories and Precedence</h2><p>Configuration files are read from directories in
    <code class="filename">/etc/</code>, <code class="filename">/run/</code>, and
    <code class="filename">/usr/lib/</code>, in order of precedence.
    Each configuration file in these configuration directories shall be named in
    the style of <code class="filename"><em class="replaceable"><code>filename</code></em>.conf</code>.
    Files in <code class="filename">/etc/</code> override files with the same name in
    <code class="filename">/run/</code> and <code class="filename">/usr/lib/</code>. Files in
    <code class="filename">/run/</code> override files with the same name in
    <code class="filename">/usr/lib/</code>.</p><p>Packages should install their configuration files in
    <code class="filename">/usr/lib/</code>. Files in <code class="filename">/etc/</code> are
    reserved for the local administrator, who may use this logic to override the
    configuration files installed by vendor packages. All configuration files
    are sorted by their filename in lexicographic order, regardless of which of
    the directories they reside in. If multiple files specify the same option,
    the entry in the file with the lexicographically latest name will take
    precedence. It is recommended to prefix all filenames with a two-digit number
    and a dash, to simplify the ordering of the files.</p><p>If the administrator wants to disable a configuration file supplied by
    the vendor, the recommended way is to place a symlink to
    <code class="filename">/dev/null</code> in the configuration directory in
    <code class="filename">/etc/</code>, with the same filename as the vendor
    configuration file.</p></div><div class="refsection"><a name="conf"></a><h2>Configuration File</h2><p>Configuration is also read from a single configuration file in
    <code class="filename">/etc/</code>. This file is read before any of the
    configuration directories, and has the lowest precedence; entries in a file
    in any configuration directory override entries in the single configuration
    file.</p></div><div class="refsect1"><a name="idm140311371372688"></a><h2 id="Options">Options<a class="headerlink" title="Permalink to this headline" href="#Options">¶</a></h2><p>All options are configured in the
    "<code class="literal">[Manager]</code>" section:</p><div class="variablelist"><dl class="variablelist"><dt id="LogLevel="><span class="term"><code class="varname">LogLevel=</code>, </span><span class="term"><code class="varname">LogTarget=</code>, </span><span class="term"><code class="varname">LogColor=</code>, </span><span class="term"><code class="varname">LogLocation=</code>, </span><span class="term"><code class="varname">DumpCore=yes</code>, </span><span class="term"><code class="varname">CrashShell=no</code>, </span><span class="term"><code class="varname">ShowStatus=yes</code>, </span><span class="term"><code class="varname">CrashChVT=1</code>, </span><span class="term"><code class="varname">DefaultStandardOutput=journal</code>, </span><span class="term"><code class="varname">DefaultStandardError=inherit</code></span><a class="headerlink" title="Permalink to this term" href="#LogLevel=">¶</a></dt><dd><p>Configures various parameters of basic manager
        operation. These options may be overridden by the respective
        command line arguments. See
        <a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>
        for details about these command line
        arguments.</p></dd><dt id="CPUAffinity="><span class="term"><code class="varname">CPUAffinity=</code></span><a class="headerlink" title="Permalink to this term" href="#CPUAffinity=">¶</a></dt><dd><p>Configures the initial CPU affinity for the
        init process. Takes a space-separated list of CPU
        indices.</p></dd><dt id="JoinControllers=cpu,cpuacct net_cls,netprio"><span class="term"><code class="varname">JoinControllers=cpu,cpuacct net_cls,netprio</code></span><a class="headerlink" title="Permalink to this term" href="#JoinControllers=cpu,cpuacct%20net_cls,netprio">¶</a></dt><dd><p>Configures controllers that shall be mounted
        in a single hierarchy. By default, systemd will mount all
        controllers which are enabled in the kernel in individual
        hierarchies, with the exception of those listed in this
        setting. Takes a space-separated list of comma-separated
        controller names, in order to allow multiple joined
        hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string
        to ensure that systemd mounts all controllers in separate
        hierarchies.</p><p>Note that this option is only applied once, at very
        early boot. If you use an initial RAM disk (initrd) that uses
        systemd, it might hence be necessary to rebuild the initrd if
        this option is changed, and make sure the new configuration
        file is included in it. Otherwise, the initrd might mount the
        controller hierarchies in a different configuration than
        intended, and the main system cannot remount them
        anymore.</p></dd><dt id="RuntimeWatchdogSec="><span class="term"><code class="varname">RuntimeWatchdogSec=</code>, </span><span class="term"><code class="varname">ShutdownWatchdogSec=</code></span><a class="headerlink" title="Permalink to this term" href="#RuntimeWatchdogSec=">¶</a></dt><dd><p>Configure the hardware watchdog at runtime and
        at reboot. Takes a timeout value in seconds (or in other time
        units if suffixed with "<code class="literal">ms</code>",
        "<code class="literal">min</code>", "<code class="literal">h</code>",
        "<code class="literal">d</code>", "<code class="literal">w</code>"). If
        <code class="varname">RuntimeWatchdogSec=</code> is set to a non-zero
        value, the watchdog hardware
        (<code class="filename">/dev/watchdog</code>) will be programmed to
        automatically reboot the system if it is not contacted within
        the specified timeout interval. The system manager will ensure
        to contact it at least once in half the specified timeout
        interval. This feature requires a hardware watchdog device to
        be present, as it is commonly the case in embedded and server
        systems. Not all hardware watchdogs allow configuration of the
        reboot timeout, in which case the closest available timeout is
        picked. <code class="varname">ShutdownWatchdogSec=</code> may be used to
        configure the hardware watchdog when the system is asked to
        reboot. It works as a safety net to ensure that the reboot
        takes place even if a clean reboot attempt times out. By
        default <code class="varname">RuntimeWatchdogSec=</code> defaults to 0
        (off), and <code class="varname">ShutdownWatchdogSec=</code> to 10min.
        These settings have no effect if a hardware watchdog is not
        available.</p></dd><dt id="CapabilityBoundingSet="><span class="term"><code class="varname">CapabilityBoundingSet=</code></span><a class="headerlink" title="Permalink to this term" href="#CapabilityBoundingSet=">¶</a></dt><dd><p>Controls which capabilities to include in the
        capability bounding set for PID 1 and its children. See
        <a href="http://man7.org/linux/man-pages/man7/capabilities.7.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
        for details. Takes a whitespace-separated list of capability
        names as read by
        <a href="cap_from_name.html"><span class="citerefentry"><span class="refentrytitle">cap_from_name</span>(3)</span></a>.
        Capabilities listed will be included in the bounding set, all
        others are removed. If the list of capabilities is prefixed
        with ~, all but the listed capabilities will be included, the
        effect of the assignment inverted. Note that this option also
        affects the respective capabilities in the effective,
        permitted and inheritable capability sets. The capability
        bounding set may also be individually configured for units
        using the <code class="varname">CapabilityBoundingSet=</code> directive
        for units, but note that capabilities dropped for PID 1 cannot
        be regained in individual units, they are lost for
        good.</p></dd><dt id="SystemCallArchitectures="><span class="term"><code class="varname">SystemCallArchitectures=</code></span><a class="headerlink" title="Permalink to this term" href="#SystemCallArchitectures=">¶</a></dt><dd><p>Takes a space-separated list of architecture
        identifiers. Selects from which architectures system calls may
        be invoked on this system. This may be used as an effective
        way to disable invocation of non-native binaries system-wide,
        for example to prohibit execution of 32-bit x86 binaries on
        64-bit x86-64 systems. This option operates system-wide, and
        acts similar to the
        <code class="varname">SystemCallArchitectures=</code> setting of unit
        files, see
        <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>
        for details. This setting defaults to the empty list, in which
        case no filtering of system calls based on architecture is
        applied. Known architecture identifiers are
        "<code class="literal">x86</code>", "<code class="literal">x86-64</code>",
        "<code class="literal">x32</code>", "<code class="literal">arm</code>" and the special
        identifier "<code class="literal">native</code>". The latter implicitly
        maps to the native architecture of the system (or more
        specifically, the architecture the system manager was compiled
        for). Set this setting to "<code class="literal">native</code>" to
        prohibit execution of any non-native binaries. When a binary
        executes a system call of an architecture that is not listed
        in this setting, it will be immediately terminated with the
        SIGSYS signal.</p></dd><dt id="TimerSlackNSec="><span class="term"><code class="varname">TimerSlackNSec=</code></span><a class="headerlink" title="Permalink to this term" href="#TimerSlackNSec=">¶</a></dt><dd><p>Sets the timer slack in nanoseconds for PID 1,
        which is inherited by all executed processes, unless
        overridden individually, for example with the
        <code class="varname">TimerSlackNSec=</code> setting in service units
        (for details see
        <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>).
        The timer slack controls the accuracy of wake-ups triggered by
        system timers. See
        <a href="http://man7.org/linux/man-pages/man2/prctl.2.html"><span class="citerefentry"><span class="refentrytitle">prctl</span>(2)</span></a>
        for more information. Note that in contrast to most other time
        span definitions this parameter takes an integer value in
        nano-seconds if no unit is specified. The usual time units are
        understood too.</p></dd><dt id="DefaultTimerAccuracySec="><span class="term"><code class="varname">DefaultTimerAccuracySec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimerAccuracySec=">¶</a></dt><dd><p>Sets the default accuracy of timer units. This
        controls the global default for the
        <code class="varname">AccuracySec=</code> setting of timer units, see
        <a href="systemd.timer.html"><span class="citerefentry"><span class="refentrytitle">systemd.timer</span>(5)</span></a>
        for details. <code class="varname">AccuracySec=</code> set in individual
        units override the global default for the specific unit.
        Defaults to 1min. Note that the accuracy of timer units is
        also affected by the configured timer slack for PID 1, see
        <code class="varname">TimerSlackNSec=</code> above.</p></dd><dt id="DefaultTimeoutStartSec="><span class="term"><code class="varname">DefaultTimeoutStartSec=</code>, </span><span class="term"><code class="varname">DefaultTimeoutStopSec=</code>, </span><span class="term"><code class="varname">DefaultRestartSec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimeoutStartSec=">¶</a></dt><dd><p>Configures the default timeouts for starting
        and stopping of units, as well as the default time to sleep
        between automatic restarts of units, as configured per-unit in
        <code class="varname">TimeoutStartSec=</code>,
        <code class="varname">TimeoutStopSec=</code> and
        <code class="varname">RestartSec=</code> (for services, see
        <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
        for details on the per-unit settings). For non-service units,
        <code class="varname">DefaultTimeoutStartSec=</code> sets the default
        <code class="varname">TimeoutSec=</code> value. </p></dd><dt id="DefaultStartLimitInterval="><span class="term"><code class="varname">DefaultStartLimitInterval=</code>, </span><span class="term"><code class="varname">DefaultStartLimitBurst=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultStartLimitInterval=">¶</a></dt><dd><p>Configure the default unit start rate
        limiting, as configured per-service by
        <code class="varname">StartLimitInterval=</code> and
        <code class="varname">StartLimitBurst=</code>. See
        <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
        for details on the per-service settings.</p></dd><dt id="DefaultEnvironment="><span class="term"><code class="varname">DefaultEnvironment=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultEnvironment=">¶</a></dt><dd><p>Sets manager environment variables passed to
        all executed processes. Takes a space-separated list of
        variable assignments. See
        <a href="http://man7.org/linux/man-pages/man7/environ.7.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>
        for details about environment variables.</p><p>Example:

        </p><pre class="programlisting">DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</pre><p>

        Sets three variables
        "<code class="literal">VAR1</code>",
        "<code class="literal">VAR2</code>",
        "<code class="literal">VAR3</code>".</p></dd><dt id="DefaultCPUAccounting="><span class="term"><code class="varname">DefaultCPUAccounting=</code>, </span><span class="term"><code class="varname">DefaultBlockIOAccounting=</code>, </span><span class="term"><code class="varname">DefaultMemoryAccounting=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultCPUAccounting=">¶</a></dt><dd><p>Configure the default resource accounting
        settings, as configured per-unit by
        <code class="varname">CPUAccounting=</code>,
        <code class="varname">BlockIOAccounting=</code> and
        <code class="varname">MemoryAccounting=</code>. See
        <a href="systemd.resource-control.html"><span class="citerefentry"><span class="refentrytitle">systemd.resource-control</span>(5)</span></a>
        for details on the per-unit settings.</p></dd><dt id="DefaultLimitCPU="><span class="term"><code class="varname">DefaultLimitCPU=</code>, </span><span class="term"><code class="varname">DefaultLimitFSIZE=</code>, </span><span class="term"><code class="varname">DefaultLimitDATA=</code>, </span><span class="term"><code class="varname">DefaultLimitSTACK=</code>, </span><span class="term"><code class="varname">DefaultLimitCORE=</code>, </span><span class="term"><code class="varname">DefaultLimitRSS=</code>, </span><span class="term"><code class="varname">DefaultLimitNOFILE=</code>, </span><span class="term"><code class="varname">DefaultLimitAS=</code>, </span><span class="term"><code class="varname">DefaultLimitNPROC=</code>, </span><span class="term"><code class="varname">DefaultLimitMEMLOCK=</code>, </span><span class="term"><code class="varname">DefaultLimitLOCKS=</code>, </span><span class="term"><code class="varname">DefaultLimitSIGPENDING=</code>, </span><span class="term"><code class="varname">DefaultLimitMSGQUEUE=</code>, </span><span class="term"><code class="varname">DefaultLimitNICE=</code>, </span><span class="term"><code class="varname">DefaultLimitRTPRIO=</code>, </span><span class="term"><code class="varname">DefaultLimitRTTIME=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultLimitCPU=">¶</a></dt><dd><p>These settings control various default
        resource limits for units. See
        <a href="http://man7.org/linux/man-pages/man2/setrlimit.2.html"><span class="citerefentry"><span class="refentrytitle">setrlimit</span>(2)</span></a>
        for details. Use the string <code class="varname">infinity</code> to
        configure no limit on a specific resource. These settings may
        be overridden in individual units using the corresponding
        LimitXXX= directives. Note that these resource limits are only
        defaults for units, they are not applied to PID 1
        itself.</p></dd></dl></div></div><div class="refsect1"><a name="idm140311370277552"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p>
        <a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
        <a href="systemd.directives.html"><span class="citerefentry"><span class="refentrytitle">systemd.directives</span>(7)</span></a>,
        <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>,
        <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>,
        <a href="http://man7.org/linux/man-pages/man7/environ.7.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>,
        <a href="http://man7.org/linux/man-pages/man7/capabilities.7.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
      </p></div></div></body></html>