update: systemd blanks NetFlix X-D

security problems: non-root to root escalation: https://www.heise.de/security/meldung/System-Down-Drei-Uralt-Luecken-in-Systemd-vereinfachen-Linux-Angriffe-4270673.html

a bit of software philosophy

unix philosophy – keep it small and beautiful.

Despite the fact – that the catholic church claims that it’s pope is „infallible“ – only God and Nobody is perfect (makes no mistakes).

A lot of people would like to be God – but face it – no human being is God – and no human being wants to be a Nobody.

Usually everybody wants to have meaningful relationships with the rest of mankind. Because of that errors are not the exception – they are the rule of whatever humans do.

There is no 100% perfect design, system or software – usually mankind settles with 99% error-free perfection as sufficient enough and goes on to the next task… 

One of systemd’s main goals is to unify basic Linux configurations and service behaviors across all distributions.[6]

If it’s not complicated – it’s not (at least partly) „made in Germany“ 😀

About systemd

the program – that does it all – it will even cook you dinner if you configure it properly.

With great functionality comes great complexity.

apt-cache show systemd

„Description-en: system and service manager systemd is a system and service manager for Linux.

It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic.

systemd is compatible with SysV and LSB init scripts and can work as a drop-in replacement for sysvinit.

Installing the systemd package will not switch your init system unless you boot with init=/bin/systemd or install systemd-sysv in addition.“

Systemd was written by Lennart Poettering, Kay Sievers (Red Hat Inc.) and others in C and released under the GNU Lesser General Public License (LGPL).

While in 2010/2011 Sys-V-Init was replaced by upstart – shortly after – upstart was replaced by systemd – promising faster bootup and less RAM usage – now in 2017 – SUSE12, CENTOS7, Debian8 all use systemd as default initialisator and runlevel-manager.

Btw. runlevels will be renamed to „targets“ in systemd.

So in a short period of time – things changed dramatically.

But well i if you can speed up or simplify (optimize) often (by many users) repeated tasks – the huge effort is worth it.

Because the more often a step is needed/repeated – the more important it is to be optimized and the bigger the productivity gaining effects of that optimization… but first you will need to know what tasks are performed often by your users?

While on servers startup-time might not be sooooo important – on a desktop system – it is pretty nice having an immediate result after pushing the power button.

systemd demystified


Is it a bug – or a feature?

social competence(social skills such as face2face-communication) is a rare good on this planet – and especially in tech-heavy industries such as computers – where people dealing with machines all week long – tend to become themselves – machines. (brain forgets how to verbal speak)

Humans != machines. Humans should have consciousness (hopefully) that allows them to realize „what is the right thing“ and emotions that (hopefully) motivates them – to „do the right thing“ – machines have not yet such features. (CIA investing into quantum computing, Mr Musk investing into AI development)

Without social skills – cooperation between humans declines – without cooperation mankind is fucked.

And Mr Torvalds thinks if you are NOT rude – people won’t understand you. I disagree.

Back in 2014 systemd caused a flodding of kernel.log which caused systems to not boot anymore – Torvalds was pissed.

I would say – this is placed in the area of project-management – especially software-project management.

And as you can read in my article – „how to write perfect software and finish on time“ (not) you will realize – errors are not the exception – they are the rule – and rate of errors increases with complexity (amount of people, features and lines of code).

technical but also concept-errors, design errors so to speak.

so every software company and product needs:

1. simplicity – as simple as possible = easy (fast) to understand and handle/modify/fix
(this is where systemd might not be so great, thus if programs tend to become big, break it down into separate testable modules… or you will never finish the project (compiling and testing takes too much time))

2 people with time-resources and other resources (electricity) and good logic that can focus and stick to a task until it is 99% error free

3. clearly defined goals

4. some form of quality-and-error-management (use-case documentation and automated or manual testing… the boring stuff of software development :-D)

5. time

If not – they believe to be in god-mode – and forget – only nobody is perfect. But who would like to be a nobody?

what could Mr Torvalds improve in his way of communication – what we all should do – no matter how angry you are try:

1. say something positive

2. criticize

and you will be heared. completely without scandals.

back to topic:

systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts include a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. See Lennart’s blog story for a longer introduction, and the three status updates since then. Also see the Wikipedia article. If you are wondering whether systemd is for you, please have a look at this comparison of init systems by one of the creators of systemd.

src: https://freedesktop.org/wiki/Software/systemd/

future changes

systemd provides various interfaces developers and programs might rely on. Starting with version 26 (the first version released with Fedora 15) we promise to keep a number of them stable and compatible for the future.

The stable interfaces are:

  • The unit configuration file format. Unit files written now will stay compatible with future versions of systemd. Extensions to the file format will happen in a way that existing files remain compatible.
  • The command line interface of systemctl, loginctl, journalctl. We will make sure that scripts invoking these commands will continue to work with future versions of systemd. Note however that the output generated by these commands is generally not included in the promise, unless it is documented in the man page. Example: the output of „systemctl status“ is not stable, but the one of „systemctl show“ is, because the former is intended to be human readable and the latter computer readable, and this is documented in the man page.
  • The protocol spoken on the socket referred to by $NOTIFY_SOCKET, as documented in sd_notify(3).
  • Some of the „special“ unit names and their semantics. To be precise the ones that are necessary for normal services, and not those required only for early boot and late shutdown, with very few exceptions. To list them here: basic.target, shutdown.target, sockets.target, network.target, getty.target, graphical.target, multi-user.target, rescue.target, emergency.target, poweroff.target, reboot.target, halt.target, runlevel[1-5].target.
  • For a more comprehensive and authoritative list, consult the Interface Portability And Stability Chart

The following interfaces will not necessarily be kept stable for now, but we will eventually make a stability promise for these interfaces too. In the meantime we will however try to keep breakage of these interfaces at a minimum:

  • The D-Bus interfaces of the main service daemon (!) [ An additional restriction applies here: functionality we consider legacy might not be available based on compile-time options, such as SysV support, libwrap support and similar. Apps should not assume properties and methods related to this functionality are unconditionally available in the D-Bus interfaces. ]
  • The set of states of the various state machines used in systemd, e.g. the high-level unit states inactive, active, deactivating, and so on, as well (and in particular) the low-level per-unit states.
  • All „special“ units that aren’t listed above.

The following interfaces are considered private to systemd, and are not and will not be covered by any stability promise:

  • Undocumented switches to systemd, systemctl and otherwise
  • The internal protocols used on the various sockets such as the sockets /run/systemd/shutdown, /run/systemd/private.

One of the main goals of systemd is to unify basic Linux configurations and service behaviors across all distributions. Systemd project does not contain any distribution-specific parts. Distributions are expected to convert over time their individual configurations to the systemd format, or they will need to carry and maintain patches in their package if they still decide to stay different.

What does this mean for you? When developing with systemd, don’t use any of the latter interfaces – use systemd.

You are welcome to use other interfaces, but if you use any of the second kind (i.e. those where we don’t yet make a stability promise), then make sure to subscribe to our mailing list, where we will announce API changes, and be prepared to update your program eventually.

Note that this is a promise, not an eternal guarantee. These are our intentions, but if in the future there are very good reasons to change or get rid of an interface we have listed above as stable, then we might take the liberty to do so, despite this promise. However, if we do this, then we’ll do our best to provide a smooth and reasonably long transition phase.

src: https://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise/


manpage: systemd.man.txt

/bin/systemd --help

systemd [OPTIONS...]

Starts up and maintains the system or user services.

  -h --help                      Show this help
     --test                      Determine startup sequence, dump it and exit
     --no-pager                  Do not pipe output into a pager
     --dump-configuration-items  Dump understood unit configuration items
     --unit=UNIT                 Set default unit
     --system                    Run a system instance, even if PID != 1
     --user                      Run a user instance
     --dump-core[=BOOL]          Dump core on crash
     --crash-vt=NR               Change to specified VT on crash
     --crash-reboot[=BOOL]       Reboot on crash
     --crash-shell[=BOOL]        Run shell on crash
     --confirm-spawn[=BOOL]      Ask for confirmation when spawning processes
     --show-status[=BOOL]        Show status updates on the console during bootup
     --log-target=TARGET         Set log target (console, journal, kmsg, journal-or-kmsg, null)
     --log-level=LEVEL           Set log level (debug, info, notice, warning, err, crit, alert, emerg)
     --log-color[=BOOL]          Highlight important log messages
     --log-location[=BOOL]       Include code location in log messages
     --default-standard-output=  Set default standard output for services
     --default-standard-error=   Set default standard error output for services

startup speed analyzed

manpage: systemd-analyze.man.txt

root@debian9:~# systemd-analyze
Startup finished in 6.294s (kernel) + 28.798s (userspace) = 35.092s

root@debian9:/home/user# systemd-analyze blame
          8.463s NetworkManager-wait-online.service
          8.283s ModemManager.service
          7.804s dev-sda1.device
          5.126s accounts-daemon.service
          5.111s NetworkManager.service
          3.901s polkit.service
          3.540s systemd-udevd.service
          2.688s apt-daily.service
          2.683s networking.service
          2.520s ssh.service
          2.194s systemd-tmpfiles-setup-dev.service
          1.996s lightdm.service
          1.731s keyboard-setup.service
          1.643s pppd-dns.service
          1.642s rsyslog.service
          1.577s systemd-tmpfiles-setup.service
          1.242s console-setup.service
          1.168s systemd-timesyncd.service
           466ms systemd-modules-load.service
           409ms systemd-remount-fs.service
           359ms dev-mqueue.mount
           340ms user@1000.service
           336ms dev-hugepages.mount
           322ms sys-kernel-debug.mount
           267ms systemd-user-sessions.service
           252ms systemd-journal-flush.service
           244ms systemd-journald.service
           244ms systemd-logind.service
           236ms apt-daily-upgrade.service
           192ms systemd-random-seed.service
           184ms systemd-udev-trigger.service
           151ms kmod-static-nodes.service
           143ms systemd-update-utmp.service
           119ms udisks2.service
           118ms dev-disk-by\x2duuid-1704d86b\x2d7f2f\x2d4d0a\x2da467\x2d243d54c0184a.swap
           115ms systemd-tmpfiles-clean.service
            74ms systemd-sysctl.service
             3ms systemd-update-utmp-runlevel.service

where is systemd?


list of files and folders involved: systemd.filelist.txt

(output of dpkg-query -L systemd, which seems to be the same as dpkg -L systemd… but anyway)

ll /sbin |grep init
lrwxrwxrwx 1 root root 20 Apr 8 23:08 init -> /lib/systemd/systemd
lrwxrwxrwx 1 root root 14 Apr 8 23:08 telinit -> /bin/systemctl

ll /lib/systemd/systemd
-rwxr-xr-x 1 root root 1.1M Jun 4 22:58 /lib/systemd/systemd

root@debian:~# stat /lib/systemd/systemd
File: ‘/lib/systemd/systemd’
Size: 1316528 Blocks: 2576 IO Block: 4096 regular file
Device: 801h/2049d Inode: 6294591 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)

dpkg -l|grep systemd

ii dbus-user-session 1.10.18-1 all simple interprocess messaging system (systemd --user integration)
ii libpam-systemd:amd64 232-25 amd64 system and service manager - PAM module
ii libsystemd0:amd64 232-25 amd64 systemd utility library
ii systemd 232-25 amd64 system and service manager
ii systemd-sysv 232-25 amd64 system and service manager - SysV links


Control the systemd system and service manager.



root@debian9:~# systemctl
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automount Point
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda-sda1.device loaded active plugged Virtual_Disk 1
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda-sda2.device loaded active plugged Virtual_Disk 2
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda-sda5.device loaded active plugged Virtual_Disk 5
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda.device loaded active plugged Virtual_Disk
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-960b76ce\x2d2661\x2d4fdd\x2d8594\x2d4ae3ef929f46-net-eth0.device loaded active plugged /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/960b76ce-2661-4fdd-8594-4ae3ef929f46/net/eth0
sys-devices-pci0000:00-0000:00:07.1-ata2-host2-target2:0:0-2:0:0:0-block-sr0.device loaded active plugged Virtual_CD
sys-devices-platform-floppy.0-block-fd0.device loaded active plugged /sys/devices/platform/floppy.0/block/fd0
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS2
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS3
sys-devices-pnp0-00:03-tty-ttyS0.device loaded active plugged /sys/devices/pnp0/00:03/tty/ttyS0
sys-devices-pnp0-00:04-tty-ttyS1.device loaded active plugged /sys/devices/pnp0/00:04/tty/ttyS1
sys-subsystem-net-devices-eth0.device loaded active plugged /sys/subsystem/net/devices/eth0
-.mount loaded active mounted Root Mount
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
run-user-1000.mount loaded active mounted /run/user/1000
sys-kernel-debug.mount loaded active mounted Debug File System
systemd-ask-password-console.path loaded active waiting Dispatch Password Requests to Console Directory Watch
systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch
init.scope loaded active running System and Service Manager
session-1.scope loaded active running Session 1 of user user
session-31.scope loaded active running Session 31 of user user
session-32.scope loaded active running Session 32 of user user
accounts-daemon.service loaded active running Accounts Service
console-setup.service loaded active exited Set console font and keymap
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
keyboard-setup.service loaded active exited Set the console keyboard layout
kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel
lightdm.service loaded active running Light Display Manager
ModemManager.service loaded active running Modem Manager
networking.service loaded active exited Raise network interfaces
NetworkManager-wait-online.service loaded active exited Network Manager Wait Online
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
rsyslog.service loaded active running System Logging Service
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-modules-load.service loaded active exited Load Kernel Modules
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manager
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
udisks2.service loaded active running Disk Manager
user@1000.service loaded active running User Manager for UID 1000
-.slice loaded active active Root Slice
system-getty.slice loaded active active system-getty.slice
system.slice loaded active active System Slice
user-1000.slice loaded active active User Slice of user
user.slice loaded active active User and Session Slice
dbus.socket loaded active running D-Bus System Message Bus Socket
syslog.socket loaded active running Syslog Socket
systemd-fsckd.socket loaded active listening fsck to fsckd communication Socket
systemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipe
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
dev-disk-by\x2duuid-1704d86b\x2d7f2f\x2d4d0a\x2da467\x2d243d54c0184a.swap loaded active active /dev/disk/by-uuid/1704d86b-7f2f-4d0a-a467-243d54c0184a
basic.target loaded active active Basic System
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
network-online.target loaded active active Network is Online
network.target loaded active active Network
nss-user-lookup.target loaded active active User and Group Name Lookups
paths.target loaded active active Paths
remote-fs.target loaded active active Remote File Systems
slices.target loaded active active Slices
sockets.target loaded active active Sockets
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
time-sync.target loaded active active System Time Synchronized
timers.target loaded active active Timers
apt-daily-upgrade.timer loaded active waiting Daily apt upgrade and clean activities
apt-daily.timer loaded active waiting Daily apt download activities
systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

91 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

Useful SystemD commands (hints for systemctl or systemctl vs chkconfig and service)

List all running services


Start/stop or enable/disable services

Activates a service immediately:

systemctl start foo.service

Deactivates a service immediately:

systemctl stop foo.service

Restarts a service:

systemctl restart foo.service

Shows status of a service including whether it is running or not:

systemctl status foo.service

Enables a service to be started on bootup:

systemctl enable foo.service

Disables a service to not start during bootup:

systemctl disable foo.service

Check whether a service is already enabled or not:

systemctl is-enabled foo.service; echo $?

0 indicates that it is enabled. 1 indicates that it is disabled

How do I change the runlevel?

systemd has the concept of targets which is a more flexible replacement for runlevels in sysvinit.

Run level 3 is emulated by multi-user.target. Run level 5 is emulated by graphical.target. runlevel3.target is a symbolic link to multi-user.target and runlevel5.target is a symbolic link to graphical.target.

You can switch to ‘runlevel 3′ by running

systemctl isolate multi-user.target
# or
systemctl isolate runlevel3.target

You can switch to ‘runlevel 5′ by running

systemctl isolate graphical.target
# or
systemctl isolate runlevel5.target

How do I change the default runlevel?

systemd uses symlinks to point to the default runlevel. You have to delete the existing symlink first before creating a new one

rm /etc/systemd/system/default.target

Switch to runlevel 3 by default

ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

Switch to runlevel 5 by default

ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target

systemd does not use /etc/inittab file.

List the current run level

runlevel command still works with systemd. You can continue using that however runlevels is a legacy concept in systemd and is emulated via ‘targets’ and multiple targets can be active at the same time. So the equivalent in systemd terms is

systemctl list-units --type=target

Powering off the machine

You can use


Some more possibilities are: halt -p, init 0, shutdown -P now

Note that halt used to work the same as poweroff in previous Fedora releases, but systemd distinguishes between the two, so halt without parameters now does exactly what it says – it merely stops the system without turning it off.


Service vs. systemd

service NetworkManager stop

# or

systemctl stop NetworkManager.service

Chkconfig vs. systemd

chkconfig NetworkManager off

# or

systemctl disable NetworkManager.service


systemd has a built-in readahead implementation. It is not enabled on upgrades.

It should improve bootup speed but your mileage may vary depending on your hardware.

To enable it:

systemctl enable systemd-readahead-collect.service
systemctl enable systemd-readahead-replay.service
# does not work in debian9 systemd?

SystemD cheatsheet

service foobar start systemctl start foobar.service Used to start a service (not reboot persistent)
service foobar stop systemctl stop foobar.service Used to stop a service (not reboot persistent)
service foobar restart systemctl restart foobar.service Used to stop and then start a service
service foobar reload systemctl reload foobar.service When supported, reloads the config file without interrupting pending operations.
service foobar condrestart systemctl condrestart foobar.service Restarts if the service is already running.
service foobar status systemctl status foobar.service Tells whether a service is currently running.
ls /etc/rc.d/init.d/ ls /lib/systemd/system/*.service /etc/systemd/system/*.service Used to list the services that can be started or stopped
chkconfig foobar on systemctl enable foobar.service Turn the service on, for start at next boot, or other trigger.
chkconfig foobar off systemctl disable foobar.service Turn the service off for the next reboot, or any other trigger.
chkconfig foobar systemctl is-enabled foobar.service Used to check whether a service is configured to start or not in the current environment.
chkconfig foobar –list ls /etc/systemd/system/*.wants/foobar.service Used to list what levels this service is configured on or off
chkconfig foobar –add Not needed, no equivalent.

credits: https://www.dynacont.net/documentation/linux/Useful_SystemD_commands/

Why systemd?

systemd is still a young project, but it is not a baby anymore. The initial announcement I posted precisely a year ago. Since then most of the big distributions have decided to adopt it in one way or another, many smaller distributions have already switched. The first big distribution with systemd by default will be Fedora 15, due end of May. It is expected that the others will follow the lead a bit later (with one exception). Many embedded developers have already adopted it too, and there’s even a company specializing on engineering and consulting services for systemd. In short: within one year systemd became a really successful project.

However, there are still folks who we haven’t won over yet. If you fall into one of the following categories, then please have a look on the comparison of init systems below:

  • You are working on an embedded project and are wondering whether it should be based on systemd.
  • You are a user or administrator and wondering which distribution to pick, and are pondering whether it should be based on systemd or not.
  • You are a user or administrator and wondering why your favourite distribution has switched to systemd, if everything already worked so well before.
  • You are developing a distribution that hasn’t switched yet, and you are wondering whether to invest the work and go systemd.

And even if you don’t fall into any of these categories, you might still find the comparison interesting.

We’ll be comparing the three most relevant init systems for Linux: sysvinit, Upstart and systemd. Of course there are other init systems in existance, but they play virtually no role in the big picture. Unless you run Android (which is a completely different beast anyway), you’ll almost definitely run one of these three init systems on your Linux kernel. (OK, or busybox, but then you are basically not running any init system at all.) Unless you have a soft spot for exotic init systems there’s little need to look further. Also, I am kinda lazy, and don’t want to spend the time on analyzing those other systems in enough detail to be completely fair to them.

Speaking of fairness: I am of course one of the creators of systemd. I will try my best to be fair to the other two contenders, but in the end, take it with a grain of salt. I am sure though that should I be grossly unfair or otherwise incorrect somebody will point it out in the comments of this story, so consider having a look on those, before you put too much trust in what I say.

We’ll look at the currently implemented features in a released version. Grand plans don’t count.

General Features

sysvinit Upstart systemd
Interfacing via D-Bus no yes yes
Shell-free bootup no no yes
Modular C coded early boot services included no no yes
Read-Ahead no no[1] yes
Socket-based Activation no no[2] yes
Socket-based Activation: inetd compatibility no no[2] yes
Bus-based Activation no no[3] yes
Device-based Activation no no[4] yes
Configuration of device dependencies with udev rules no no yes
Path-based Activation (inotify) no no yes
Timer-based Activation no no yes
Mount handling no no[5] yes
fsck handling no no[5] yes
Quota handling no no yes
Automount handling no no yes
Swap handling no no yes
Snapshotting of system state no no yes
XDG_RUNTIME_DIR Support no no yes
Optionally kills remaining processes of users logging out no no yes
Linux Control Groups Integration no no yes
Audit record generation for started services no no yes
SELinux integration no no yes
PAM integration no no yes
Encrypted hard disk handling (LUKS) no no yes
SSL Certificate/LUKS Password handling, including Plymouth, Console, wall(1), TTY and GNOME agents no no yes
Network Loopback device handling no no yes
binfmt_misc handling no no yes
System-wide locale handling no no yes
Console and keyboard setup no no yes
Infrastructure for creating, removing, cleaning up of temporary and volatile files no no yes
Handling for /proc/sys sysctl no no yes
Plymouth integration no yes yes
Save/restore random seed no no yes
Static loading of kernel modules no no yes
Automatic serial console handling no no yes
Unique Machine ID handling no no yes
Dynamic host name and machine meta data handling no no yes
Reliable termination of services no no yes
Early boot /dev/log logging no no yes
Minimal kmsg-based syslog daemon for embedded use no no yes
Respawning on service crash without losing connectivity no no yes
Gapless service upgrades no no yes
Graphical UI no no yes
Built-In Profiling and Tools no no yes
Instantiated services no yes yes
PolicyKit integration no no yes
Remote access/Cluster support built into client tools no no yes
Can list all processes of a service no no yes
Can identify service of a process no no yes
Automatic per-service CPU cgroups to even out CPU usage between them no no yes
Automatic per-user cgroups no no yes
SysV compatibility yes yes yes
SysV services controllable like native services yes no yes
SysV-compatible /dev/initctl yes no yes
Reexecution with full serialization of state yes no yes
Interactive boot-up no[6] no[6] yes
Container support (as advanced chroot() replacement) no no yes
Dependency-based bootup no[7] no yes
Disabling of services without editing files yes no yes
Masking of services without editing files no no yes
Robust system shutdown within PID 1 no no yes
Built-in kexec support no no yes
Dynamic service generation no no yes
Upstream support in various other OS components yes no yes
Service files compatible between distributions no no yes
Signal delivery to services no no yes
Reliable termination of user sessions before shutdown no no yes
utmp/wtmp support yes yes yes
Easily writable, extensible and parseable service files, suitable for manipulation with enterprise management tools no no yes

[1] Read-Ahead implementation for Upstart available in separate package ureadahead, requires non-standard kernel patch.

[2] Socket activation implementation for Upstart available as preview, lacks parallelization support hence entirely misses the point of socket activation.

[3] Bus activation implementation for Upstart posted as patch, not merged.

[4] udev device event bridge implementation for Upstart available as preview, forwards entire udev database into Upstart, not practical.

[5] Mount handling utility mountall for Upstart available in separate package, covers only boot-time mounts, very limited dependency system.

[6] Some distributions offer this implemented in shell.

[7] LSB init scripts support this, if they are used.

Available Native Service Settings

sysvinit Upstart systemd
OOM Adjustment no yes[1] yes
Working Directory no yes yes
Root Directory (chroot()) no yes yes
Environment Variables no yes yes
Environment Variables from external file no no yes
Resource Limits no some[2] yes
umask no yes yes
User/Group/Supplementary Groups no no yes
IO Scheduling Class/Priority no no yes
CPU Scheduling Nice Value no yes yes
CPU Scheduling Policy/Priority no no yes
CPU Scheduling Reset on fork() control no no yes
CPU affinity no no yes
Timer Slack no no yes
Capabilities Control no no yes
Secure Bits Control no no yes
Control Group Control no no yes
High-level file system namespace control: making directories inacessible no no yes
High-level file system namespace control: making directories read-only no no yes
High-level file system namespace control: private /tmp no no yes
High-level file system namespace control: mount inheritance no no yes
Input on Console yes yes yes
Output on Syslog no no yes
Output on kmsg/dmesg no no yes
Output on arbitrary TTY no no yes
Kill signal control no no yes
Conditional execution: by identified CPU virtualization/container no no yes
Conditional execution: by file existance no no yes
Conditional execution: by security framework no no yes
Conditional execution: by kernel command line no no yes

[1] Upstart supports only the deprecated oom_score_adj mechanism, not the current oom_adj logic.

[2] Upstart lacks support for RLIMIT_RTTIME and RLIMIT_RTPRIO.

Note that some of these options are relatively easily added to SysV init scripts, by editing the shell sources. The table above focusses on easily accessible options that do not require source code editing.


sysvinit Upstart systemd
Maturity > 15 years 6 years 1 year
Specialized professional consulting and engineering services available no no yes
SCM Subversion Bazaar git
Copyright-assignment-free contributing yes no yes


As the tables above hopefully show in all clarity systemd has left behind both sysvinit and Upstart in almost every aspect. With the exception of the project’s age/maturity systemd wins in every category. At this point in time it will be very hard for sysvinit and Upstart to catch up with the features systemd provides today. In one year we managed to push systemd forward much further than Upstart has been pushed in six.

It is our intention to drive forward the development of the Linux platform with systemd. In the next release cycle we will focus more strongly on providing the same features and speed improvement we already offer for the system to the user login session. This will bring much closer integration with the other parts of the OS and applications, making the most of the features the service manager provides, and making it available to login sessions. Certain components such as ConsoleKit will be made redundant by these upgrades, and services relying on them will be updated. The burden for maintaining these then obsolete components will be passed on the vendors who plan to continue to rely on them.

If you are wondering whether or not to adopt systemd, then systemd obviously wins when it comes to mere features. Of course that should not be the only aspect to keep in mind. In the long run, sticking with the existing infrastructure (such as ConsoleKit) comes at a price: porting work needs to take place, and additional maintainance work for bitrotting code needs to be done. Going it on your own means increased workload.

That said, adopting systemd is also not free. Especially if you made investments in the other two solutions adopting systemd means work. The basic work to adopt systemd is relatively minimal for porting over SysV systems (since compatibility is provided), but can mean substantial work when coming from Upstart. If you plan to go for a 100% systemd system without any SysV compatibility (recommended for embedded, long run goal for the big distributions) you need to be willing to invest some work to rewrite init scripts as simple systemd unit files.

systemd is in the process of becoming a comprehensive, integrated and modular platform providing everything needed to bootstrap and maintain an operating system’s userspace. It includes C rewrites of all basic early boot init scripts that are shipped with the various distributions. Especially for the embedded case adopting systemd provides you in one step with almost everything you need, and you can pick the modules you want. The other two init systems are singular individual components, which to be useful need a great number of additional components with differing interfaces. The emphasis of systemd to provide a platform instead of just a component allows for closer integration, and cleaner APIs. Sooner or later this will trickle up to the applications. Already, there are accepted XDG specifications (e.g. XDG basedir spec, more specifically XDG_RUNTIME_DIR) that are not supported on the other init systems.

systemd is also a big opportunity for Linux standardization. Since it standardizes many interfaces of the system that previously have been differing on every distribution, on every implementation, adopting it helps to work against the balkanization of the Linux interfaces. Choosing systemd means redefining more closely what the Linux platform is about. This improves the lifes of programmers, users and administrators alike.

I believe that momentum is clearly with systemd. We invite you to join our community and be part of that momentum.

src: http://0pointer.de/blog/projects/why.html

systemctl – output process tree

systemctl status

Since: Di 2017-05-02 15:51:20 CEST; 28min left
CGroup: /
│ └─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 23
│ ├─dbus.service
│ │ └─1074 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
│ ├─cron.service
│ │ └─2124 /usr/sbin/cron -n
│ ├─wickedd.service
│ │ └─1257 /usr/sbin/wickedd --systemd --foreground
│ ├─hv_vss_daemon.service
│ │ └─1105 /usr/lib/hyper-v/bin/hv_vss_daemon --no-daemon
│ ├─postfix.service
│ │ ├─2105 /usr/lib/postfix/master -w
│ │ ├─2106 pickup -l -t fifo -u
│ │ └─2107 qmgr -l -t fifo -u
│ ├─wickedd-nanny.service
│ │ └─1260 /usr/sbin/wickedd-nanny --systemd --foreground
│ ├─accounts-daemon.service
│ │ └─1220 /usr/lib/accounts-daemon
│ ├─nscd.service
│ │ └─1082 /usr/sbin/nscd
│ ├─systemd-journald.service
│ │ └─565 /usr/lib/systemd/systemd-journald
│ ├─udisks2.service
│ │ └─1815 /usr/lib/udisks2/udisksd --no-debug
│ ├─wickedd-dhcp4.service
│ │ └─1246 /usr/lib/wicked/bin/wickedd-dhcp4 --systemd --foreground
│ ├─display-manager.service
│ │ ├─1205 /usr/sbin/gdm
│ │ ├─1211 /usr/lib/gdm/gdm-simple-slave --display-id /org/gnome/DisplayManager/Displays/_0
│ │ └─1219 /usr/bin/Xorg :0 -background none -verbose -auth /run/gdm/auth-for-gdm-ZAzyg4/database -seat seat0 vt7
│ ├─upower.service
│ │ └─1607 /usr/lib/upower/upowerd
│ ├─systemd-logind.service
│ │ └─1110 /usr/lib/systemd/systemd-logind
│ ├─wickedd-dhcp6.service
│ │ └─1244 /usr/lib/wicked/bin/wickedd-dhcp6 --systemd --foreground
│ ├─system-getty.slice
│ │ └─getty@tty1.service
│ │ └─1125 /sbin/agetty --noclear tty1 linux
│ ├─sshd.service
│ │ └─1957 /usr/sbin/sshd -D
│ ├─systemd-udevd.service
│ │ └─611 /usr/lib/systemd/systemd-udevd
│ ├─haveged.service
│ │ └─582 /usr/sbin/haveged -w 1024 -v 0 -F
│ ├─wickedd-auto4.service
│ │ └─1242 /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
│ ├─polkit.service
│ │ └─1231 /usr/lib/polkit-1/polkitd --no-debug
│ ├─irqbalance.service
│ │ └─1067 /usr/sbin/irqbalance --foreground
│ ├─hv_kvp_daemon.service
│ │ └─1921 /usr/lib/hyper-v/bin/hv_kvp_daemon --no-daemon
│ ├─rsyslog.service
│ │ └─1106 /usr/sbin/rsyslogd -n
│ └─rtkit-daemon.service
│ └─1619 /usr/lib/rtkit/rtkit-daemon
│ ├─1665 gdm-session-worker [pam/gdm-password]
│ ├─1678 /usr/bin/gnome-keyring-daemon --daemonize --login
│ ├─1682 /usr/lib/gnome-session-binary --session gnome-classic
│ ├─1737 /usr/bin/dbus-launch --sh-syntax --exit-with-session /usr/bin/ssh-agent /etc/X11/xinit/xinitrc --session gnome-classic
│ ├─1738 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
│ ├─1739 /usr/bin/ssh-agent /etc/X11/xinit/xinitrc --session gnome-classic
│ ├─1745 /usr/lib/at-spi2/at-spi-bus-launcher
│ ├─1750 /bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
│ ├─1754 /usr/lib/at-spi2/at-spi2-registryd --use-gnome-session
│ ├─1768 /usr/bin/gnome-shell
│ ├─1774 /usr/lib/gvfs/gvfsd
│ ├─1779 /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
│ ├─1797 /usr/bin/pulseaudio --start --log-target=syslog
│ ├─1812 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
│ ├─1825 /usr/lib/gvfs/gvfs-mtp-volume-monitor
│ ├─1830 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
│ ├─1835 /usr/lib/gvfs/gvfs-goa-volume-monitor
│ ├─1839 /usr/lib/gnome-settings-daemon-3.0/gnome-settings-daemon
│ ├─1860 /usr/lib/gnome-settings-daemon-3.0/gsd-printer
│ ├─1861 nautilus --no-default-window --force-desktop
│ ├─1873 /usr/lib/dconf-service
│ ├─1883 /usr/lib/gvfs/gvfsd-trash --spawner :1.9 /org/gtk/gvfs/exec_spaw/0
│ ├─1893 /usr/lib/gvfs/gvfsd-burn --spawner :1.9 /org/gtk/gvfs/exec_spaw/1
│ ├─2655 /usr/lib/gvfs/gvfsd-metadata
│ ├─2798 /usr/lib/gnome-terminal-server
│ ├─2818 bash
│ ├─2838 su
│ └─2841 bash
│ └─init.scope
│ ├─1670 /usr/lib/systemd/systemd --user
│ └─1672 (sd-pam)
├─3135 sshd: user [priv]
├─3139 sshd: user@pts/1
├─3140 -bash
├─3171 su
├─3172 bash
└─3192 systemctl status

show services and mount points with systemd

suse12@user> systemctl list-units --type mount
-.mount loaded active mounted /
\x2esnapshots.mount loaded active mounted /.snapshots
boot-grub2-i386\x2dpc.mount loaded active mounted /boot/grub2/i386-pc
boot-grub2-x86_64\x2defi.mount loaded active mounted /boot/grub2/x86_64-efi
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
home.mount loaded active mounted /home
opt.mount loaded active mounted /opt
run-user-1000-gvfs.mount loaded active mounted /run/user/1000/gvfs
run-user-1000.mount loaded active mounted /run/user/1000
srv.mount loaded active mounted /srv
sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System
sys-kernel-debug.mount loaded active mounted Debug File System
tmp.mount loaded active mounted /tmp
usr-local.mount loaded active mounted /usr/local
var-cache.mount loaded active mounted /var/cache
var-crash.mount loaded active mounted /var/crash
var-lib-libvirt-images.mount loaded active mounted /var/lib/libvirt/images
var-lib-machines.mount loaded active mounted /var/lib/machines
var-lib-mailman.mount loaded active mounted /var/lib/mailman
var-lib-mariadb.mount loaded active mounted /var/lib/mariadb
var-lib-mysql.mount loaded active mounted /var/lib/mysql
var-lib-named.mount loaded active mounted /var/lib/named
var-lib-pgsql.mount loaded active mounted /var/lib/pgsql
var-log.mount loaded active mounted /var/log
var-opt.mount loaded active mounted /var/opt
var-spool.mount loaded active mounted /var/spool
var-tmp.mount loaded active mounted /var/tmp
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
28 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

systemd – Which services are enabled disabled?

suse:/# systemctl list-unit-files
proc-sys-fs-binfmt_misc.automount static
org.freedesktop.hostname1.busname static
org.freedesktop.import1.busname static
org.freedesktop.locale1.busname static
org.freedesktop.login1.busname static
org.freedesktop.machine1.busname static
org.freedesktop.systemd1.busname static
org.freedesktop.timedate1.busname static
dev-hugepages.mount static
dev-mqueue.mount static
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
var-lib-machines.mount static
var-lib-nfs-rpc_pipefs.mount static
var-lock.mount static
var-run.mount static
systemd-ask-password-console.path static
systemd-ask-password-plymouth.path static
systemd-ask-password-wall.path static
accounts-daemon.service disabled
after-local.service static
alsa-restore.service static
alsa-state.service static
alsa-store.service static
alsasound.service static
atd.service disabled
auditd.service disabled
auth-rpcgss-module.service static
autofs.service disabled
autovt@.service enabled
autoyast-initscripts.service disabled
blk-availability.service disabled
bluetooth.service enabled
bmc-snmp-proxy.service disabled
brltty.service disabled
btrfsmaintenance-refresh.service enabled
cgroup.service masked
cleanup.service static
clock.service masked
configure-printer@.service static
console-getty.service disabled
console-shell.service disabled
container-getty@.service static
cron.service enabled
crypto-early.service masked
crypto.service masked
cups-browsed.service disabled
cups.service disabled
dbus-org.bluez.service enabled
dbus-org.freedesktop.hostname1.service static
dbus-org.freedesktop.import1.service static
dbus-org.freedesktop.locale1.service static
dbus-org.freedesktop.login1.service static
dbus-org.freedesktop.machine1.service static
dbus-org.freedesktop.timedate1.service static
dbus-org.opensuse.Network.AUTO4.service enabled
dbus-org.opensuse.Network.DHCP4.service enabled
dbus-org.opensuse.Network.DHCP6.service enabled
dbus-org.opensuse.Network.Nanny.service enabled
dbus.service static
debug-shell.service disabled
device-mapper.service masked
display-manager.service enabled
dm-event.service disabled
dmraid-activation.service disabled
dracut-cmdline.service static
dracut-initqueue.service static
dracut-mount.service static
dracut-pre-mount.service static
dracut-pre-pivot.service static
dracut-pre-trigger.service static
dracut-pre-udev.service static
dracut-shutdown.service static
earlysyslog.service masked
earlyxdm.service masked
emergency.service static
exchange-bmc-os-info.service disabled
fstrim.service static
geoclue.service static
getty@.service enabled
gpm.service disabled
grub2-once.service disabled
halt-local.service static
haveged.service enabled
hv_fcopy_daemon.service disabled
hv_kvp_daemon.service disabled
hv_vss_daemon.service disabled
initrd-cleanup.service static
initrd-parse-etc.service static
initrd-switch-root.service static
initrd-udevadm-cleanup-db.service static
ipmi.service disabled
ipmievd.service disabled
irqbalance.service enabled
iscsi.service enabled
iscsid.service disabled
iscsiuio.service disabled
kbd.service masked
kdump-rebuild-initrd.service disabled
kdump.service disabled
kexec-load.service disabled
klog.service disabled
kmod-static-nodes.service static
ldconfig.service static
loadmodules.service masked
localfs.service static
localnet.service masked
lunmask.service disabled
lvm2-lvmetad.service disabled
lvm2-monitor.service disabled
lvm2-pvscan@.service static
mcelog.service enabled
mdadm-grow-continue@.service static
mdadm-last-resort@.service static
mdmon@.service static
mdmonitor.service static
multipathd.service disabled
network.service enabled
nfs-blkmap.service disabled
nfs-config.service static
nfs-idmapd.service static
nfs-mountd.service static
nfs-server.service disabled
nfs-utils.service static
nfs.service disabled
nfsserver.service disabled
nmb.service disabled
nscd.service enabled
ntp-wait.service disabled
ntpd.service disabled
openct-handler@.service static
openct.service disabled
packagekit-offline-update.service static
packagekit.service static
pcscd.service indirect
plymouth-halt.service static
plymouth-kexec.service static
plymouth-poweroff.service static
plymouth-quit-wait.service static
plymouth-quit.service static
plymouth-read-write.service static
plymouth-reboot.service static
plymouth-start.service static
plymouth-switch-root.service static
polkit.service static
postfix.service enabled
proc.service masked
purge-kernels.service enabled
quotaon.service static
random.service static
rc-local.service static
rescue.service static
rollback.service enabled
rootfsck.service static
rpc-gssd.service static
rpc-statd-notify.service static
rpc-statd.service static
rpc-svcgssd.service static
rpcbind.service disabled
rsyncd.service disabled
rsyslog.service enabled
rtkit-daemon.service disabled
saslauthd.service disabled
serial-getty@.service disabled
shadow.service static
single.service masked
slpd.service disabled
smartd.service enabled
smb.service disabled
snapper-cleanup.service static
snapper-timeline.service static
speech-dispatcherd.service disabled
sshd.service enabled
startpreload.service masked
stoppreload.service masked
SuSEfirewall2.service enabled
SuSEfirewall2_init.service enabled
SuSEfirewall2_setup.service enabled
swap.service masked
sysctl.service static
syslog.service enabled
systemd-ask-password-console.service static
systemd-ask-password-plymouth.service static
systemd-ask-password-wall.service static
systemd-backlight@.service static
systemd-binfmt.service static
systemd-bootchart.service disabled
systemd-bus-proxyd.service static
systemd-exit.service static
systemd-firstboot.service static
systemd-fsck-root.service static
systemd-fsck@.service static
systemd-halt.service static
systemd-hibernate-resume@.service static
systemd-hibernate.service static


alternative to htop?


Control Group Tasks %CPU Memory Input/s Output/s
/ - 0.7 543.0M - -
/init.scope 1 - - - -
/system.slice 67 - - - -
/system.slice/accounts-daemon.service 3 - - - -
/system.slice/cron.service 1 - - - -
/system.slice/dbus.service 1 - - - -
/system.slice/display-manager.service 9 - - - -
/system.slice/haveged.service 1 - - - -
/system.slice/hv_kvp_daemon.service 1 - - - -
/system.slice/hv_vss_daemon.service 1 - - - -
/system.slice/irqbalance.service 1 - - - -
/system.slice/nscd.service 11 - - - -
/system.slice/packagekit.service 4 - - - -
/system.slice/polkit.service 6 - - - -
/system.slice/rsyslog.service 5 - - - -
/system.slice/rtkit-daemon.service 3 - - - -
/system.slice/sshd.service 1 - - - -
/system.slice/system-getty.slice 1 - - - -
/system.slice/system-getty.slice/getty@tty1.service 1 - - - -
/system.slice/systemd-hostnamed.service 1 - - - -
/system.slice/systemd-journald.service 1 - - - -
/system.slice/systemd-localed.service 1 - - - -
/system.slice/systemd-logind.service 1 - - - -
/system.slice/systemd-udevd.service 1 - - - -
/system.slice/udisks2.service 5 - - - -
/system.slice/upower.service 3 - - - -
/system.slice/wickedd-auto4.service 1 - - - -
/system.slice/wickedd-dhcp4.service 1 - - - -
/system.slice/wickedd-dhcp6.service 1 - - - -
/system.slice/wickedd-nanny.service 1 - - - -
/system.slice/wickedd.service 1 - - - -
/user.slice 92 - - - -
/user.slice/user-1000.slice 92 - - - -
/user.slice/user-1000.slice/session-1.scope 81 - - - -
/user.slice/user-1000.slice/session-2.scope 6 - - - -
/user.slice/user-1000.slice/session-3.scope 3 - - - -
/user.slice/user-1000.slice/user@1000.service 2 - - - -




/etc/systemd/journald.conf (from debian8)