update: systemd blanks NetFlix X-D
security problems: non-root to root escalation: https://www.heise.de/security/meldung/System-Down-Drei-Uralt-Luecken-in-Systemd-vereinfachen-Linux-Angriffe-4270673.html
a bit of software philosophy
Despite the fact – that the catholic church claims that it’s pope is „infallible“ – only God and Nobody is perfect (makes no mistakes).
A lot of people would like to be God – but face it – no human being is God – and no human being wants to be a Nobody.
Usually everybody wants to have meaningful relationships with the rest of mankind. Because of that errors are not the exception – they are the rule of whatever humans do.
One of systemd’s main goals is to unify basic Linux configurations and service behaviors across all distributions.
If it’s not complicated – it’s not (at least partly) „made in Germany“ 😀
the program – that does it all – it will even cook you dinner if you configure it properly.
With great functionality comes great complexity.
apt-cache show systemd
„Description-en: system and service manager systemd is a system and service manager for Linux.
It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic.
systemd is compatible with SysV and LSB init scripts and can work as a drop-in replacement for sysvinit.
Installing the systemd package will not switch your init system unless you boot with init=/bin/systemd or install systemd-sysv in addition.“
While in 2010/2011 Sys-V-Init was replaced by upstart – shortly after – upstart was replaced by systemd – promising faster bootup and less RAM usage – now in 2017 – SUSE12, CENTOS7, Debian8 all use systemd as default initialisator and runlevel-manager.
Btw. runlevels will be renamed to „targets“ in systemd.
So in a short period of time – things changed dramatically.
But well i if you can speed up or simplify (optimize) often (by many users) repeated tasks – the huge effort is worth it.
Because the more often a step is needed/repeated – the more important it is to be optimized and the bigger the productivity gaining effects of that optimization… but first you will need to know what tasks are performed often by your users?
While on servers startup-time might not be sooooo important – on a desktop system – it is pretty nice having an immediate result after pushing the power button.
Is it a bug – or a feature?
social competence(social skills such as face2face-communication) is a rare good on this planet – and especially in tech-heavy industries such as computers – where people dealing with machines all week long – tend to become themselves – machines. (brain forgets how to verbal speak)
Humans != machines. Humans should have consciousness (hopefully) that allows them to realize „what is the right thing“ and emotions that (hopefully) motivates them – to „do the right thing“ – machines have not yet such features. (CIA investing into quantum computing, Mr Musk investing into AI development)
Without social skills – cooperation between humans declines – without cooperation mankind is fucked.
And Mr Torvalds thinks if you are NOT rude – people won’t understand you. I disagree.
I would say – this is placed in the area of project-management – especially software-project management.
And as you can read in my article – „how to write perfect software and finish on time“ (not) you will realize – errors are not the exception – they are the rule – and rate of errors increases with complexity (amount of people, features and lines of code).
technical but also concept-errors, design errors so to speak.
so every software company and product needs:
1. simplicity – as simple as possible = easy (fast) to understand and handle/modify/fix
(this is where systemd might not be so great, thus if programs tend to become big, break it down into separate testable modules… or you will never finish the project (compiling and testing takes too much time))
2 people with time-resources and other resources (electricity) and good logic that can focus and stick to a task until it is 99% error free
3. clearly defined goals
4. some form of quality-and-error-management (use-case documentation and automated or manual testing… the boring stuff of software development :-D)
If not – they believe to be in god-mode – and forget – only nobody is perfect. But who would like to be a nobody?
what could Mr Torvalds improve in his way of communication – what we all should do – no matter how angry you are try:
1. say something positive
and you will be heared. completely without scandals.
back to topic:
systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts include a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. See Lennart’s blog story for a longer introduction, and the three status updates since then. Also see the Wikipedia article. If you are wondering whether systemd is for you, please have a look at this comparison of init systems by one of the creators of systemd.
systemd provides various interfaces developers and programs might rely on. Starting with version 26 (the first version released with Fedora 15) we promise to keep a number of them stable and compatible for the future.
The stable interfaces are:
- The unit configuration file format. Unit files written now will stay compatible with future versions of systemd. Extensions to the file format will happen in a way that existing files remain compatible.
- The command line interface of systemctl, loginctl, journalctl. We will make sure that scripts invoking these commands will continue to work with future versions of systemd. Note however that the output generated by these commands is generally not included in the promise, unless it is documented in the man page. Example: the output of „systemctl status“ is not stable, but the one of „systemctl show“ is, because the former is intended to be human readable and the latter computer readable, and this is documented in the man page.
- The protocol spoken on the socket referred to by $NOTIFY_SOCKET, as documented in sd_notify(3).
- Some of the „special“ unit names and their semantics. To be precise the ones that are necessary for normal services, and not those required only for early boot and late shutdown, with very few exceptions. To list them here: basic.target, shutdown.target, sockets.target, network.target, getty.target, graphical.target, multi-user.target, rescue.target, emergency.target, poweroff.target, reboot.target, halt.target, runlevel[1-5].target.
- For a more comprehensive and authoritative list, consult the Interface Portability And Stability Chart
The following interfaces will not necessarily be kept stable for now, but we will eventually make a stability promise for these interfaces too. In the meantime we will however try to keep breakage of these interfaces at a minimum:
- The D-Bus interfaces of the main service daemon (!) [ An additional restriction applies here: functionality we consider legacy might not be available based on compile-time options, such as SysV support, libwrap support and similar. Apps should not assume properties and methods related to this functionality are unconditionally available in the D-Bus interfaces. ]
- The set of states of the various state machines used in systemd, e.g. the high-level unit states inactive, active, deactivating, and so on, as well (and in particular) the low-level per-unit states.
- All „special“ units that aren’t listed above.
The following interfaces are considered private to systemd, and are not and will not be covered by any stability promise:
- Undocumented switches to systemd, systemctl and otherwise
- The internal protocols used on the various sockets such as the sockets /run/systemd/shutdown, /run/systemd/private.
One of the main goals of systemd is to unify basic Linux configurations and service behaviors across all distributions. Systemd project does not contain any distribution-specific parts. Distributions are expected to convert over time their individual configurations to the systemd format, or they will need to carry and maintain patches in their package if they still decide to stay different.
What does this mean for you? When developing with systemd, don’t use any of the latter interfaces – use systemd.
You are welcome to use other interfaces, but if you use any of the second kind (i.e. those where we don’t yet make a stability promise), then make sure to subscribe to our mailing list, where we will announce API changes, and be prepared to update your program eventually.
Note that this is a promise, not an eternal guarantee. These are our intentions, but if in the future there are very good reasons to change or get rid of an interface we have listed above as stable, then we might take the liberty to do so, despite this promise. However, if we do this, then we’ll do our best to provide a smooth and reasonably long transition phase.
/bin/systemd --help systemd [OPTIONS...] Starts up and maintains the system or user services. -h --help Show this help --test Determine startup sequence, dump it and exit --no-pager Do not pipe output into a pager --dump-configuration-items Dump understood unit configuration items --unit=UNIT Set default unit --system Run a system instance, even if PID != 1 --user Run a user instance --dump-core[=BOOL] Dump core on crash --crash-vt=NR Change to specified VT on crash --crash-reboot[=BOOL] Reboot on crash --crash-shell[=BOOL] Run shell on crash --confirm-spawn[=BOOL] Ask for confirmation when spawning processes --show-status[=BOOL] Show status updates on the console during bootup --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null) --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg) --log-color[=BOOL] Highlight important log messages --log-location[=BOOL] Include code location in log messages --default-standard-output= Set default standard output for services --default-standard-error= Set default standard error output for services
startup speed analyzed
root@debian9:~# systemd-analyze Startup finished in 6.294s (kernel) + 28.798s (userspace) = 35.092s root@debian9:/home/user# systemd-analyze blame 8.463s NetworkManager-wait-online.service 8.283s ModemManager.service 7.804s dev-sda1.device 5.126s accounts-daemon.service 5.111s NetworkManager.service 3.901s polkit.service 3.540s systemd-udevd.service 2.688s apt-daily.service 2.683s networking.service 2.520s ssh.service 2.194s systemd-tmpfiles-setup-dev.service 1.996s lightdm.service 1.731s keyboard-setup.service 1.643s pppd-dns.service 1.642s rsyslog.service 1.577s systemd-tmpfiles-setup.service 1.242s console-setup.service 1.168s systemd-timesyncd.service 466ms systemd-modules-load.service 409ms systemd-remount-fs.service 359ms dev-mqueue.mount 340ms email@example.com 336ms dev-hugepages.mount 322ms sys-kernel-debug.mount 267ms systemd-user-sessions.service 252ms systemd-journal-flush.service 244ms systemd-journald.service 244ms systemd-logind.service 236ms apt-daily-upgrade.service 192ms systemd-random-seed.service 184ms systemd-udev-trigger.service 151ms kmod-static-nodes.service 143ms systemd-update-utmp.service 119ms udisks2.service 118ms dev-disk-by\x2duuid-1704d86b\x2d7f2f\x2d4d0a\x2da467\x2d243d54c0184a.swap 115ms systemd-tmpfiles-clean.service 74ms systemd-sysctl.service 3ms systemd-update-utmp-runlevel.service
where is systemd?
list of files and folders involved: systemd.filelist.txt
(output of dpkg-query -L systemd, which seems to be the same as dpkg -L systemd… but anyway)
ll /sbin |grep init lrwxrwxrwx 1 root root 20 Apr 8 23:08 init -> /lib/systemd/systemd lrwxrwxrwx 1 root root 14 Apr 8 23:08 telinit -> /bin/systemctl ll /lib/systemd/systemd -rwxr-xr-x 1 root root 1.1M Jun 4 22:58 /lib/systemd/systemd root@debian:~# stat /lib/systemd/systemd File: ‘/lib/systemd/systemd’ Size: 1316528 Blocks: 2576 IO Block: 4096 regular file Device: 801h/2049d Inode: 6294591 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) dpkg -l|grep systemd ii dbus-user-session 1.10.18-1 all simple interprocess messaging system (systemd --user integration) ii libpam-systemd:amd64 232-25 amd64 system and service manager - PAM module ii libsystemd0:amd64 232-25 amd64 systemd utility library ii systemd 232-25 amd64 system and service manager ii systemd-sysv 232-25 amd64 system and service manager - SysV links
Control the systemd system and service manager.
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automount Point
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda-sda1.device loaded active plugged Virtual_Disk 1
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda-sda2.device loaded active plugged Virtual_Disk 2
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda-sda5.device loaded active plugged Virtual_Disk 5
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-00000000\x2d0000\x2d8899\x2d0000\x2d000000000000-host0-target0:0:0-0:0:0:0-block-sda.device loaded active plugged Virtual_Disk
sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0A03:00-device:07-VMBUS:01-960b76ce\x2d2661\x2d4fdd\x2d8594\x2d4ae3ef929f46-net-eth0.device loaded active plugged /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/960b76ce-2661-4fdd-8594-4ae3ef929f46/net/eth0
sys-devices-pci0000:00-0000:00:07.1-ata2-host2-target2:0:0-2:0:0:0-block-sr0.device loaded active plugged Virtual_CD
sys-devices-platform-floppy.0-block-fd0.device loaded active plugged /sys/devices/platform/floppy.0/block/fd0
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS2
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS3
sys-devices-pnp0-00:03-tty-ttyS0.device loaded active plugged /sys/devices/pnp0/00:03/tty/ttyS0
sys-devices-pnp0-00:04-tty-ttyS1.device loaded active plugged /sys/devices/pnp0/00:04/tty/ttyS1
sys-subsystem-net-devices-eth0.device loaded active plugged /sys/subsystem/net/devices/eth0
-.mount loaded active mounted Root Mount
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
run-user-1000.mount loaded active mounted /run/user/1000
sys-kernel-debug.mount loaded active mounted Debug File System
systemd-ask-password-console.path loaded active waiting Dispatch Password Requests to Console Directory Watch
systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch
init.scope loaded active running System and Service Manager
session-1.scope loaded active running Session 1 of user user
session-31.scope loaded active running Session 31 of user user
session-32.scope loaded active running Session 32 of user user
accounts-daemon.service loaded active running Accounts Service
console-setup.service loaded active exited Set console font and keymap
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
firstname.lastname@example.org loaded active running Getty on tty1
keyboard-setup.service loaded active exited Set the console keyboard layout
kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel
lightdm.service loaded active running Light Display Manager
ModemManager.service loaded active running Modem Manager
networking.service loaded active exited Raise network interfaces
NetworkManager-wait-online.service loaded active exited Network Manager Wait Online
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
rsyslog.service loaded active running System Logging Service
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-modules-load.service loaded active exited Load Kernel Modules
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manager
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
udisks2.service loaded active running Disk Manager
email@example.com loaded active running User Manager for UID 1000
-.slice loaded active active Root Slice
system-getty.slice loaded active active system-getty.slice
system.slice loaded active active System Slice
user-1000.slice loaded active active User Slice of user
user.slice loaded active active User and Session Slice
dbus.socket loaded active running D-Bus System Message Bus Socket
syslog.socket loaded active running Syslog Socket
systemd-fsckd.socket loaded active listening fsck to fsckd communication Socket
systemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipe
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
dev-disk-by\x2duuid-1704d86b\x2d7f2f\x2d4d0a\x2da467\x2d243d54c0184a.swap loaded active active /dev/disk/by-uuid/1704d86b-7f2f-4d0a-a467-243d54c0184a
basic.target loaded active active Basic System
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
network-online.target loaded active active Network is Online
network.target loaded active active Network
nss-user-lookup.target loaded active active User and Group Name Lookups
paths.target loaded active active Paths
remote-fs.target loaded active active Remote File Systems
slices.target loaded active active Slices
sockets.target loaded active active Sockets
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
time-sync.target loaded active active System Time Synchronized
timers.target loaded active active Timers
apt-daily-upgrade.timer loaded active waiting Daily apt upgrade and clean activities
apt-daily.timer loaded active waiting Daily apt download activities
systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
91 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
Useful SystemD commands (hints for systemctl or systemctl vs chkconfig and service)
List all running services
Start/stop or enable/disable services
Activates a service immediately:
systemctl start foo.service
Deactivates a service immediately:
systemctl stop foo.service
Restarts a service:
systemctl restart foo.service
Shows status of a service including whether it is running or not:
systemctl status foo.service
Enables a service to be started on bootup:
systemctl enable foo.service
Disables a service to not start during bootup:
systemctl disable foo.service
Check whether a service is already enabled or not:
systemctl is-enabled foo.service; echo $?
0 indicates that it is enabled. 1 indicates that it is disabled
How do I change the runlevel?
systemd has the concept of targets which is a more flexible replacement for runlevels in sysvinit.
Run level 3 is emulated by multi-user.target. Run level 5 is emulated by graphical.target. runlevel3.target is a symbolic link to multi-user.target and runlevel5.target is a symbolic link to graphical.target.
You can switch to ‘runlevel 3′ by running
systemctl isolate multi-user.target # or systemctl isolate runlevel3.target
You can switch to ‘runlevel 5′ by running
systemctl isolate graphical.target # or systemctl isolate runlevel5.target
How do I change the default runlevel?
systemd uses symlinks to point to the default runlevel. You have to delete the existing symlink first before creating a new one
Switch to runlevel 3 by default
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
Switch to runlevel 5 by default
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
systemd does not use /etc/inittab file.
List the current run level
runlevel command still works with systemd. You can continue using that however runlevels is a legacy concept in systemd and is emulated via ‘targets’ and multiple targets can be active at the same time. So the equivalent in systemd terms is
systemctl list-units --type=target
Powering off the machine
You can use
Some more possibilities are: halt -p, init 0, shutdown -P now
Note that halt used to work the same as poweroff in previous Fedora releases, but systemd distinguishes between the two, so halt without parameters now does exactly what it says – it merely stops the system without turning it off.
Service vs. systemd
service NetworkManager stop
systemctl stop NetworkManager.service
Chkconfig vs. systemd
chkconfig NetworkManager off
systemctl disable NetworkManager.service
systemd has a built-in readahead implementation. It is not enabled on upgrades.
It should improve bootup speed but your mileage may vary depending on your hardware.
To enable it:
systemctl enable systemd-readahead-collect.service systemctl enable systemd-readahead-replay.service # does not work in debian9 systemd?
|service foobar start||systemctl start foobar.service||Used to start a service (not reboot persistent)|
|service foobar stop||systemctl stop foobar.service||Used to stop a service (not reboot persistent)|
|service foobar restart||systemctl restart foobar.service||Used to stop and then start a service|
|service foobar reload||systemctl reload foobar.service||When supported, reloads the config file without interrupting pending operations.|
|service foobar condrestart||systemctl condrestart foobar.service||Restarts if the service is already running.|
|service foobar status||systemctl status foobar.service||Tells whether a service is currently running.|
|ls /etc/rc.d/init.d/||ls /lib/systemd/system/*.service /etc/systemd/system/*.service||Used to list the services that can be started or stopped|
|chkconfig foobar on||systemctl enable foobar.service||Turn the service on, for start at next boot, or other trigger.|
|chkconfig foobar off||systemctl disable foobar.service||Turn the service off for the next reboot, or any other trigger.|
|chkconfig foobar||systemctl is-enabled foobar.service||Used to check whether a service is configured to start or not in the current environment.|
|chkconfig foobar –list||ls /etc/systemd/system/*.wants/foobar.service||Used to list what levels this service is configured on or off|
|chkconfig foobar –add||Not needed, no equivalent.|
systemd is still a young project, but it is not a baby anymore. The initial announcement I posted precisely a year ago. Since then most of the big distributions have decided to adopt it in one way or another, many smaller distributions have already switched. The first big distribution with systemd by default will be Fedora 15, due end of May. It is expected that the others will follow the lead a bit later (with one exception). Many embedded developers have already adopted it too, and there’s even a company specializing on engineering and consulting services for systemd. In short: within one year systemd became a really successful project.
However, there are still folks who we haven’t won over yet. If you fall into one of the following categories, then please have a look on the comparison of init systems below:
- You are working on an embedded project and are wondering whether it should be based on systemd.
- You are a user or administrator and wondering which distribution to pick, and are pondering whether it should be based on systemd or not.
- You are a user or administrator and wondering why your favourite distribution has switched to systemd, if everything already worked so well before.
- You are developing a distribution that hasn’t switched yet, and you are wondering whether to invest the work and go systemd.
And even if you don’t fall into any of these categories, you might still find the comparison interesting.
We’ll be comparing the three most relevant init systems for Linux: sysvinit, Upstart and systemd. Of course there are other init systems in existance, but they play virtually no role in the big picture. Unless you run Android (which is a completely different beast anyway), you’ll almost definitely run one of these three init systems on your Linux kernel. (OK, or busybox, but then you are basically not running any init system at all.) Unless you have a soft spot for exotic init systems there’s little need to look further. Also, I am kinda lazy, and don’t want to spend the time on analyzing those other systems in enough detail to be completely fair to them.
Speaking of fairness: I am of course one of the creators of systemd. I will try my best to be fair to the other two contenders, but in the end, take it with a grain of salt. I am sure though that should I be grossly unfair or otherwise incorrect somebody will point it out in the comments of this story, so consider having a look on those, before you put too much trust in what I say.
We’ll look at the currently implemented features in a released version. Grand plans don’t count.
|Interfacing via D-Bus||no||yes||yes|
|Modular C coded early boot services included||no||no||yes|
|Socket-based Activation: inetd compatibility||no||no||yes|
|Configuration of device dependencies with udev rules||no||no||yes|
|Path-based Activation (inotify)||no||no||yes|
|Snapshotting of system state||no||no||yes|
|Optionally kills remaining processes of users logging out||no||no||yes|
|Linux Control Groups Integration||no||no||yes|
|Audit record generation for started services||no||no||yes|
|Encrypted hard disk handling (LUKS)||no||no||yes|
|SSL Certificate/LUKS Password handling, including Plymouth, Console, wall(1), TTY and GNOME agents||no||no||yes|
|Network Loopback device handling||no||no||yes|
|System-wide locale handling||no||no||yes|
|Console and keyboard setup||no||no||yes|
|Infrastructure for creating, removing, cleaning up of temporary and volatile files||no||no||yes|
|Handling for /proc/sys sysctl||no||no||yes|
|Save/restore random seed||no||no||yes|
|Static loading of kernel modules||no||no||yes|
|Automatic serial console handling||no||no||yes|
|Unique Machine ID handling||no||no||yes|
|Dynamic host name and machine meta data handling||no||no||yes|
|Reliable termination of services||no||no||yes|
|Early boot /dev/log logging||no||no||yes|
|Minimal kmsg-based syslog daemon for embedded use||no||no||yes|
|Respawning on service crash without losing connectivity||no||no||yes|
|Gapless service upgrades||no||no||yes|
|Built-In Profiling and Tools||no||no||yes|
|Remote access/Cluster support built into client tools||no||no||yes|
|Can list all processes of a service||no||no||yes|
|Can identify service of a process||no||no||yes|
|Automatic per-service CPU cgroups to even out CPU usage between them||no||no||yes|
|Automatic per-user cgroups||no||no||yes|
|SysV services controllable like native services||yes||no||yes|
|Reexecution with full serialization of state||yes||no||yes|
|Container support (as advanced chroot() replacement)||no||no||yes|
|Disabling of services without editing files||yes||no||yes|
|Masking of services without editing files||no||no||yes|
|Robust system shutdown within PID 1||no||no||yes|
|Built-in kexec support||no||no||yes|
|Dynamic service generation||no||no||yes|
|Upstream support in various other OS components||yes||no||yes|
|Service files compatible between distributions||no||no||yes|
|Signal delivery to services||no||no||yes|
|Reliable termination of user sessions before shutdown||no||no||yes|
|Easily writable, extensible and parseable service files, suitable for manipulation with enterprise management tools||no||no||yes|
 Read-Ahead implementation for Upstart available in separate package ureadahead, requires non-standard kernel patch.
 Socket activation implementation for Upstart available as preview, lacks parallelization support hence entirely misses the point of socket activation.
 Bus activation implementation for Upstart posted as patch, not merged.
 udev device event bridge implementation for Upstart available as preview, forwards entire udev database into Upstart, not practical.
 Mount handling utility mountall for Upstart available in separate package, covers only boot-time mounts, very limited dependency system.
 Some distributions offer this implemented in shell.
 LSB init scripts support this, if they are used.
Available Native Service Settings
|Root Directory (chroot())||no||yes||yes|
|Environment Variables from external file||no||no||yes|
|IO Scheduling Class/Priority||no||no||yes|
|CPU Scheduling Nice Value||no||yes||yes|
|CPU Scheduling Policy/Priority||no||no||yes|
|CPU Scheduling Reset on fork() control||no||no||yes|
|Secure Bits Control||no||no||yes|
|Control Group Control||no||no||yes|
|High-level file system namespace control: making directories inacessible||no||no||yes|
|High-level file system namespace control: making directories read-only||no||no||yes|
|High-level file system namespace control: private /tmp||no||no||yes|
|High-level file system namespace control: mount inheritance||no||no||yes|
|Input on Console||yes||yes||yes|
|Output on Syslog||no||no||yes|
|Output on kmsg/dmesg||no||no||yes|
|Output on arbitrary TTY||no||no||yes|
|Kill signal control||no||no||yes|
|Conditional execution: by identified CPU virtualization/container||no||no||yes|
|Conditional execution: by file existance||no||no||yes|
|Conditional execution: by security framework||no||no||yes|
|Conditional execution: by kernel command line||no||no||yes|
 Upstart supports only the deprecated oom_score_adj mechanism, not the current oom_adj logic.
 Upstart lacks support for RLIMIT_RTTIME and RLIMIT_RTPRIO.
Note that some of these options are relatively easily added to SysV init scripts, by editing the shell sources. The table above focusses on easily accessible options that do not require source code editing.
|Maturity||> 15 years||6 years||1 year|
|Specialized professional consulting and engineering services available||no||no||yes|
As the tables above hopefully show in all clarity systemd has left behind both sysvinit and Upstart in almost every aspect. With the exception of the project’s age/maturity systemd wins in every category. At this point in time it will be very hard for sysvinit and Upstart to catch up with the features systemd provides today. In one year we managed to push systemd forward much further than Upstart has been pushed in six.
It is our intention to drive forward the development of the Linux platform with systemd. In the next release cycle we will focus more strongly on providing the same features and speed improvement we already offer for the system to the user login session. This will bring much closer integration with the other parts of the OS and applications, making the most of the features the service manager provides, and making it available to login sessions. Certain components such as ConsoleKit will be made redundant by these upgrades, and services relying on them will be updated. The burden for maintaining these then obsolete components will be passed on the vendors who plan to continue to rely on them.
If you are wondering whether or not to adopt systemd, then systemd obviously wins when it comes to mere features. Of course that should not be the only aspect to keep in mind. In the long run, sticking with the existing infrastructure (such as ConsoleKit) comes at a price: porting work needs to take place, and additional maintainance work for bitrotting code needs to be done. Going it on your own means increased workload.
That said, adopting systemd is also not free. Especially if you made investments in the other two solutions adopting systemd means work. The basic work to adopt systemd is relatively minimal for porting over SysV systems (since compatibility is provided), but can mean substantial work when coming from Upstart. If you plan to go for a 100% systemd system without any SysV compatibility (recommended for embedded, long run goal for the big distributions) you need to be willing to invest some work to rewrite init scripts as simple systemd unit files.
systemd is in the process of becoming a comprehensive, integrated and modular platform providing everything needed to bootstrap and maintain an operating system’s userspace. It includes C rewrites of all basic early boot init scripts that are shipped with the various distributions. Especially for the embedded case adopting systemd provides you in one step with almost everything you need, and you can pick the modules you want. The other two init systems are singular individual components, which to be useful need a great number of additional components with differing interfaces. The emphasis of systemd to provide a platform instead of just a component allows for closer integration, and cleaner APIs. Sooner or later this will trickle up to the applications. Already, there are accepted XDG specifications (e.g. XDG basedir spec, more specifically XDG_RUNTIME_DIR) that are not supported on the other init systems.
systemd is also a big opportunity for Linux standardization. Since it standardizes many interfaces of the system that previously have been differing on every distribution, on every implementation, adopting it helps to work against the balkanization of the Linux interfaces. Choosing systemd means redefining more closely what the Linux platform is about. This improves the lifes of programmers, users and administrators alike.
I believe that momentum is clearly with systemd. We invite you to join our community and be part of that momentum.
systemctl – output process tree
systemctl status Since: Di 2017-05-02 15:51:20 CEST; 28min left CGroup: / ├─init.scope │ └─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 23 ├─system.slice │ ├─dbus.service │ │ └─1074 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation │ ├─cron.service │ │ └─2124 /usr/sbin/cron -n │ ├─wickedd.service │ │ └─1257 /usr/sbin/wickedd --systemd --foreground │ ├─hv_vss_daemon.service │ │ └─1105 /usr/lib/hyper-v/bin/hv_vss_daemon --no-daemon │ ├─postfix.service │ │ ├─2105 /usr/lib/postfix/master -w │ │ ├─2106 pickup -l -t fifo -u │ │ └─2107 qmgr -l -t fifo -u │ ├─wickedd-nanny.service │ │ └─1260 /usr/sbin/wickedd-nanny --systemd --foreground │ ├─accounts-daemon.service │ │ └─1220 /usr/lib/accounts-daemon │ ├─nscd.service │ │ └─1082 /usr/sbin/nscd │ ├─systemd-journald.service │ │ └─565 /usr/lib/systemd/systemd-journald │ ├─udisks2.service │ │ └─1815 /usr/lib/udisks2/udisksd --no-debug │ ├─wickedd-dhcp4.service │ │ └─1246 /usr/lib/wicked/bin/wickedd-dhcp4 --systemd --foreground │ ├─display-manager.service │ │ ├─1205 /usr/sbin/gdm │ │ ├─1211 /usr/lib/gdm/gdm-simple-slave --display-id /org/gnome/DisplayManager/Displays/_0 │ │ └─1219 /usr/bin/Xorg :0 -background none -verbose -auth /run/gdm/auth-for-gdm-ZAzyg4/database -seat seat0 vt7 │ ├─upower.service │ │ └─1607 /usr/lib/upower/upowerd │ ├─systemd-logind.service │ │ └─1110 /usr/lib/systemd/systemd-logind │ ├─wickedd-dhcp6.service │ │ └─1244 /usr/lib/wicked/bin/wickedd-dhcp6 --systemd --foreground │ ├─system-getty.slice │ │ └─firstname.lastname@example.org │ │ └─1125 /sbin/agetty --noclear tty1 linux │ ├─sshd.service │ │ └─1957 /usr/sbin/sshd -D │ ├─systemd-udevd.service │ │ └─611 /usr/lib/systemd/systemd-udevd │ ├─haveged.service │ │ └─582 /usr/sbin/haveged -w 1024 -v 0 -F │ ├─wickedd-auto4.service │ │ └─1242 /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground │ ├─polkit.service │ │ └─1231 /usr/lib/polkit-1/polkitd --no-debug │ ├─irqbalance.service │ │ └─1067 /usr/sbin/irqbalance --foreground │ ├─hv_kvp_daemon.service │ │ └─1921 /usr/lib/hyper-v/bin/hv_kvp_daemon --no-daemon │ ├─rsyslog.service │ │ └─1106 /usr/sbin/rsyslogd -n │ └─rtkit-daemon.service │ └─1619 /usr/lib/rtkit/rtkit-daemon └─user.slice └─user-1000.slice ├─session-1.scope │ ├─1665 gdm-session-worker [pam/gdm-password] │ ├─1678 /usr/bin/gnome-keyring-daemon --daemonize --login │ ├─1682 /usr/lib/gnome-session-binary --session gnome-classic │ ├─1737 /usr/bin/dbus-launch --sh-syntax --exit-with-session /usr/bin/ssh-agent /etc/X11/xinit/xinitrc --session gnome-classic │ ├─1738 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session │ ├─1739 /usr/bin/ssh-agent /etc/X11/xinit/xinitrc --session gnome-classic │ ├─1745 /usr/lib/at-spi2/at-spi-bus-launcher │ ├─1750 /bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 │ ├─1754 /usr/lib/at-spi2/at-spi2-registryd --use-gnome-session │ ├─1768 /usr/bin/gnome-shell │ ├─1774 /usr/lib/gvfs/gvfsd │ ├─1779 /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes │ ├─1797 /usr/bin/pulseaudio --start --log-target=syslog │ ├─1812 /usr/lib/gvfs/gvfs-udisks2-volume-monitor │ ├─1825 /usr/lib/gvfs/gvfs-mtp-volume-monitor │ ├─1830 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor │ ├─1835 /usr/lib/gvfs/gvfs-goa-volume-monitor │ ├─1839 /usr/lib/gnome-settings-daemon-3.0/gnome-settings-daemon │ ├─1860 /usr/lib/gnome-settings-daemon-3.0/gsd-printer │ ├─1861 nautilus --no-default-window --force-desktop │ ├─1873 /usr/lib/dconf-service │ ├─1883 /usr/lib/gvfs/gvfsd-trash --spawner :1.9 /org/gtk/gvfs/exec_spaw/0 │ ├─1893 /usr/lib/gvfs/gvfsd-burn --spawner :1.9 /org/gtk/gvfs/exec_spaw/1 │ ├─2655 /usr/lib/gvfs/gvfsd-metadata │ ├─2798 /usr/lib/gnome-terminal-server │ ├─2818 bash │ ├─2838 su │ └─2841 bash ├─email@example.com │ └─init.scope │ ├─1670 /usr/lib/systemd/systemd --user │ └─1672 (sd-pam) └─session-8.scope ├─3135 sshd: user [priv] ├─3139 sshd: user@pts/1 ├─3140 -bash ├─3171 su ├─3172 bash └─3192 systemctl status
show services and mount points with systemd
suse12@user> systemctl list-units --type mount UNIT LOAD ACTIVE SUB DESCRIPTION -.mount loaded active mounted / \x2esnapshots.mount loaded active mounted /.snapshots boot-grub2-i386\x2dpc.mount loaded active mounted /boot/grub2/i386-pc boot-grub2-x86_64\x2defi.mount loaded active mounted /boot/grub2/x86_64-efi dev-hugepages.mount loaded active mounted Huge Pages File System dev-mqueue.mount loaded active mounted POSIX Message Queue File System home.mount loaded active mounted /home opt.mount loaded active mounted /opt run-user-1000-gvfs.mount loaded active mounted /run/user/1000/gvfs run-user-1000.mount loaded active mounted /run/user/1000 srv.mount loaded active mounted /srv sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System sys-kernel-debug.mount loaded active mounted Debug File System tmp.mount loaded active mounted /tmp usr-local.mount loaded active mounted /usr/local var-cache.mount loaded active mounted /var/cache var-crash.mount loaded active mounted /var/crash var-lib-libvirt-images.mount loaded active mounted /var/lib/libvirt/images var-lib-machines.mount loaded active mounted /var/lib/machines var-lib-mailman.mount loaded active mounted /var/lib/mailman var-lib-mariadb.mount loaded active mounted /var/lib/mariadb var-lib-mysql.mount loaded active mounted /var/lib/mysql var-lib-named.mount loaded active mounted /var/lib/named var-lib-pgsql.mount loaded active mounted /var/lib/pgsql var-log.mount loaded active mounted /var/log var-opt.mount loaded active mounted /var/opt var-spool.mount loaded active mounted /var/spool var-tmp.mount loaded active mounted /var/tmp LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 28 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.
systemd – Which services are enabled disabled?
suse:/# systemctl list-unit-files UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static org.freedesktop.hostname1.busname static org.freedesktop.import1.busname static org.freedesktop.locale1.busname static org.freedesktop.login1.busname static org.freedesktop.machine1.busname static org.freedesktop.systemd1.busname static org.freedesktop.timedate1.busname static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static var-lib-machines.mount static var-lib-nfs-rpc_pipefs.mount static var-lock.mount static var-run.mount static systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static accounts-daemon.service disabled after-local.service static alsa-restore.service static alsa-state.service static alsa-store.service static alsasound.service static atd.service disabled auditd.service disabled auth-rpcgss-module.service static autofs.service disabled autovt@.service enabled autoyast-initscripts.service disabled blk-availability.service disabled bluetooth.service enabled bmc-snmp-proxy.service disabled brltty.service disabled btrfsmaintenance-refresh.service enabled cgroup.service masked cleanup.service static clock.service masked configure-printer@.service static console-getty.service disabled console-shell.service disabled container-getty@.service static cron.service enabled crypto-early.service masked crypto.service masked cups-browsed.service disabled cups.service disabled dbus-org.bluez.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.import1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.timedate1.service static dbus-org.opensuse.Network.AUTO4.service enabled dbus-org.opensuse.Network.DHCP4.service enabled dbus-org.opensuse.Network.DHCP6.service enabled dbus-org.opensuse.Network.Nanny.service enabled dbus.service static debug-shell.service disabled device-mapper.service masked display-manager.service enabled dm-event.service disabled dmraid-activation.service disabled dracut-cmdline.service static dracut-initqueue.service static dracut-mount.service static dracut-pre-mount.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static earlysyslog.service masked earlyxdm.service masked emergency.service static exchange-bmc-os-info.service disabled fstrim.service static geoclue.service static getty@.service enabled gpm.service disabled grub2-once.service disabled halt-local.service static haveged.service enabled hv_fcopy_daemon.service disabled hv_kvp_daemon.service disabled hv_vss_daemon.service disabled initrd-cleanup.service static initrd-parse-etc.service static initrd-switch-root.service static initrd-udevadm-cleanup-db.service static ipmi.service disabled ipmievd.service disabled irqbalance.service enabled iscsi.service enabled iscsid.service disabled iscsiuio.service disabled kbd.service masked kdump-rebuild-initrd.service disabled kdump.service disabled kexec-load.service disabled klog.service disabled kmod-static-nodes.service static ldconfig.service static loadmodules.service masked localfs.service static localnet.service masked lunmask.service disabled lvm2-lvmetad.service disabled lvm2-monitor.service disabled lvm2-pvscan@.service static mcelog.service enabled mdadm-grow-continue@.service static mdadm-last-resort@.service static mdmon@.service static mdmonitor.service static multipathd.service disabled network.service enabled nfs-blkmap.service disabled nfs-config.service static nfs-idmapd.service static nfs-mountd.service static nfs-server.service disabled nfs-utils.service static nfs.service disabled nfsserver.service disabled nmb.service disabled nscd.service enabled ntp-wait.service disabled ntpd.service disabled openct-handler@.service static openct.service disabled packagekit-offline-update.service static packagekit.service static pcscd.service indirect plymouth-halt.service static plymouth-kexec.service static plymouth-poweroff.service static plymouth-quit-wait.service static plymouth-quit.service static plymouth-read-write.service static plymouth-reboot.service static plymouth-start.service static plymouth-switch-root.service static polkit.service static postfix.service enabled proc.service masked purge-kernels.service enabled quotaon.service static random.service static rc-local.service static rescue.service static rollback.service enabled rootfsck.service static rpc-gssd.service static rpc-statd-notify.service static rpc-statd.service static rpc-svcgssd.service static rpcbind.service disabled rsyncd.service disabled rsyslog.service enabled rtkit-daemon.service disabled saslauthd.service disabled serial-getty@.service disabled shadow.service static single.service masked slpd.service disabled smartd.service enabled smb.service disabled snapper-cleanup.service static snapper-timeline.service static speech-dispatcherd.service disabled sshd.service enabled startpreload.service masked stoppreload.service masked SuSEfirewall2.service enabled SuSEfirewall2_init.service enabled SuSEfirewall2_setup.service enabled swap.service masked sysctl.service static syslog.service enabled systemd-ask-password-console.service static systemd-ask-password-plymouth.service static systemd-ask-password-wall.service static systemd-backlight@.service static systemd-binfmt.service static systemd-bootchart.service disabled systemd-bus-proxyd.service static systemd-exit.service static systemd-firstboot.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate-resume@.service static systemd-hibernate.service static
alternative to htop?
systemd-cgtop Control Group Tasks %CPU Memory Input/s Output/s / - 0.7 543.0M - - /init.scope 1 - - - - /system.slice 67 - - - - /system.slice/accounts-daemon.service 3 - - - - /system.slice/cron.service 1 - - - - /system.slice/dbus.service 1 - - - - /system.slice/display-manager.service 9 - - - - /system.slice/haveged.service 1 - - - - /system.slice/hv_kvp_daemon.service 1 - - - - /system.slice/hv_vss_daemon.service 1 - - - - /system.slice/irqbalance.service 1 - - - - /system.slice/nscd.service 11 - - - - /system.slice/packagekit.service 4 - - - - /system.slice/polkit.service 6 - - - - /system.slice/rsyslog.service 5 - - - - /system.slice/rtkit-daemon.service 3 - - - - /system.slice/sshd.service 1 - - - - /system.slice/system-getty.slice 1 - - - - /firstname.lastname@example.org 1 - - - - /system.slice/systemd-hostnamed.service 1 - - - - /system.slice/systemd-journald.service 1 - - - - /system.slice/systemd-localed.service 1 - - - - /system.slice/systemd-logind.service 1 - - - - /system.slice/systemd-udevd.service 1 - - - - /system.slice/udisks2.service 5 - - - - /system.slice/upower.service 3 - - - - /system.slice/wickedd-auto4.service 1 - - - - /system.slice/wickedd-dhcp4.service 1 - - - - /system.slice/wickedd-dhcp6.service 1 - - - - /system.slice/wickedd-nanny.service 1 - - - - /system.slice/wickedd.service 1 - - - - /user.slice 92 - - - - /user.slice/user-1000.slice 92 - - - - /user.slice/user-1000.slice/session-1.scope 81 - - - - /user.slice/user-1000.slice/session-2.scope 6 - - - - /user.slice/user-1000.slice/session-3.scope 3 - - - - /email@example.com 2 - - - -