How do i prevent a systemd service from being started manually or automatically?



  • Man page for systemctl.

           mask NAME...
               Mask one or more unit files, as specified on the command line. This
               will link these units to /dev/null, making it impossible to start
               them. This is a stronger version of disable, since it prohibits all
               kinds of activation of the unit, including enablement and manual
               activation. Use this option with care. This honors the --runtime
               option to only mask temporarily until the next reboot of the
               system. The --now option can be used to ensure that the units are
               also stopped.
    
           unmask NAME...
               Unmask one or more unit files, as specified on the command line.
               This will undo the effect of mask.
    

    Using the mask option of systemctl.

    $ sudo systemctl mask httpd.service
    Created symlink from /etc/systemd/system/httpd.service to /dev/null.
    

    Verify it has been masked.

    $ sudo systemctl list-unit-files  httpd.service
    UNIT FILE     STATE 
    httpd.service masked
    
    1 unit files listed.
    

    If someone does try to start the service they will see the following.

    $ sudo systemctl start httpd.service
    Failed to start httpd.service: Unit is masked.
    

    Note: As stated in the man page you can use unmask to allow activity again.


Log in to reply
 

© Lightnetics 2024