How do i prevent a systemd service from being started manually or automatically?
-
mask NAME... Mask one or more unit files, as specified on the command line. This will link these units to /dev/null, making it impossible to start them. This is a stronger version of disable, since it prohibits all kinds of activation of the unit, including enablement and manual activation. Use this option with care. This honors the --runtime option to only mask temporarily until the next reboot of the system. The --now option can be used to ensure that the units are also stopped. unmask NAME... Unmask one or more unit files, as specified on the command line. This will undo the effect of mask.
Using the mask option of systemctl.
$ sudo systemctl mask httpd.service Created symlink from /etc/systemd/system/httpd.service to /dev/null.
Verify it has been masked.
$ sudo systemctl list-unit-files httpd.service UNIT FILE STATE httpd.service masked 1 unit files listed.
If someone does try to start the service they will see the following.
$ sudo systemctl start httpd.service Failed to start httpd.service: Unit is masked.
Note: As stated in the man page you can use unmask to allow activity again.
© Lightnetics 2024